In the news today is an announcement that ISIS supporters have hacked the Twitter and YouTube accounts of Centcom (US Central Command). The Twitter account for U.S. Central Command was apparently hacked on Monday, with pro-ISIS messages plastering the accounts profile. The first message was posted at 12:29 p.m. ET, with the words AMERICAN SOLDIERS, WE ARE COMING, WATCH YOUR BACK. ISIS. and the hashtag #CyberCaliphate. On the one hand, this shows a serious lapse in judgment on the part of Centcom with regard to their password management scheme for their externally-facing assets. On the other, its worth remembering that the absolute least secure part of Centcom is likely its YouTube and Twitter pages. The public administrator for these assets is, in all likelihood, some retired petty officers nephew. In the words of XKCD, What people hear: Someone hacked into the computers of [Centcom]! What computer experts hear: Someone tore down a poster hung up by [Centcom]! xkcd/932/ However, this is not to say that this infiltration is harmless. I dont mean in the sense of publicity and optics and morale and diplomatic setback and other things that have to do with the combat effort; Ill leave speculation on those matters to writers of more politics- and war-oriented tech fiction. What I mean is that the means by which these folks got the Twitter and YouTube passwords might indicate that they did indeed compromise at least one computer system owned by someone at least peripherally connected to Centcom. If *I* was carrying out this hack, Id approach it by spearphishing the aforementioned hypothetical nephew into downloading a viral payload. Id use the virus to install a backdoor on his machine, which would allow me to monitor his keystrokes and snag this password. This backdoor would also allow me to browse his email, which could net me material such as this: Later messages included images of what were apparently spreadsheets labeled as containing the contact info and home addresses of retired U.S. army generals. Other tweets claimed to include military plans from Pentagon networks. One such image showed a map of China with labels of different military assets. Even if the material in these emails was declassified or incorrect, they would give me enough information to then credibly spearphish someone a little higher up the chain. If Im patient, determined, and believe that my God has commanded me to do it, then eventually this process would yield data that actually matters.
Posted on: Mon, 12 Jan 2015 18:20:16 +0000
Trending Topics
Recently Viewed Topics
© 2015