Decoding the Breach: The Truth About the CENTCOM Hack


Feb 3, 2015

People holding mobile phones are silhouetted against a backdrop projected with the Twitter logo

People holding mobile phones are silhouetted against a backdrop projected with the Twitter logo

Photo by Kacper Pempel/Reuters

This commentary originally appeared on The Mark News on February 3, 2015.

Responsible media reported that ISIS hackers briefly took over the Twitter account of U.S. Central Command (CENTCOM) on Jan. 12. Unfortunately, many people interpreted the news incorrectly, and believed that terrorists had commandeered CENTCOM's computer system.

ISIS (the Islamic State in Iraq and Syria) claimed that it had hacked its way into U.S. military computers. It proceeded to post what looked like sensitive documents.

After a little analysis, it was clear that those documents were already in the public domain — one of them was a Wikipedia article.

While the incident was embarrassing, it was not concerning in operational military terms. It was, however, damaging to the counterinsurgency against ISIS.

To hijack a Twitter account merely requires that hackers guess the correct password — and if they do, Twitter usually has no way of telling whether the right person controls the account.

This is not the first such hacking. In 2013, the Syrian Electronic Army hacked the Twitter account of the Associated Press and started a rumor about a White House bombing, which caused stock values to drop by tens of billions of dollars within two minutes.

By contrast, even the unclassified networks (like NIPRNet) used by CENTCOM and other U.S. military commands have higher degrees of protection, including multi-factor authentication for users like the use of personal access cards and intensive network monitoring. NIPRNet is not impregnable, but it is better than most corporate networks, like, say, Sony's.

There are also classified networks like SIPRNet that support U.S. military operations and enjoy still higher degrees of protection. Most important, these networks are not linked directly to the Internet. This does not mean that malware has never found its way into these networks (the Pentagon has acknowledged a significant cyberattack that happened in 2008 and the response to it, named Operation Buckshot Yankee), but such events are rare.

When these networks are hacked, it is significant enough to merit concern. If ISIS had broken into NIPRNet, it would be worrying. If ISIS had broken into SIPRNet, it would be shocking. Neither appears to have happened.

Although terrorist groups and other non-state actors are gaining interest and prowess in hacking, they are far from the best in the game. Sophisticated nation states like China and Russia, and also Iran, are far more skilled in this area. Even technologically backward North Korea is able to do real harm.

It would be a mistake to allow fear of cyberterrorism to deflect attention from far greater nation-state threats to computer systems on which U.S. national security depends. Protecting critical networks from top-tier threats is far more important than protecting social networks from lesser threats.

So, no harm, no foul in the recent CENTCOM Twitter case. Correct?

Not quite. CENTCOM is involved in two conflicts — one in Afghanistan and one in Iraq and Syria — that are essentially counterinsurgencies. Insurgencies and campaigns to counter them are basically contests for popular support, from local to global. A narrative that the computers of the mighty U.S. military have been laid low by ISIS hackers can play well in disaffected populations. For a transnational insurgency, which ISIS has become, a worldwide reputation for competence and derring-do can help lure recruits.

As the accused agent of aggression against Muslims, CENTCOM is an attractive target, and even the perception of vulnerability is a boon to extremists. What ISIS did was a propaganda coup. Never mind that what they did would not impress computer experts — they are not in ISIS's target audience. For everyone else, what they did was impressive.

There are two lessons here: Let's not exaggerate the importance of every incident. At the same time, let's tighten up security on even the most ordinary systems, so that we don't make it easy.

David C. Gompert was Principal Deputy Director of National Intelligence from 2009 to 2010. During 2010, he served as Acting Director of National Intelligence, in which capacity he provided strategic oversight of the U.S. Intelligence Community, and acted as the President's chief intelligence advisor. Prior to joining RAND, Martin C. Libicki spent 12 years at the National Defense University, three years on the Navy staff as program sponsor for industrial preparedness, and three years as a policy analyst for the U.S. General Accounting Office's Energy and Minerals Division.

More About This Commentary

Commentary gives RAND researchers a platform to convey insights based on their professional expertise and often on their peer-reviewed research and analysis.