US Central Command's Twitter Account Hacked, Filled With Pro-ISIS Messages 128
schwit1 writes with news that U.S. Central Command lost control of its Twitter account today, apparently to people sympathetic to the Islamic State militant group. CENTCOM's YouTube account was also compromised, and two videos related to ISIS were posted.
Two U.S. defense officials, speaking on condition of anonymity, said the hacking was an embarrassment but did not appear to be a security threat. ... "In the name of Allah, the Most Gracious, the Most Merciful, the CyberCaliphate continues its CyberJihad," the Centcom Twitter feed said after being hacked. The Twitter feed had several messages from hackers, including one telling American soldiers to "watch your back," and the YouTube account had two videos that appeared to be linked to Islamic State. The Twitter account published a list of generals and addresses associated with them, titled "Army General Officer Public Roster (by rank) 2 January 2014."
Other title sugestion (Score:5, Insightful)
Re: (Score:1)
Another title suggestion: twitter is a joke, and a well written email is usually enough to have them hand over the keys to an account.
Re: (Score:1)
If it's found that Twitter handed the account's credentials to IS... they are gonna look pretty bad.
A major command from the US Department of Defense has a fucking Twitter account. I really don't think it could look any worse.
Yup, right about now CENTCOM brass is trying to figure why they signed up for that Twitter shit in the first place.
Re: (Score:3)
If it's found that Twitter handed the account's credentials to IS... they are gonna look pretty bad.
A major command from the US Department of Defense has a fucking Twitter account. I really don't think it could look any worse.
Yup, right about now CENTCOM brass is trying to figure why they signed up for that Twitter shit in the first place.
There are lots of legitimate reasons why they could do it. Ultimately I'm sure it was a small part of a larger strategy to do something community-relations related on page 25 of a powerpoint presentation.
Re: (Score:3)
"If it's found that Twitter handed the account's credentials to IS... they are gonna look pretty bad."
I wonder what the Central Command's first pet was named.
Re: (Score:2)
Another title suggestion: Having a Twitter account does nothing but make an organization look unprofessional.
Re: (Score:3)
Senator Richard Pictweet (D) agrees with you.
Re: (Score:2)
Have you been hiding under a rock? Nowadays, to look really professional you need a string of icons for different social media. Twitter, Facebook, and a bunch of others.
That it is utterly ridiculous - granted. That it looks unprofessional - unfortunately not to most people.
Re: (Score:2)
045EFB3B-3EC4-4D6D-99A5-E87E23AEE929
That was easy.
Re: (Score:1)
Re: (Score:1)
U.S. Central Command had a weak twitter password and looks like idiots today.
More likely, US Central Command twitter, which is nothing but external resource, has a weak password on purpose, so once it is "haxed" it becomes a visible example of why they need much more money for their offensive cyber command.
Before you say I'm making shit up, sorry, these things happen ALL THE TIME. Failure is one of the ways how you get more money.
Re:Other title sugestion (Score:5, Interesting)
This is actually a serious problem I've encountered in business, with no real tools to address it. You can have the tightest security within your organization, but things like Twitter accounts are out of your control. You have to rely on the security of Twitter.
Unfortunately, most businesses rarely have a single person who needs access to that type of account. Generally they have an entire department which needs to use it. But companies like Twitter and Facebook don't support any sort of multi-user logins for a single account (Google sort of does with Google Apps for Domains). It's one account, so there's one password, and that password has to be shared with everyone who needs to access that one account. So it inevitably ends up posted on the refrigerator door, or stored on the server as a shared file, or even emailed around. Easily stolen by anyone who hacks in or even visits the premises and happens to glance at the refrigerator door.
The best solution I could think of was if a password manager like KeePass would support managed multi-user credentials. That is, each individual has their own KeePass keychain with their own personal passswords, but an administrative user can insert a special hook for a shared password. So the user could use their KeePass passphrase to login to the shared Twitter account, but they wouldn't actually know the Twitter password and it wouldn't be stored on their keychain. Any time they needed to login, their KeePass would authenticate itself with the admin KeePass, which would log them into Twitter for them. When the person quits or is fired, the admin can just revoke that person's access to the admin KeePass keychain. No need to change the password and email the new password to everyone (thus creating a potential security breach) because the person who left is a potential security breach.
Re: (Score:2)
Facebook has fine grained permissions for pages/groups etc.. (admin/editor/contributor etc.)
Twitter/Facebook also allow you to offload the running of the account to an app. (e.g. Hootsuite, SocialOomph, Tweetdeck, etc.)
Either of these solutions mean that you don't have a single password in use for social networking.
Jason.
Re: (Score:2)
The best solution I could think of was if a password manager like KeePass would support managed multi-user credentials. That is, each individual has their own KeePass keychain with their own personal passswords, but an administrative user can insert a special hook for a shared password. So the user could use their KeePass passphrase to login to the shared Twitter account, but they wouldn't actually know the Twitter password and it wouldn't be stored on their keychain. Any time they needed to login, their KeePass would authenticate itself with the admin KeePass, which would log them into Twitter for them. When the person quits or is fired, the admin can just revoke that person's access to the admin KeePass keychain. No need to change the password and email the new password to everyone (thus creating a potential security breach) because the person who left is a potential security breach.
LastPass supports this on their "Premium" and "Enterprise" accounts.
You can add sites to a folder which the administrator can control and that administrator can decide if the user will be able to 'see' the password or leave it hidden to all users.
Users will need their own unique password (and potentially Two Factor auth) to access the 'hidden' Twitter password account.
https://enterprise.lastpass.co... [lastpass.com] enterprise
https://helpdesk.lastpass.com/... [lastpass.com] 'premium'
Re: (Score:3)
Twitter supports two factor authentication. For an organization this big, is it really beyond their ability to have a phone or tablet running Google Authenticator plugged in for the Social Media Relations department?
Re: (Score:2)
U.S. Central Command had a weak twitter password and looks like idiots today.
Tomorrow:
U.S. Central Command had a moderately stronger twitter password but still looks like idiots.
Re: (Score:2)
If communication is critical and false communication could result in the loss of life, twitter is not an appropriate resource. I'm sorry it's the only way to share info in a way the masses will listen, but it's just reality that there is no way to make consumer social media communications safe for state sponsored critical communications. In order to be remotely sane you'd at least have to have and extremely long complex password, 2FA and you need some mechanism where two authorized parties have to approve a
Re: (Score:2)
Is anything specifically known about how ISIS got in?
Quick, Colonel, change the Twitter password! (Score:5, Funny)
This time, try 1-2-3-4-6! That's the new password on my luggage!
Re:Quick, Colonel, change the Twitter password! (Score:4, Funny)
What's the matter Colonel Sanders? CHIIIIIICKEN?!?
Re: (Score:1)
Re: (Score:2)
Bok bok bok! [clucks and flaps wings]
Re: (Score:1)
More like changing 00000000 to 999999999
TMYK [arstechnica.com]
Re: (Score:2)
To arms netizens!
form your subject lines
type on
type on
until their impure posts are drowned in our flame
Before this gets even more overblown... (Score:5, Insightful)
Re: (Score:2)
So close, but instead of a poster, it's a 140 character scribble on the bathroom wall of the Internet, and childish clips of kids kicking each other in their nuts.
https://www.youtube.com/watch?v=r_4jrMwvZ2A [youtube.com]
Re: (Score:3)
...just remember this XKCD: http://xkcd.com/932/ [xkcd.com]
You're assuming they aren't using the same password for their Twitter account that they're using for the Nukes launch codes.
Oh... you think I'm kidding?
Seriously... it's a real concern:
http://www.theguardian.com/wor... [theguardian.com]
Re: (Score:1)
...just remember this XKCD: http://xkcd.com/932/ [xkcd.com]
You're assuming they aren't using the same password for their Twitter account that they're using for the Nukes launch codes.
Oh... you think I'm kidding?
Seriously... it's a real concern:
http://www.theguardian.com/wor... [theguardian.com]
Besides the physical security thing involved with a nuclear missile silo
Re: (Score:2)
I'm not sure the physical security [cnn.com] is that much of a deterrent (there was another article that I couldn't find which listed a host of similar issues, including allowing pizza delivery guys to the silo). The job of being a silo-jockey is not considered particularly prestigious in the USAF and we aren't getting the best of the best to guard our most powerful weapons.
On the other hand, finding a floppy disk [slate.com] these days to launch the damn things might be a bit harder to manage.
Re: (Score:2)
Scrolled down for this. Left satisfied.
Re: (Score:1)
So, um... (Score:5, Funny)
Have they done so; but CENTCOM can't afford an auth fob because of cost overruns incurred by the F-35?
Somebody here is an idiot; but who?
Re: (Score:1)
CENTCOM. Why do they have a twitter account? Do they also have accounts on various porn sites?
Re: (Score:2, Insightful)
Every political organization has a public relations portal. Yes, CENTCOM needs money, so:yes, CENTCOM is sensitive to political visibility.
It's also a method for outsourcing the cost of communications infrastructure in a BYOD world, with the understanding that everything said via that channel is OSINT and needs to be sanitized for OPSEC/sensitive materials. The OSINT subscribers have to be sensitive to the potential for misinformation which can be exploited.
Shit like this is normally just used for press rel
Re: (Score:1)
Re: (Score:2)
We can afford to deliver proper healthcare. Total up what US governments spend on medical expenses, and you can find countries with good universal health care that spend less than that per capita.
Re: (Score:2)
Re: (Score:2)
Re: (Score:1)
#SorryForTheInconvenience (Score:3)
Why do they have a twitter account?
An enemy of the U.S.A. has been detected in your building. Ordnance has been dispatched, You have 30s to evacuate your family. Thank you
Re: (Score:2)
You have 10 minutes to evacuate your family
Your family has been wiped out
Your family has been crushed into a cube
You have 30 minutes to remove your cube
Re: (Score:1)
Most of these sites should have two factor autentication set up at least with a mobile so you don't need a FOB for free. Google does. Not sure how many others do.
Re: (Score:2)
Whom
Bunch of idiots (Score:3, Funny)
"Hey Jamal, what are you doing?"
"Well, Achmed, you remember how the American pigs blew up my family when I was hiding behind them and using them as a shield, and how they continually try to bring modern culture and women's rights and so on to our country?"
"......Yes...."
"I finally have my revenge! Look! Look what I have done for Allah!"
"That....that's nice, Jamal. It...you....ummm....I'm sure the Americans are weeping in shame and fear right now. If...if you'll excuse me, I need to go someplace....else...."
And? (Score:4, Insightful)
Re: (Score:2)
BBC News - Suicide Bombers Go On Strike (Score:5, Funny)
Oldie, but goodie:
Muslim suicide bombers in Britain are set to begin a three-day strike on Monday in a dispute over the number of virgins they are entitled to in the afterlife. Emergency talks with Al Qaeda have so far failed to produce an agreement.
The unrest began last Tuesday when Al Qaeda announced that the number of virgins a suicide bomber would receive after his death would be cut by 25% this February from 72 to 54. A spokesman said increases in recent years in the number of suicide bombings has resulted in a shortage of virgins in the afterlife.
The suicide bombers' union, the British Organization of Occupational Martyrs (or B.O.O.M.) responded with a statement saying the move was unacceptable to its members and called for a strike vote. General Secretary Abdullah Amir told the press, "Our members are literally working themselves to death in the cause of Jihad. We don't ask for much in return but to be treated like this is like a kick in the teeth" Speaking from his shed in Tipton in the West Midlands, Al Qaeda chief executive Haisheet Mapants explained, "I sympathize with our workers concerns but Al Qaeda is simply not in a position to meet their demands.
They are simply not accepting the realities of modern-day Jihad in a competitive marketplace. Thanks to Western depravity, there is now a chronic shortage of virgins in the afterlife. It's a straight choice between reducing expenditures or laying people off. I don't like cutting benefits but I'd hate to have to tell 3,000 of my staff that they won't be able to blow themselves up.
Spokespersons for the union in the North East of England, Ireland, Wales and the entire Australian continent stated that the change would not hurt their membership as there are so few virgins in their areas anyway.
According to some industry sources, the recent drop in the number of suicide bombings has been attributed to the emergence of Scottish singing star, Susan Boyle. Many Muslim Jihadists now know what a virgin looks like and have reconsidered their benefit packages.
Re: (Score:1, Funny)
Shortage of virg1ns? Try mining Slashdot. The contract says nothing about quality.
Re: (Score:2)
" now know what a virgin looks like and have reconsidered their benefit packages"
holy crap that was funny. wish i had mod points
Re: (Score:2)
These [zazzle.com] are not the virgins you are looking for.
Hacked? Uh huh, sure... (Score:5, Interesting)
The PFC appointed as Social Media Officer probably chose a weak password. Seriously, whenever I see a news article about a social media account being "hacked," I really wish journalists would understand these are just password-protected web services!
Celebrities' naked pictures and Twitter feeds get hacked because they have simple passwords, not because some genius hacker spends months looking for an exploit on their personal phone and the opportunity to introduce it. And even "security question" based password resets don't work when a celebrity will choose answers that anyone can find in 100 gossip rags.
Re:Hacked? Uh huh, sure... (Score:5, Insightful)
Except it doesn't matter.
Because, much like the DMCA made even incompetent security enshrined in law ... if you or I 'hacked' into someone's Twitter feed using these simple techniques, we would be facing serious criminal charges.
In the eyes of the law, this trivial form of 'hacking' is as serious as anything else.
I can't tell you how many websites which have a pre-determined list of "security questions" which almost anybody could get through public sources.
All you have to do is pretend to have some security and it's just as illegal.
The media doesn't need to differentiate between one form of hacking and another -- because the fscking law doesn't. Unless of course it's law enforcement doing it, and then it's apparently perfectly legal.
Re:Hacked? Uh huh, sure... (Score:4, Insightful)
Q: What was your first pet's name?
A: Kd1hRuhe^bhNfyh*285kwlLojs5g0kaSjn
Re: (Score:2)
Except it doesn't matter.
Because, much like the DMCA made even incompetent security enshrined in law ... if you or I 'hacked' into someone's Twitter feed using these simple techniques, we would be facing serious criminal charges.
Serious question, why shouldn't you?
"Simple techniques" can be used to get through my locked front door, but guess what: it's illegal. And should be.
Re: (Score:2)
The PFC appointed as Social Media Officer probably chose a weak password. Seriously, whenever I see a news article about a social media account being "hacked," I really wish journalists would understand these are just password-protected web services!
Celebrities' naked pictures and Twitter feeds get hacked because they have simple passwords, not because some genius hacker spends months looking for an exploit on their personal phone and the opportunity to introduce it. And even "security question" based password resets don't work when a celebrity will choose answers that anyone can find in 100 gossip rags.
And cockroaches scuttling across a restaurant floor don't mean the place is dirty either. But I get up and leave either way.
Re: (Score:2)
FTFY (Score:2)
045EFB3B-3EC4-4D6D-99A5-E87E23AEE929
Merciful? (Score:5, Funny)
You keep using that word. I do not think it means what you think it means.
Re: (Score:3)
Re: (Score:3)
You keep using that word. I do not think it means what you think it means.
To be fair, they're saying God is merciful, not themselves.
Re:Merciful? (Score:5, Funny)
Reminds of The Onion post Sep. 11th: http://www.theonion.com/articl... [theonion.com]
God Angrily Clarifies 'Don't Kill' Rule
NEW YORKâ"Responding to recent events on Earth, God, the omniscient creator-deity worshipped by billions of followers of various faiths for more than 6,000 years, angrily clarified His longtime stance against humans killing each other Monday.
"Look, I don't know, maybe I haven't made myself completely clear, so for the record, here it is again," said the Lord, His divine face betraying visible emotion during a press conference near the site of the fallen Twin Towers. "Somehow, people keep coming up with the idea that I want them to kill their neighbor. Well, I don't. And to be honest, I'm really getting sick and tired of it. Get it straight. Not only do I not want anybody to kill anyone, but I specifically commanded you not to, in really simple terms that anybody ought to be able to understand."
Worshipped by Christians, Jews, and Muslims alike, God said His name has been invoked countless times over the centuries as a reason to kill in what He called "an unending cycle of violence."
"I don't care how holy somebody claims to be," God said. "If a person tells you it's My will that they kill someone, they're wrong. Got it? I don't care what religion you are, or who you think your enemy is, here it is one more time: No killing, in My name or anyone else's, ever again."
The press conference came as a surprise to humankind, as God rarely intervenes in earthly affairs. As a matter of longstanding policy, He has traditionally left the task of interpreting His message and divine will to clerics, rabbis, priests, imams, and Biblical scholars. Theologians and laymen alike have been given the task of pondering His ineffable mysteries, deciding for themselves what to do as a matter of faith. His decision to manifest on the material plane was motivated by the deep sense of shock, outrage, and sorrow He felt over the Sept. 11 violence carried out in His name, and over its dire potential ramifications around the globe.
"I tried to put it in the simplest possible terms for you people, so you'd get it straight, because I thought it was pretty important," said God, called Yahweh and Allah respectively in the Judaic and Muslim traditions. "I guess I figured I'd left no real room for confusion after putting it in a four-word sentence with one-syllable words, on the tablets I gave to Moses. How much more clear can I get?"
"But somehow, it all gets twisted around and, next thing you know, somebody's spouting off some nonsense about, 'God says I have to kill this guy, God wants me to kill that guy, it's God's will,'" God continued. "It's not God's will, all right? News flash: 'God's will' equals 'Don't murder people.'"
Worse yet, many of the worst violators claim that their actions are justified by passages in the Bible, Torah, and Qur'an.
"To be honest, there's some contradictory stuff in there, okay?" God said. "So I can see how it could be pretty misleading. I admit itâ"My bad. I did My best to inspire them, but a lot of imperfect human agents have misinterpreted My message over the millennia. Frankly, much of the material that got in there is dogmatic, doctrinal bullshit. I turn My head for a second and, suddenly, all this stuff about homosexuality gets into Leviticus, and everybody thinks it's God's will to kill gays. It absolutely drives Me up the wall."
God praised the overwhelming majority of His Muslim followers as "wonderful, pious people," calling the perpetrators of the Sept. 11 attacks rare exceptions.
"This whole medieval concept of the jihad, or holy war, had all but vanished from the Muslim world in, like, the 10th century, and with good reason," God said. "There's no such thing as a holy war, only unholy ones. The vast majority of Muslims in this world reject the murderous actions of these radical extremists, just like the vast majority of Christi
Allah is Proud (Score:2)
It's always good when terrorist groups act like 13-year old haxxor boys.
I hope their god is proud of them.
Re:Allah is Proud (Score:5, Funny)
It's always good when terrorist groups act like 13-year old haxxor boys.
I hope their god is proud of them.
Yeah, joke's on them. Those script kiddies are the 72 virgins!
Re: (Score:2)
It's always good when terrorist groups act like 13-year old haxxor boys.
I hope their god is proud of them.
Yeah, joke's on them. Those script kiddies are the 72 virgins!
Somebody needs to write a musical called Seventy Two Virgins for Seventy Two Virgins!
Meanwhile, waiting for Anonymous (Score:1)
But where are the Charlie Hebdo cartoons Anonymous should be putting on IS' Twitter feed?
Twitter and YouTube? (Score:2)
Re: (Score:2)
Crap on weak passwords all you want. (Score:3)
Re: (Score:2, Troll)
Why the &%#$@ does CENTCOM (Score:3)
Re: (Score:3)
Because social media is the new battleground. Where have you been the last 5 years?
Re: (Score:2)
Re: (Score:2)
The old "Are you my grandson?" Twitter gag (Score:2)
This reminds me of the "Are you my grandson?" Twitter gag. Someone sent messages to hundreds of celebrities and media personalities stating things like, "Are you my grandson?" and "Where am I?" The account got tens of thousands of followers and mentions on the radio and in the media.
Then, suddenly, one morning the user changed the name and picture and started tweeting jihadist propaganda.
Re: (Score:2, Funny)
The medical term is radiation treatment. Add a little chemo, and we should be able to wrap this up
Re: (Score:2)
Just put a fence around the Middle East, sit back with a beer and enjoy the cage fight.
Re: (Score:2)
Especially the Al Gore part.