U.S. Central Command's Twitter and YouTube accounts just lit up in a bad way. It looks like somebody who's claiming to be an ISIS affiliate called "CyberCaliphate" managed to gain access to the account and is currently tweeting images of documents, allegedly internal CENTCOM documents.
The first tweet links to a Pastebin post with links to downloads of "confidential data." However, upon further inspection, the documents don't appear to be so confidential. More on that in a second.
We contacted CENTCOM to confirm the breach. "We are aware of the issue," CENTCOM said, promising to get back to us with more details when they become available. CENTCOM later sent this statement:
We can confirm that the CENTCOM Twitter and YouTube accounts were compromised earlier today. We are taking appropriate measures to address the matter. We have no further information to provide at this time.
Meanwhile, amidst reports that the leaked documents were already public, the Army says otherwise. "Some of the documents are from password protected sites," Alayne Conway, a spokesperson for the Army's Public Affairs Office, told Motherboard. Both the Twitter and YouTube accounts for CENTCOM were suspended minutes after the initials tweets and uploads.
This isn't good—but it's not necessarily CyberJihad as the Pastebin post claims. For now, we have an unsubstantiated claims that there's been some sort of breach at CENTCOM. On Pastebin, the hackers claims that the confidential data comes from "mobile devices." However, it also looks like many of the documents that are being tweeted and posted online were already on Pentagon sites and elsewhere on the internet before the purported hack. Most of the documents in the downloads date back to 2005. The most recent is from 2008.
Meanwhile, hacking into a social media account and hacking into CENTCOM servers are two very different things. At first glance, it's hard to tell if the data being leaked is actually secret or confidential. Some of the documents posted to Twitter show names and addresses of U.S. military personnel as well as some "China Scenarios." The data contains slides that appear to have been taken from military presentations including one titled: Army Force Management Model.
This isn't good. Regardless of whether the hackers leaked sensitive documents or not, it's not good that they were able to hack into the military's social media accounts. If the hackers really did break into CENTCOM and if this data is really confidential, it's really not good. But for now, it's all still very unclear what actually happened.
We're in touch with CENTCOM and will update this post as we learn more about the incident. In the meantime, some wisdom from XKCD is appropriate.
Ashley Feinberg contributed reporting on this story.