|
 In the wake of Monday's breach of U.S. Central Command's Twitter and
YouTube feeds by apparent sympathizers of the Islamic State militant
group, U.S. officials updated passwords and some distributed
tip-sheets to help bolster online security.
But they showed no sign of shifting a social media strategy that has
seen thousands of Facebook, Twitter and other accounts blossom as
the world's most powerful military establishes an Internet presence
that matches the global reach of its forces.
That large online profile carries unique risks for the military.
"It’s their public face," said Ben FitzGerald at the Center for a
New American Security think tank.
"So someone sitting in Baghdad isn't going to necessarily pick up
the nuance that this is a non-military network and not a significant
hack. So they're looking silly and they're looking weak."
The U.S. Department of Defense has "thousands and thousands" of
social media accounts, said Colonel Steve Warren, a Pentagon
spokesman. They are seen as a fast and effective way for the U.S.
military to communicate with its own personnel and families about
everything from on-base social events to power outages.
"We are certainly looking at our systems and will refine them as
needed," said Warren.
Although a review of the incident was under way, he said, there had
been no specific department-wide instructions issued since Monday to
strengthen security across social media.
The Twitter and YouTube breach is far different than the one in
2008, when malware believed to have been crafted by a foreign
intelligence service infiltrated Central Command's internal computer
systems.
That attack was a dramatic illustration of the risks to military and
defense-related networks critical to U.S. security, and triggered a
massive expansion of cyber-defense efforts.
Monday's hack also did not lead to any theft or disclosure of
classified information, officials said. But it delivered a highly
symbolic blow by compromising the social media accounts of the
military command overseeing sensitive operations in Iraq and Syria
during a time of conflict.
It was a reminder of the perils of social media for an institution
that prides itself on its vast security and image of unrivalled
global power.
"WATCH YOUR BACK"
The hackers posted what officials said appeared to be authentic, but
unclassified, rosters of current and retired top brass, including
some private email addresses. They also posted messages, including:
"American soldiers, we are coming, watch your back."
Unlike most high-profile accounts, the Twitter feeds used by Central
Command were not "verified," which would have added another layer of
security and required harder-to-break government email accounts to
be set up, officials told Reuters.
[to top of second column] |
Still, it is unclear such steps would have prevented the hack, which
is being investigated by the FBI and the military.
A source familiar with the inquiries said investigators were
examining whether cyber attackers sent "phishing" messages that
tricked Central Command personnel into revealing shared logins and
password information.
President Barack Obama said Tuesday's hack and others show "how much
more work we need to do, both public and private sector, to
strengthen our cyber security."
Still, hacking into Central Command's Twitter feed is far easier -
and entirely different - than gaining access to its internal
networks, something the military has devoted vast resources to
defending, analysts say.
"It's really not that difficult to gain access to someone else's
social media or e-mail account," said Michael Smith, principal and
chief operating officer of Kronos Advisory, a private intelligence
group focused on counterterrorism.
Smith said such incidents occurred often at Twitter.
In 2013 hackers took control of the Associated Press Twitter account
and sent a false tweet about explosions in the White House that
briefly sent U.S. financial markets reeling.
"Hacking a Twitter is about the equivalent of spray-painting a
subway car," a former senior U.S. intelligence official said.
Senator Dan Coats, a member of the Senate Select Committee on
Intelligence, said the incident highlighted cyber security risks.
But he said the solution was better cooperation between the public
and private sectors, not retrenchment from social media.
“If the U.S. military – or State Department, White House, members of
Congress – stayed off Twitter, YouTube and other social media sites
because of the vulnerabilities inherent in those services, then the
terrorists win,” Coats said.
(Additional reporting by Andrea Shalal and Mark Hosenball; Editing
by David Storey, Jason Szep and Ken Wills)
[© 2014 Thomson Reuters. All rights
reserved.] Copyright 2014 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed. |
