http://www.wired.com/2015/01/centcoms-twitter-hack/

By Kim Zetter
01.12.15 |
2:23 pm |
Permalink

President Barack Obama arrives to speak at the FTC offices at the Constitution Center in Washington, Monday, Jan. 12, 2015, about his plan to improve confidence in technology by tackling identify theft and improving consumer and student privacy.

Carolyn Kaster/AP

Twitter and YouTube accounts belonging to the military’s US Central Command were hacked on Monday. Hackers supportive of the terrorist group Islamic State, also known as ISIS, took credit and issued a warning to the US military.

“AMERICAN SOLDIERS, WE ARE COMING, WATCH YOUR BACK. ISIS,” the hackers tweeted through the account for the US Central Command, which is the military command for the Middle East, North Africa, and Central Asia. The tweet included a link to a statement that read in part:
“While the US and its satellites kill our brothers in Syria, Iraq and Afghanistan we broke into your networks and personal devices and know everything about you,” it read. “You’ll see no mercy infidels. ISIS is already here, we are in your PCs, in each military base. With Allah’s permission we are in CENTCOM now. We won’t stop! We know everything about you, your wives and children. U.S. soldiers! We’re watching you!”

The group also replaced the Twitter profile image with an image of a person wearing a black and white keffiyeh, and the text CyberCaliphate and “i love you isis.”

Forty minutes after the first hacked tweet, Twitter suspended the account.

According to news reports, the hackers also posted images of spreadsheets that purported to contain the home addresses and other contact information for retired US Army generals and other images purporting to be US military maps and plans. The Pentagon appeared to confirm the authenticity of the information, telling reporters that the exposed information was not classified and that the images came not from the government but from the Massachusetts Institute of Technology.

ISIS threatened Twitter last year, after the social networking site deleted an account it was using to publish videos showing the beheading of journalist and aid workers in the Middle East. In this case, it’s likely that the person responsible for maintaining CENTCOM’s social networking accounts was probably hacked, giving the hackers access to the Twitter and YouTube accounts.

The hack on Monday coincided with an address President Obama was giving about cybersecurity and identity theft at the Federal Trade Commission. His speech, meant to bolster cybersecurity legislation that the White House wants Congress to pass, called for better data protection and better disclosure about breaches. The White House hopes Congress will pass a bill that would require companies to notify customers within 30 days if their personal information is stolen in a breach. The president cited the recent hacks at Target, Home Depot and Sony as primary reasons why Congress should pass the Personal Data Notification and Protection Act. The bill would help unify a multitude of state breach laws that currently exist. Lawmakers have tried for nearly a decade to pass a federal bill to replace the patchwork of state laws, but have repeatedly failed, in part because either the laws didn’t go far enough or went too far.