Hackers claiming allegiance to the Islamic State took control of the social media accounts of the U.S. military’s Central Command on Monday, posting threatening messages and propaganda videos, along with some military documents.
The command’s Twitter and YouTube accounts were eventually taken offline, but not before a string of tweets and the release of military documents, some of which listed contact information for senior military personnel. A Centcom spokesman confirmed their accounts were “compromised,” and said later that the accounts have been taken offline while the incident is investigated more.
“CENTCOM’s operation military networks were not compromised and there was no operational impact to U.S. Central Command,” a military statement said. “CENTCOM will restore service to its Twitter and YouTube accounts as quickly as possible. We are viewing this purely as a case of cybervandalism.”
Military officials added in the statement that their initial assessment is that no classified information was posted, and that none of what was released came from Centcom’s server or social media sites. The command will notify Defense Department and law enforcement authorities about the release of personally identifiable information and make sure that those affected are notified as quickly as possible, Centcom said.
Virtually all of the documents posted appear to already have been publicly available online, but the incident is nevertheless embarrassing to the U.S. military. Centcom oversees the U.S. military campaign against the Islamic State in Iraq and Syria, and frequently posts videos of airstrikes on the same accounts attacked Monday.
The United States and the Islamic State have waged a propaganda battle online for the better part of a year, after the militants rose to prominence and seized broad swaths of territory in Iraq and Syria. Twitter accounts sympathetic to the militants have distributed graphic images of beheadings and other violence along with threats, while the Defense Department and State Department have sought to expose the Islamic State as an oppressive group willing to slaughter innocent men, women and children.
The first rogue tweet Monday was posted about 12:30 p.m. and the account was not suspended for about another 40 minutes. The background and profile photo of the Twitter account were both changed to show an apparent militant and the phrases “CyberCaliphate” and “i love you isis,” using one of the acronyms for the militant group.
“AMERICAN SOLDIERS, WE ARE COMING, WATCH YOUR BACK,” one tweet said.
White House Press Secretary Josh Earnest said the Obama administration is “examining and investigating the extent of the incident.”
“This is something we are obviously looking into and something we take seriously,” he told reporters Monday, adding he didn’t have a lot of information. He said that there is a “pretty significant difference” between “a large data breach and the hacking of a Twitter account.”
The Centcom YouTube page also appeared to have been hacked, with two Islamic State propaganda videos added to the page and the same “CyberCaliphate” banner posted. The YouTube account was eventually “terminated due to repeated or severe violations” of YouTube’s guidelines, the website said.
Central Command also maintains Facebook accounts, but it appears they were not affected.
It is not clear whether the hackers are actually with the Islamic State, sympathizers with the militants, or simply pulling a prank on the Pentagon. But J.M. Berger, an analyst and non-resident fellow with the Brookings Institution, said there is reason to believe it could be someone affiliated directly with the Islamic State.
“ISIS has a team of hackers who are very deeply involved in ISIS the organization,” said Berger, author of the forthcoming book “ISIS: The State of Terror.”
“They have been practicing and recruiting for a while, and this has been going on for months and months,” Berger said.
But analysts added that just because the Islamic State hacked two social media accounts, it does not mean they threatened classified computer networks. Other hacker organizations, like the Syrian Electronic Army, have seized control of websites, and a group using the same “CyberCaliphate” name and photo seen in the hack against Centcom on Monday hacked the Twitter accounts of the Albuquerque Journal in New Mexico and the WBOC TV station in Salisbury, Md., last week.
“Let’s remember this is a social media account,” said Peter Singer, a strategist and analyst with the New American Foundation in Washington, of the attacks on Monday. “This is not a military command and control network. This is not a network that moves classified or even non-classified internal information back and forth. Essentially what they did is for several minutes take control of the megaphone.”
But Singer said the incident does amount to a public relations victory for the Islamic State, even if they were not directly involved. Embarrassing the U.S. government “is a feather in their cap in terms of pulling off something that other groups have not been able to do, no matter how silly it is at the end of the day.”
It is not clear what level of security any of the organizations affected have on their social media accounts. Twitter offers a two-step verification process to sign into an account that makes it secure, but it is not required. Without it, a Twitter account typically requires only an email address and a password.
A look at some of the rogue messages sent. The first shows a U.S. soldier with what appears to be a black goat in a military office:
Error: No connected account.
Please go to the Instagram Feed settings page to connect an account.