U.S. CENTCOM Twitter feed compromised by ‘Cyber Jihadists’

The official Twitter account for the U.S. Central Command (CENTCOM) was compromised Monday afternoon, by attackers claiming to support the terrorist group ISIS.

In a series of messages posted to the compromised account, the attackers published images of documents, which were allegedly taken from hijacked mobile devices.

The person(s) claiming responsibility for the attack later posted a warning to American soldiers on Pastebin, that ISIS was already in their PCs, and that the Pentagon networks were hacked.

The statement:

“In the name of Allah, the Most Gracious, the Most Merciful, the CyberCaliphate under the auspices of ISIS continues its CyberJihad. While the US and its satellites kill our brothers in Syria, Iraq and Afghanistan we broke into your networks and personal devices and know everything about you. You’ll see no mercy infidels. ISIS is already here, we are in your PCs, in each military base. With Allah’s permission we are in CENTCOM now. We won’t stop! We know everything about you, your wives and children. U.S. soldiers! We’re watching you! There is no God but Allah and Muhammad is his Prophet! There is no law but Sharia!”

Archives released by the attacker(s) are said to have been taken from mobile devices. Many of the leaked documents are PDF files, which are archives of PowerPoint presentations and speech drafts. On Twitter, the attacker(s) have posted images which are said to be internal communications.

None of the documents seen by CSO Online were marked by any sort of classification, suggesting that the documents themselves are part of normal operations. However, the attacker(s) have also posted random office images, suggesting that personal, as well as official data has been compromised.

The real concern is the claim that the attackers obtained their data mobile devices, which if true, could place hundreds of employees (including civilians) at risk. However, there is no way to verify their claims at this time. As this story was going to press, Twitter was taking action to recover the US CENTCOM account.

CSO Online is following this story and will update if there are further developments.

Update:

The attacker(s) also targeted the CENTCOM YouTube account. Both the compromised Twitter and YouTube accounts have been taken offline.

U.S. Central Command also issued a statement confirming the incident.

“We can confirm that the CENTCOM Twitter and YouTube accounts were compromised earlier today. We are taking appropriate measures to address the matter. We have no further information to provide at this time.”

Additional documents released by the attacker(s) before the accounts were taken offline included PowerPoint files of various reports outlining budgets and strategy. However, again, none of the items leaked contained any classification marks.

Update 2:

Additional research into the leaked documents by CSO Online has confirmed that most of them, more than 90 percent to be exact, are public documents. As an example, here is the FY2015 budget amendments [PDF].