The above image is tomorrow morning’s (13th Jan) Daily Mail frontpage – and as you can see it is screaming about a so-called “Terror Hack”.
The piece begins “Islamist fanatics made chilling threats against allied soldiers last night b hacking into sensitive US military accounts”.
The story, the same version of which at the time of writing has not yet appeared on the Daily Mail website, is referring to the hack earlier today, allegedly by ISIS supporters, of “Centcom”, the US Military’s central command operation.
Sounds terrifying, right? The only thing is… the accounts it is referring to is Centcom’s official Twitter and YouTube accounts. Now perhaps I’m not appreciating the magnitude of this, but I can’t help but think that these two accounts rank somewhere further down the list than, say, the nuclear launch codes or all of the top secret alien autopsy photos from Area 51. Unfortunately for the Daily Mail, which has splashed with this – when you think about it for five minutes the whole story more or less unravels.
When you look at what the hackers have actually done, they haven’t really hacked Centcom at all – merely gained access to a couple of social media accounts. The hack probably wasn’t carried out by doing anything more sophisticated than “phishing” – such as sending an email purporting to be from Twitter and requesting the person with access to the account enters their password in a dummy website (which will then forward the password so the hackers can use it to login).
Okay, so not good – but not exactly terrifyingly abnormal. In any case, I dare-say it is safe to assume that Centcom’s social media manager probably isn’t the same person who has nuclear launch codes, and it is probably safe to assume that any sensitive military systems are kept completely separate to anything public facing.
In essence, this xkcd cartoon sums up what almost certainly happened:
The hackers haven’t broken into sensitive American military systems – they have effectively just torn down a poster.
For the brief time between when the hackers gained access to the accounts and when Twitter and YouTube took them down, the hackers posted a number of scary looking documents with contact details for various Generals on. Unfortunately, as the online version of the Mail story (which was written by different people) notes, the documents aren’t “new” – they have been circulating online for a while.
So all the hackers have done is post some old documents with some scary sounding messages about the ‘Caliphate’. Unless there’s some top gossip hidden in Centcom’s Direct Messages, it is unlikely that the hackers have obtained any sensitive documents.
There’s another huge caveat on the story too – and that is the question of who did it. The Mail story starts by referring to “Islamist fanatics” and the accounts did claim to be hacked in support of ISIS. But here’s the thing: There’s no actual evidence that “Islamist fanatics” were behind the attacks. It could simply be a kid in their bedroom pretending to be an ISIS terrorist for a laugh. Hacking for amusement isn’t exactly unheard of. Given the documents turned out to not be real, it is easy to imagine the kid in their bedroom finding and posting them to further wind people up. If it were real terrorists, wouldn’t they want to maintain their credibility?
Adding weight to this hypothesis are the words of Ali Soufan, who used to work for the FBI on counter-terrorism. I can’t claim to be able to confirm what he is saying here, but you’d expect someone who has been in his position to know what they are talking about.
— Ali H. Soufan (@Ali_H_Soufan) January 12, 2015
So what is left of the story? Essentially, Centcom was the victim of a low-level hack – possibly a phishing attack – which was never a threat to anything actually sensitive. Sure, it is a little bit embarrassing for the US, especially as it came whilst Obama was apparently speaking on cybersecurity – but surely it doesn’t deserve to be frontpage news?
In the middle of Obama's speech on cybersecurity, ISIS has hacked CENTCOM. pic.twitter.com/f3SRcTrm1K
— Jimmy (@JimmyPrinceton) January 12, 2015
And if it does turn out to have been a crack team of ISIS terrorists obtaining the nuclear launch codes, then I’ll happily concede that I was wrong, seconds before we’re all obliterated by an ICBM.