U.S. Central Command, or CENTCOM, is responsible for “U.S. security interests in 20 nations, stretching through the Arabian Gulf region into Central Asia.” This is obviously a highly important section of the military, and one that has a large degree of responsibility. Naturally, the enemies of the United States are not big fans of the work that CENTCOM does.
That was on full display this past Monday, when the Twitter and YouTube accounts of CENTCOM were hacked:
Even more frightening: when the Twitter account was hacked, spreadsheets appeared that displayed the home contact information of retired Army Generals.
Both hacks lasted less than half an hour before the compromised accounts were suspended. They have since been restored, and the FBI is now investigating the attack. Adding insult to injury: President Obama was speaking on cyber security as the hack was occurring.
CENTCOM acknowledged the hacking in a statement:
These sites reside on commercial, non-Defense Department servers and both sites have been temporarily taken offline while we look into the incident further. CENTCOM’s operational military networks were not compromised and there was no operational impact to U.S. Central Command. CENTCOM will restore service to its Twitter and YouTube accounts as quickly as possible. We are viewing this purely as a case of cybervandalism.
This isn’t the first time a prominent government account has been hacked: the same has happened to a variety of prominent political officials, including President Obama. The statement released by CENTCOM, of course, did not reveal anything about how the accounts were compromised, and I doubt we will ever hear the answer to that question, given that it could involve a sensitive internal security breach. However, there are some common sense ways that anyone can reduce their exposure to having their social media accounts compromised:
- Train your staff: This entire incident could have occured simply because someone at CENTCOM fell for a phishing scam. Phishing is the process by which a hacker claims to be someone else, usually by compromising another Email address, and sends out an Email that tricks another user into giving up sensitive information. Train your staff in how to recognize a phishing scam: Some giveaways include links that don’t go to the text that is displayed in the hyperlink itself, poor grammar and massive groups Emails.
- Two-step verification: Two-step verification is available on most social networks. With two-step verification, someone tries to log into an account, and a code is then texted to a cell that is associated with that account. This makes it virtually impossible for someone without that code to gain access. For high-level accounts, this is a requirement.
- Limit access: Make sure that only a select few have access to the passwords to your social media account.
- Change your password regularly: Every three months is a good bet.
Any other tips to add? I’m all ears – let us know in the comments!