Got beaten to it...
..on Twitter of all places, but this seems appropriate given the breathless reporting elsewhere - http://xkcd.com/932/
Hackers calling themselves the "CyberCaliphate" briefly seized control of the official Twitter account of US Central Command (CENTCOM) on Monday, and used it to post what appeared to be sensitive government documents. The group first posted to the CENTCOM account at around noon, Eastern Time, with a message threatening US …
I was about to say much the same thing, if it wasn't for the accompanying documentation. But presumably this didn't come from the Twitter account (or, at least, I certainly hope not) - more likely just public stuff scraped from the general Internet and made to look 'official'.
Note the lack of security classification banners at top and bottom of the page, with paragraphs marked by their security classification.
Like: TOP SECRET/NOFORN
This is the OpPlan to scratch one's head. U/FOUO
The plan involves the movement of one's hand toward one's head. S/NOFORN
One then utilizes one's nails to scratch the itch. TS/SCI/ALPHABETSOUPASNEEDED/NOFORN
I harp upon NOFORN, as it's no foreign personnel may access NOFORN. Various treaty statutes may permit TS, S, C, etc to be released agmost allies.
But, on a serious note, no classification markings, it's not a real military document, for everything is classified. Even if it's classified as UNCLASSIFIED/NOFORN. OK, that last is a lousy joke. Most common unclassified classification, UNCLASSIFIED/FOUO, which means For Official Use Only.
Something funny when a personal e-mail is received from someone, with content having nothing to do with official duties, assignments and more about an open dinner party.
>BBC newsroom employs
Very few people with an understanding of IT or technology. Especially in the preparation of news items.
--------------
Dear BBC,
Please be aware that using the word 'cyber' in front of anything vaguely Internet or computer-related just makes you look like a bunch of sensationalist, ignorant buffoons. Please cease forthwith.
Yours,
Someone with a vague Clue about such things.
PS: And lets not revisit the cracker/hacker confusion either. Or the fact that cracking someone Twitter account is hardly a l33t skill...
AC, the BBC are old hands at making up stories to run with as news. Haven't you yet worked out that media is cracked and hijacked for politically incorrect and suspect edutainment which hides increasingly badly the truth of reality and of how one is programmed to respond and react predictably to virtually created events, dear boy, events.
But the Old New World Order Way of doing things with ignorant muppets and arrogant puppets following executive office instructions are long gone and over. Welcome to the Future with Ab Fab Fabless Builders ........ exploring the base with agreements here, and in effect, everywhere else too
Hello, Wwworlds, and Willkommen in GOD's GIG ...... Great IntelAIgent Games from Global Operating Devices [1501130847]
For those who would doubt the above truths, here be evidence of such idiotic shenanigans? ....... http://www.telegraph.co.uk/women/womens-politics/11342250/Charlie-Hebdo-Women-Photoshopped-from-Paris-rally-picture.html
Hilarious. If we didn't have 10/10 cloud cover I bet we'd see the red glow of humiliated embarrassment from this side of the atlantic.
Remind me. Why would CENTCOM have a Twitter feed? Would there be any connection with PR motives?
Beautiful. Makes 2015 already a good year...
Well, good, if we can pretend, for a while, that we haven't already lost over 2,500 souls to the sociopathic kilers who sponsored this attack...
"Remind me. Why would CENTCOM have a Twitter feed? Would there be any connection with PR motives?"
In part. They also use it to keep in contact with their personnel, even when on leave.
Twitter and Facebook were used to alert and inform personnel during the Fort Hood shooting incident, as people off base would not be able to hear Giant Voice (a basewide PA system used for emergencies).
Hell, the CIA and NSA also have Twitter accounts.
This post has been deleted by its author
Social Media is up to the individual command's PAO so policy varies widely throughout the Defense Department, individual branch, unified command, functional command and even specific unit down to the Brigade or even sometimes Battalion or Company level (in the case of Reserve units).
Since they have people from all five branches that can post to their accounts, having 2FA attached to a single cellphone (if thats how twatter does it, I don't use it, so c'reckt me if I'm wrong) is kind of unwieldy unless the Major or Captain running the account has it locked to their issued FOUO phone or manages to somehow get someone at DoD or JCS to issue a phone to the command strictly for the Social Media accounts, and while I've never heard of that being used as an exception, it isn't to say it doesn't happen.
Its not an ideal situation obviously but as it stands there isn't much they can do about it unless DoD has altered policy for the Unified Commands and CENTCOM's slacking by not keeping up with messages from USCYBERCOM and NSA/CSS. Since everything posted has to be approved by the PAO themselves anyway, I don't see why they wouldn't but you know never really know.
Again, this kind of thing is what happens when the Agency that's ostensibly involved in securing Military and National Government Communications goes over toward mere collection and exploitation and shafts their Information Assurance responsibility.
Again, this kind of thing is what happens when the Agency that's ostensibly involved in securing Military and National Government Communications goes over toward mere collection and exploitation and shafts their Information Assurance responsibility.
Essentially a case of "do as I say, not as I do," not that they would be unique in that by any means.
They'd need one person in charge of the Twitter account, an internal e-mail alias which goes to that person (in case that person changes), and everyone who wants to use Twitter sending an e-mail to that alias with the text instead of tweeting.
Also that way it's easier to avoid PR gaffes since the Twittermaster checks it before sending.
Maybe there are more automated ways too. Someone here will know.
I read a news article on another site recently that the US is setting up a system to enable them to more easily run multiple sock puppet accounts on various "social media" sites. This lets each operative run and keep track of multiple accounts (keep their personas straight) and makes the origins of the messages appear to be from multiple locations (they go through proxies). The intention is to allow them to spam Islamist social media sites with pro-US propaganda, and make one person look like a crowd in order to manufacture a "consensus". Seeing the US military now being hoist with their own petard is more than a bit funny.
I don't believe that this sort of thing is entirely new however. I understand that advertising and PR companies offer the same sort of service to their commercial clients to try to drown out or derail news that makes their products look bad. Not that we would ever see these sorts of vendor driven damage limitation sock puppets here on El Reg forums, oh no, never.
That is the worst part of this news, in the eyes of the public, CENTCOM has been hacked!
In reality, a script kiddie who may, or may not be associated with Islamic terrorist groups has managed to subvert a pretty weak security control around a publicly accessible social media channel.
As per XKCD, its a bit like someone in a school sprayed graffiti over an Army recruitment poster.
But, the public fear of EVIL CYBER MUSLIMS will mean over-reaction after over-reaction.