back to article 'American soldiers, we are coming...' US CENTCOM military in Twitter hijack shame

Hackers calling themselves the "CyberCaliphate" briefly seized control of the official Twitter account of US Central Command (CENTCOM) on Monday, and used it to post what appeared to be sensitive government documents. The group first posted to the CENTCOM account at around noon, Eastern Time, with a message threatening US …

  1. Ben Tasker Silver badge

    Got beaten to it...

    ..on Twitter of all places, but this seems appropriate given the breathless reporting elsewhere - http://xkcd.com/932/

    1. Chris Miller

      Re: Got beaten to it...

      I was about to say much the same thing, if it wasn't for the accompanying documentation. But presumably this didn't come from the Twitter account (or, at least, I certainly hope not) - more likely just public stuff scraped from the general Internet and made to look 'official'.

      1. Anonymous Coward
        Anonymous Coward

        Re: Got beaten to it...

        Note the lack of security classification banners at top and bottom of the page, with paragraphs marked by their security classification.

        Like: TOP SECRET/NOFORN

        This is the OpPlan to scratch one's head. U/FOUO

        The plan involves the movement of one's hand toward one's head. S/NOFORN

        One then utilizes one's nails to scratch the itch. TS/SCI/ALPHABETSOUPASNEEDED/NOFORN

        I harp upon NOFORN, as it's no foreign personnel may access NOFORN. Various treaty statutes may permit TS, S, C, etc to be released agmost allies.

        But, on a serious note, no classification markings, it's not a real military document, for everything is classified. Even if it's classified as UNCLASSIFIED/NOFORN. OK, that last is a lousy joke. Most common unclassified classification, UNCLASSIFIED/FOUO, which means For Official Use Only.

        Something funny when a personal e-mail is received from someone, with content having nothing to do with official duties, assignments and more about an open dinner party.

  2. Anonymous Coward
    Anonymous Coward

    Muppets

    On the day that Cameron and Obama meet to discuss cyber security?

    Someone please tell me when I can stop laughing, it will start to hurt soon.

    PS: El Reg - you were at least 40 minutes behind BBC news with this!

    1. Chris Miller

      Re: Muppets

      I think you'll find that the BBC newsroom employs about 10x as many reporters as the whole of ElReg.

      1. launcap Silver badge
        FAIL

        Re: Muppets

        >BBC newsroom employs

        Very few people with an understanding of IT or technology. Especially in the preparation of news items.

        --------------

        Dear BBC,

        Please be aware that using the word 'cyber' in front of anything vaguely Internet or computer-related just makes you look like a bunch of sensationalist, ignorant buffoons. Please cease forthwith.

        Yours,

        Someone with a vague Clue about such things.

        PS: And lets not revisit the cracker/hacker confusion either. Or the fact that cracking someone Twitter account is hardly a l33t skill...

    2. amanfromMars 1 Silver badge

      Re: Muppets in Training and the British Brainwashing Corporation

      AC, the BBC are old hands at making up stories to run with as news. Haven't you yet worked out that media is cracked and hijacked for politically incorrect and suspect edutainment which hides increasingly badly the truth of reality and of how one is programmed to respond and react predictably to virtually created events, dear boy, events.

      But the Old New World Order Way of doing things with ignorant muppets and arrogant puppets following executive office instructions are long gone and over. Welcome to the Future with Ab Fab Fabless Builders ........ exploring the base with agreements here, and in effect, everywhere else too

      Hello, Wwworlds, and Willkommen in GOD's GIG ...... Great IntelAIgent Games from Global Operating Devices [1501130847]

      1. amanfromMars 1 Silver badge

        More Muppets in Training ....... and Failing Spectacularly

        For those who would doubt the above truths, here be evidence of such idiotic shenanigans? ....... http://www.telegraph.co.uk/women/womens-politics/11342250/Charlie-Hebdo-Women-Photoshopped-from-Paris-rally-picture.html

  3. Harry Stottle

    ROFL

    Hilarious. If we didn't have 10/10 cloud cover I bet we'd see the red glow of humiliated embarrassment from this side of the atlantic.

    Remind me. Why would CENTCOM have a Twitter feed? Would there be any connection with PR motives?

    Beautiful. Makes 2015 already a good year...

    Well, good, if we can pretend, for a while, that we haven't already lost over 2,500 souls to the sociopathic kilers who sponsored this attack...

    1. Titus Technophobe

      Re: ROFL Yes hilarious ...

      I 'll bet even the staff of "Charlie Hebdo" and all the Yazidis are laughing along with you ...

    2. Wzrd1

      Re: ROFL

      "Remind me. Why would CENTCOM have a Twitter feed? Would there be any connection with PR motives?"

      In part. They also use it to keep in contact with their personnel, even when on leave.

      Twitter and Facebook were used to alert and inform personnel during the Fort Hood shooting incident, as people off base would not be able to hear Giant Voice (a basewide PA system used for emergencies).

      Hell, the CIA and NSA also have Twitter accounts.

      1. Anonymous Coward
        Anonymous Coward

        Re: ROFL

        CENTCOM can't set up an XMPP server to contact its personnel? I know of a Scandinavian country that does that sort of thing routinely. Why depend on Twitter?

  4. This post has been deleted by its author

  5. Dan 55 Silver badge
    FAIL

    I don't see a blue tick next to the profile name

    It wasn't a verified account and they weren't using 2FA?

    1. FrankAlphaXII

      Re: I don't see a blue tick next to the profile name

      Social Media is up to the individual command's PAO so policy varies widely throughout the Defense Department, individual branch, unified command, functional command and even specific unit down to the Brigade or even sometimes Battalion or Company level (in the case of Reserve units).

      Since they have people from all five branches that can post to their accounts, having 2FA attached to a single cellphone (if thats how twatter does it, I don't use it, so c'reckt me if I'm wrong) is kind of unwieldy unless the Major or Captain running the account has it locked to their issued FOUO phone or manages to somehow get someone at DoD or JCS to issue a phone to the command strictly for the Social Media accounts, and while I've never heard of that being used as an exception, it isn't to say it doesn't happen.

      Its not an ideal situation obviously but as it stands there isn't much they can do about it unless DoD has altered policy for the Unified Commands and CENTCOM's slacking by not keeping up with messages from USCYBERCOM and NSA/CSS. Since everything posted has to be approved by the PAO themselves anyway, I don't see why they wouldn't but you know never really know.

      Again, this kind of thing is what happens when the Agency that's ostensibly involved in securing Military and National Government Communications goes over toward mere collection and exploitation and shafts their Information Assurance responsibility.

      1. Robert Helpmann?? Silver badge
        Childcatcher

        Re: I don't see a blue tick next to the profile name

        Again, this kind of thing is what happens when the Agency that's ostensibly involved in securing Military and National Government Communications goes over toward mere collection and exploitation and shafts their Information Assurance responsibility.

        Essentially a case of "do as I say, not as I do," not that they would be unique in that by any means.

    2. Wzrd1

      Re: I don't see a blue tick next to the profile name

      "It wasn't a verified account and they weren't using 2FA?"

      Twitter has 2FA for group accounts whose personnel rotate frequently? Talk about a logistiscal nightmare!

      1. Dan 55 Silver badge

        Re: I don't see a blue tick next to the profile name

        They'd need one person in charge of the Twitter account, an internal e-mail alias which goes to that person (in case that person changes), and everyone who wants to use Twitter sending an e-mail to that alias with the text instead of tweeting.

        Also that way it's easier to avoid PR gaffes since the Twittermaster checks it before sending.

        Maybe there are more automated ways too. Someone here will know.

  6. Anonymous Coward
    Anonymous Coward

    Anonymous site defacing spree against CyberCaliphate and/or their friends incoming no doubt.

  7. thames

    Another Social Media Triumph

    I read a news article on another site recently that the US is setting up a system to enable them to more easily run multiple sock puppet accounts on various "social media" sites. This lets each operative run and keep track of multiple accounts (keep their personas straight) and makes the origins of the messages appear to be from multiple locations (they go through proxies). The intention is to allow them to spam Islamist social media sites with pro-US propaganda, and make one person look like a crowd in order to manufacture a "consensus". Seeing the US military now being hoist with their own petard is more than a bit funny.

    I don't believe that this sort of thing is entirely new however. I understand that advertising and PR companies offer the same sort of service to their commercial clients to try to drown out or derail news that makes their products look bad. Not that we would ever see these sorts of vendor driven damage limitation sock puppets here on El Reg forums, oh no, never.

    1. Anonymous Coward
      Anonymous Coward

      Re: Another Social Media Triumph

      I doubt PR companies bother much with their sock puppets on El Reg, just as they used to avoid Slashdot; too much chance of blowback.

      Certain newspaper websites read by politicians, possibly different story.

  8. Busby

    Nice to see that talking heads on the BBC comparing this to the Sony hacks this morning, as if hacking a twitter account is on par with what happened to them total muppets.

    1. PrivateCitizen

      That is the worst part of this news, in the eyes of the public, CENTCOM has been hacked!

      In reality, a script kiddie who may, or may not be associated with Islamic terrorist groups has managed to subvert a pretty weak security control around a publicly accessible social media channel.

      As per XKCD, its a bit like someone in a school sprayed graffiti over an Army recruitment poster.

      But, the public fear of EVIL CYBER MUSLIMS will mean over-reaction after over-reaction.

  9. Bernard

    'the military command's YouTube channel'

    This sentence made my day. I can only imagine what kind of budget the world's biggest military machine allocate toward sharing cat videos.

  10. Anonymous Coward
    Anonymous Coward

    WE ARE COMING, WATCH YOUR BACK

    Sorry, can't resist. They're going to be coming on people's backs? I hope they won't be looking at mucky pictures when they do so, might get them in trouble...

  11. Oninoshiko

    In other news

    Twitter announces they got hacked, as the Obama administration has requested companies do.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020