Slashdot Mirror
US Central Command's Twitter Account Hacked, Filled With Pro-ISIS Messages
schwit1 writes with news that U.S. Central Command lost control of its Twitter account today, apparently to people sympathetic to the Islamic State militant group. CENTCOM's YouTube account was also compromised, and two videos related to ISIS were posted.
Two U.S. defense officials, speaking on condition of anonymity, said the hacking was an embarrassment but did not appear to be a security threat. ... "In the name of Allah, the Most Gracious, the Most Merciful, the CyberCaliphate continues its CyberJihad," the Centcom Twitter feed said after being hacked. The Twitter feed had several messages from hackers, including one telling American soldiers to "watch your back," and the YouTube account had two videos that appeared to be linked to Islamic State. The Twitter account published a list of generals and addresses associated with them, titled "Army General Officer Public Roster (by rank) 2 January 2014."
U.S. Central Command had a weak twitter password and looks like idiots today.
...just remember this XKCD: http://xkcd.com/932/
Seeing as how 15 year old school girls make a point to hack their boyfriends twitter feeds on a regular basis, I'd hardly say that the efforts of the cyber caliphate qualifies as "leet". And as for the threats of watching their backs, US military personnel have been involved in deployments overseas non-stop since 2001 and even before that. I think they know that already. Think I'd have to agree. It's embarrassing (kinda like getting caught with your zipper down) but ultimately, an annoyance and nothing more.
Select from tblFriends where interesting >= 4;
Except it doesn't matter.
Because, much like the DMCA made even incompetent security enshrined in law ... if you or I 'hacked' into someone's Twitter feed using these simple techniques, we would be facing serious criminal charges.
In the eyes of the law, this trivial form of 'hacking' is as serious as anything else.
I can't tell you how many websites which have a pre-determined list of "security questions" which almost anybody could get through public sources.
All you have to do is pretend to have some security and it's just as illegal.
The media doesn't need to differentiate between one form of hacking and another -- because the fscking law doesn't. Unless of course it's law enforcement doing it, and then it's apparently perfectly legal.
Lost at C:>. Found at C.
Every political organization has a public relations portal. Yes, CENTCOM needs money, so:yes, CENTCOM is sensitive to political visibility.
It's also a method for outsourcing the cost of communications infrastructure in a BYOD world, with the understanding that everything said via that channel is OSINT and needs to be sanitized for OPSEC/sensitive materials. The OSINT subscribers have to be sensitive to the potential for misinformation which can be exploited.
Shit like this is normally just used for press releases and horn blowing.
The trick to those stupid security questions is just to put in a random string there is nothing that says it has to be the real answer. For example:
Q: What was your first pet's name?
A: Kd1hRuhe^bhNfyh*285kwlLojs5g0kaSjn
Time to offend someone