CENTCOM's Twitter "hack" shows perils of picking passwords, not a need for cybersecurity legislation

In case you were wondering, guessing a password doesn't constitute "hacking."
Written by Zack Whittaker, Contributor
(Screenshot: ZDNet/Twitter)

Remember when CENTCOM was hacked this week? Hacked. By hackers.

It wasn't. A hacking group named "CyberCaliphate," hijacked the Pentagon-operated Twitter and YouTube accounts of the U.S. military's central command, and posted pro-Islamic State content. The hackers also posted links to allegedly stolen internal documents, which after a brief glance, did not contain any classification markings and in some cases were widely available (and searchable) online.

"We broke into your networks and personal devices and know everything about you," the hackers wrote in a series of (now deleted) tweets.

Except they didn't.

It was a joke. The hack itself was laughable. Pentagon officials though weren't laughing, and neither was the President, who was at the time giving a speech on the importance of cybersecurity legislation.

CENTCOM may be one of the most prominent of the U.S. military's social media accounts, but it's by far not the only one. The U.S. military is said to have thousands of links to feeds on Facebook, Twitter, YouTube, and other accounts, according to Reuters.

But when Obama said on Tuesday the CENTCOM hack is "proof the U.S. needs to strengthen cyber security," there was a collective groan by security experts across social media.

It comes as his administration moves to bolster cybersecurity legislation, something Congress failed to agree on, by introducing new privacy laws and data breach warnings, as well as coming out in support of near-identical controversial cybersecurity information-sharing legislation, which as it happened he threatened to veto just two years prior.

The CENTCOM hack, though, is nothing but proof that middle managers in the Pentagon's social media department need to use stronger passwords (or at very least, two-factor authentication).

Cybersecurity is a huge deal, and it needs to be -- particularly in the wake of high-profile (and even the smaller) hacks, data breaches, and catastrophically damaging attacks like the one against Sony.

But guessing or figuring out a weak password isn't hacking. Responding to a password guess on a social media site does not warrant a gung-ho approach to cybersecurity as Obama described. It was, according to a Pentagon spokesperson, "inconvenient." It was also, due to the timing of Obama's speech, rather embarrassing.

According to Reuters, U.S. officials updated passwords and tip-sheets were distributed to staff in an effort to bolster online security. The Pentagon confirmed that the hackers compromised no sensitive or classified information.

Editorial standards