The recent attack on the servers of Sony Pictures, by hackers allegedly affiliated to North Korea, paraded sensitive corporate information across the internet. In comparison, Monday’s hacking of the Twitter and YouTube accounts of the US military’s Central Command was a prank, and an amateurish one at that. The postal address of General Martin Dempsey, chairman of the joint chiefs of staff, or the sundry maps of maritime defences along the Chinese coast as well as nuclear and missile installations in North Korea — posted on Centcom’s Twitter feed by hackers apparently backing the Islamic State (Isis) — are not exactly state secrets. The same maps, or very similar ones, are available on the websites of more than a handful of think-tanks.
The hijack of Centcom’s public web faces hasn’t caused a major security concern. But it’s an embarrassment for the US government, especially since it happened even as President Barack Obama was delivering a speech on cyber security. In other words, it was a PR ambush, with the perpetrators likely aware of its technical worthlessness. But it raises questions about the vulnerabilities of the US military’s online public interfaces, which extends to concerns about other militaries’ use of social media tools likely to be targeted by the Isis or likeminded non-state and state actors.
Obama’s speech revealed proposals for protecting consumer data on corporate servers, including legislation requiring firms to inform customers of data breaches within 30 days and also protecting them from lawsuits for sharing cyber threat data with government. Meanwhile, sleuths have to determine who the Centcom hackers were. The Islamist outfit detests the acronym “Isis” that was all over the hacked feed. And an “Anonymous” handle claimed to have tracked the hacker to a Maryland computer. But then again, nothing reminds the real Isis of its mortality more than Centcom, which has dropped 5,000-odd bombs on it last week.