Updated Hackers calling themselves the "CyberCaliphate" briefly seized control of the official Twitter account of US Central Command (CENTCOM) on Monday, and used it to post what appeared to be sensitive government documents.
The group first posted to the CENTCOM account at around noon, Eastern Time, with a message threatening US military personnel.
"AMERICAN SOLDIERS, WE ARE COMING, WATCH YOUR BACK. ISIS," one tweet read, along with a link to a Pastebin document that pointed to Zip archives containing various allegedly leaked files.
Ironically, the hijacking comes as President Obama called for a computer security breach disclosure law, forcing organizations to admit when they have been hacked.
CENTCOM is the unified US military command responsible for coordinating operations in the "central" part of the globe – which includes Afghanistan, Bahrain, Egypt, Iran, Iraq, Jordan, Kazakhstan, Kuwait, Kyrgyzstan, Lebanon, Oman, Pakistan, Qatar, Saudi Arabia, Syria, Tajikistan, Turkmenistan, United Arab Emirates, Uzbekistan, and Yemen.
Among the Zip'd files – samples of which were posted to the CENTCOM Twitter account – were military personnel records and what appeared to be slide decks detailing US military strategies for attacking China and North Korea.
Hacking Twitter accounts appears to be a specialty of the CyberCaliphate. Last week, CBS News reported that the group had posted pro-Islamic messages to the accounts of a number of US news outlets, including Maryland-based TV news station WBOC and The Albuquerque Journal newspaper.
While those posts consisted mostly of jibes like "I love ISIS" – an apparent reference to the militant group sometimes known as the Islamic State of Iraq and Syria – Monday's posts were of a more menacing nature.
"We won't stop! We know everything about you, your wives and children," read one such tweet. And yet it's unclear whether the files published in the attack represent any significant security breach – they appear to be public documents rather than top-secret leaks.
For example, one document purports to be a list of retired US Army generals. But while the list does include a significant number of email addresses, most of the entries under the "Street Address" column are listed as "Contact information is not releasable."
Some of the slides posted by the hijackers
Other documents don't appear to have originated inside the Pentagon but from outside think tanks. For example, one is stamped with the logo of the MIT Lincoln Laboratory, a research facility that works with commercial industry to develop technology for national security. Another slide appears to have come from the Federation of American Scientists' website.
It's also unclear whether the CyberCaliphate has any legitimate ties to the Islamic militants it claims to represent. For one thing, the group consistently uses the acronym ISIS – a designation the US government has already abandoned in favor of ISIL (Islamic State of Iraq and the Levant). The jihadist group itself, meanwhile, grandly refers to itself as simply the Islamic State – suggesting today's hijacking was the work of trolls.
Roughly an hour after the attack began, Twitter suspended the CENTCOM account and it has yet to be reestablished; the military command's YouTube channel was also compromised before being terminated. ®
Updated to add
Later on Monday, US CENTCOM issued a statement on the web hijacking to say:
CENTCOM's operational military networks were not compromised and there was no operational impact to US Central Command. CENTCOM will restore service to its Twitter and YouTube accounts as quickly as possible. We are viewing this purely as a case of cybervandalism.
According to a government source speaking to the Wall Street Journal, the Twitter account was registered to a staffer's personal email address.