WASHINGTON – If so-called cyberjihadis want to launch another social media attack on America’s military, they will have plenty of targets: the U.S. Army alone lists more than 2,000 links to feeds on Facebook, Twitter, YouTube and other accounts.
In the wake of Monday’s breach of U.S. Central Command’s Twitter and YouTube feeds by apparent sympathizers of the Islamic State militant group, U.S. officials updated passwords and some distributed advice to colleagues on how to bolster online security.
But they showed no sign of shifting a social media strategy that has seen thousands of Facebook, Twitter and other accounts blossom as the world’s most powerful military establishes an Internet presence that matches the global reach of its forces.
That large online profile carries unique risks for the military.
“It’s their public face,” said Ben Fitzgerald at the Center for a New American Security think tank.
“So someone sitting in Baghdad isn’t going to necessarily pick up the nuance that this is a nonmilitary network and not a significant hack. So they’re looking silly and they’re looking weak.”
The U.S. Department of Defense has “thousands and thousands” of social media accounts, said Colonel Steve Warren, a Pentagon spokesman. They are seen as a fast and effective way for the U.S. military to communicate with its own personnel and families about everything from on-base social events to power outages.
“We are certainly looking at our systems and will refine them as needed,” said Warren.
Although a review of the incident was underway, he said, there had been no specific departmentwide instructions issued since Monday to strengthen security across social media.
The Twitter and YouTube breach is far different than the one in 2008, when malware believed to have been crafted by a foreign intelligence service infiltrated Central Command’s internal computer systems.
That attack was a dramatic illustration of the risks to military and defense-related networks critical to U.S. security, and triggered a massive expansion of cyberdefense efforts.
Monday’s hack also did not lead to any theft or disclosure of classified information, officials said. But it delivered a highly symbolic blow by compromising the social media accounts of the military command overseeing sensitive operations in Iraq and Syria during a time of conflict.
It was a reminder of the perils of social media for an institution that prides itself on its vast security and image of unrivaled global power.
The hackers posted what officials said appeared to be authentic, but unclassified, rosters of current and retired top brass, including some private email addresses. They also posted messages, including: “American soldiers, we are coming, watch your back.”
Unlike most high-profile accounts, the Twitter feeds used by Central Command were not “verified,” which would have added another layer of security and required harder-to-break government email accounts to be set up, officials said.
Still, it is unclear such steps would have prevented the hack, which is being investigated by the FBI and the military.
A source familiar with the inquiries said investigators were examining whether cyberattackers sent “phishing” messages that tricked Central Command personnel into revealing shared logins and password information.
The “CyberCaliphate” hacking group that attacked the account was founded by a Briton who was once jailed for hacking the personal address book of former British Prime Minister Tony Blair, according to government sources and private sector security experts.
U.S. and European government sources said investigators strongly believe that Junaid Hussain, 20, was the leader of CyberCaliphate, though they do not know if he was personally involved in hacking the Twitter and YouTube accounts.
Hussain could not be reached for comment.
In 2012, Hussain was jailed for six months for stealing Blair’s address book from an email account maintained by one of Blair’s advisers. Hussain pleaded guilty to putting details of the address book online and making hoax calls to a counterterrorism hotline.
Hussain, who lived in Birmingham, England, moved to Syria sometime in the last two years, according to British media reports.
Alex Kassirer, an analyst with Flashpoint Global Partners, said Hussain led efforts by the Islamic State group to recruit “hackers for a CyberCaliphate.” Flashpoint Global Partners is a private company that monitors extremist Internet postings for government agencies and private clients.
She said the CyberCaliphate first surfaced when it published a “recruitment announcement” on Sept. 11, 2014.
President Barack Obama said Monday’s hack and others show “how much more work we need to do, both public and private sector, to strengthen our cybersecurity.”
Still, hacking into Central Command’s Twitter feed is far easier — and entirely different — than gaining access to its internal networks, something the military has devoted vast resources to defending, analysts say.
“It’s really not that difficult to gain access to someone else’s social media or e-mail account,” said Michael Smith, principal and chief operating officer of Kronos Advisory, a private intelligence group focused on counterterrorism.
Smith said such incidents occurred often at Twitter.
In 2013 hackers took control of the Associated Press Twitter account and sent a false tweet about explosions in the White House that briefly sent U.S. financial markets reeling.
“Hacking a Twitter is about the equivalent of spray-painting a subway car,” a former senior U.S. intelligence official said.
Senator Dan Coats, a member of the Senate Select Committee on Intelligence, said the incident highlighted cybersecurity risks. But he said the solution was better cooperation between the public and private sectors, not retrenchment from social media.
“If the U.S. military — or State Department, White House, members of Congress — stayed off Twitter, YouTube and other social media sites because of the vulnerabilities inherent in those services, then the terrorists win,” Coats said.