January 12, 2015
CNAS Press Note: Why the CENTCOM Hack is – and Isn’t – a Big Deal
Washington, January 12 – In response to reports that an ISIS affiliated group had taken over CENTCOM’s Twitter and YouTube accounts, Center for a New American Security (CNAS), Technology and National Security Program Director Ben Fitzgerald has written a new Press Note explaining why the hack is and is not a major issue.
The Press Note is below:
Today’s hacks of CENTCOM’s Twitter and YouTube accounts are more public relations stunt than major security breach. It appears that ISIS has not gained access to CENTCOM networks or servers, much less classified material. Hacking social media accounts for CENTCOM is no more difficult than hacking the social media account of a private citizen and it would not be surprising to discover that CENTCOM’s public affairs team had the same username and password for both accounts.
However, public relations impact was the entire purpose of this stunt and should not be overlooked. A major combatant command displaying weak security at the same time as a presidential speech on cybersecurity diminishes the credibility of the President. Releasing documents that were largely already in the public domain to look like ‘leaks’ to the uninitiated is a smart and inexpensive misinformation play and may seem credible to some given the bulk release of data by the likes of Snowden and Manning. And the bragging rights associated with taunting the United States media from their own social media accounts should not be underestimated.
The fact that this hack is inconsequential from a technical perspective is overshadowed by the easy and cheap win afforded to ISIS. Good username and password practices would likely have saved CENTCOM from this embarrassment. They should make sure to use 2 factor authentication in future.
Mr. FitzGerald is available for interviews. To arrange an interview, please contact Neal Urwitz at nurwitz@cnas.org, or call 202-457-9409.