Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Central Command's Twitter Account Hacked, Filled With Pro-ISIS Messages

Posted by Soulskill on from the your-tax-dollars-at-work dept.

schwit1 writes with news that U.S. Central Command lost control of its Twitter account today, apparently to people sympathetic to the Islamic State militant group. CENTCOM's YouTube account was also compromised, and two videos related to ISIS were posted. Two U.S. defense officials, speaking on condition of anonymity, said the hacking was an embarrassment but did not appear to be a security threat. ... "In the name of Allah, the Most Gracious, the Most Merciful, the CyberCaliphate continues its CyberJihad," the Centcom Twitter feed said after being hacked. The Twitter feed had several messages from hackers, including one telling American soldiers to "watch your back," and the YouTube account had two videos that appeared to be linked to Islamic State. The Twitter account published a list of generals and addresses associated with them, titled "Army General Officer Public Roster (by rank) 2 January 2014."

2 of 128 comments (clear)

  1. Hacked? Uh huh, sure... by ErichTheRed · · Score: 5, Interesting

    The PFC appointed as Social Media Officer probably chose a weak password. Seriously, whenever I see a news article about a social media account being "hacked," I really wish journalists would understand these are just password-protected web services!

    Celebrities' naked pictures and Twitter feeds get hacked because they have simple passwords, not because some genius hacker spends months looking for an exploit on their personal phone and the opportunity to introduce it. And even "security question" based password resets don't work when a celebrity will choose answers that anyone can find in 100 gossip rags.

  2. Re:Other title sugestion by Solandri · · Score: 4, Interesting

    [organization] had a weak twitter password and looks like idiots today

    This is actually a serious problem I've encountered in business, with no real tools to address it. You can have the tightest security within your organization, but things like Twitter accounts are out of your control. You have to rely on the security of Twitter.

    Unfortunately, most businesses rarely have a single person who needs access to that type of account. Generally they have an entire department which needs to use it. But companies like Twitter and Facebook don't support any sort of multi-user logins for a single account (Google sort of does with Google Apps for Domains). It's one account, so there's one password, and that password has to be shared with everyone who needs to access that one account. So it inevitably ends up posted on the refrigerator door, or stored on the server as a shared file, or even emailed around. Easily stolen by anyone who hacks in or even visits the premises and happens to glance at the refrigerator door.

    The best solution I could think of was if a password manager like KeePass would support managed multi-user credentials. That is, each individual has their own KeePass keychain with their own personal passswords, but an administrative user can insert a special hook for a shared password. So the user could use their KeePass passphrase to login to the shared Twitter account, but they wouldn't actually know the Twitter password and it wouldn't be stored on their keychain. Any time they needed to login, their KeePass would authenticate itself with the admin KeePass, which would log them into Twitter for them. When the person quits or is fired, the admin can just revoke that person's access to the admin KeePass keychain. No need to change the password and email the new password to everyone (thus creating a potential security breach) because the person who left is a potential security breach.