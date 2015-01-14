| WASHINGTON
WASHINGTON Jan 13 If so-called "cyber
jihadists" want to launch another social media attack on
America's military, they will have plenty of targets: the U.S.
Army alone lists more than 2,000 links to feeds on Facebook,
Twitter, YouTube and other accounts.
In the wake of Monday's breach of U.S. Central Command's
Twitter and YouTube feeds by apparent sympathizers of the
Islamic State militant group, U.S. officials updated passwords
and some distributed tip-sheets to help bolster online security.
But they showed no sign of shifting a social media strategy
that has seen thousands of Facebook, Twitter and other accounts
blossom as the world's most powerful military establishes an
Internet presence that matches the global reach of its forces.
That large online profile carries unique risks for the
military.
"It's their public face," said Ben FitzGerald at the Center
for a New American Security think tank.
"So someone sitting in Baghdad isn't going to necessarily
pick up the nuance that this is a non-military network and not a
significant hack. So they're looking silly and they're looking
weak."
The U.S. Department of Defense has "thousands and thousands"
of social media accounts, said Colonel Steve Warren, a Pentagon
spokesman. They are seen as a fast and effective way for the
U.S. military to communicate with its own personnel and families
about everything from on-base social events to power outages.
"We are certainly looking at our systems and will refine
them as needed," said Warren.
Although a review of the incident was under way, he said,
there had been no specific department-wide instructions issued
since Monday to strengthen security across social media.
The Twitter and YouTube breach is far different than the one
in 2008, when malware believed to have been crafted by a foreign
intelligence service infiltrated Central Command's internal
computer systems.
That attack was a dramatic illustration of the risks to
military and defense-related networks critical to U.S. security,
and triggered a massive expansion of cyber-defense efforts.
Monday's hack also did not lead to any theft or disclosure
of classified information, officials said. But it delivered a
highly symbolic blow by compromising the social media accounts
of the military command overseeing sensitive operations in Iraq
and Syria during a time of conflict.
It was a reminder of the perils of social media for an
institution that prides itself on its vast security and image of
unrivalled global power.
"WATCH YOUR BACK"
The hackers posted what officials said appeared to be
authentic, but unclassified, rosters of current and retired top
brass, including some private email addresses. They also posted
messages, including: "American soldiers, we are coming, watch
your back."
Unlike most high-profile accounts, the Twitter feeds used by
Central Command were not "verified," which would have added
another layer of security and required harder-to-break
government email accounts to be set up, officials told Reuters.
Still, it is unclear such steps would have prevented the
hack, which is being investigated by the FBI and the military.
A source familiar with the inquiries said investigators were
examining whether cyber attackers sent "phishing" messages that
tricked Central Command personnel into revealing shared logins
and password information.
President Barack Obama said Tuesday's hack and others show
"how much more work we need to do, both public and private
sector, to strengthen our cyber security."
Still, hacking into Central Command's Twitter feed is far
easier - and entirely different - than gaining access to its
internal networks, something the military has devoted vast
resources to defending, analysts say.
"It's really not that difficult to gain access to someone
else's social media or e-mail account," said Michael Smith,
principal and chief operating officer of Kronos Advisory, a
private intelligence group focused on counterterrorism.
Smith said such incidents occurred often at Twitter.
In 2013 hackers took control of the Associated Press Twitter
account and sent a false tweet about explosions in the White
House that briefly sent U.S. financial markets reeling.
"Hacking a Twitter is about the equivalent of spray-painting
a subway car," a former senior U.S. intelligence official said.
Senator Dan Coats, a member of the Senate Select Committee
on Intelligence, said the incident highlighted cyber security
risks. But he said the solution was better cooperation between
the public and private sectors, not retrenchment from social
media.
"If the U.S. military - or State Department, White House,
members of Congress - stayed off Twitter, YouTube and other
social media sites because of the vulnerabilities inherent in
those services, then the terrorists win," Coats said.
