On Monday, January 12th, the official Twitter account & YouTube channel for US Central Command or CENTCOM were hacked by ISIS supporters. Pro-ISIS propaganda appeared on @CENTCOM Twitter homepage warning “American Soldiers, we are coming, watch your back. ISIS.”
@CyberCaliphate account is currently suspended but claims to have hacked the US Central Command Twitter account. Besides the typical threats, there were links to documents that appeared to be confidential files stolen from American military computers. One of the Tweets was a list of US military personnel including a phone number listed as belonging to the former General of the former chief of both CENTCOM and the National Security Agency. The hackers also published a document from MIT referring to U.S. intelligence, surveillance, and reconnaissance regarding China.
All of the accounts involved have been suspended until an investigation concludes they can be safely re-activated. You might remember that just 1 week earlier, Cyber Caliphate hacked the Twitter accounts of Fox & CBS News claiming there would be more attacks in the future.
You Are Next
By all accounts, terrorist groups like ISIS as well as anarchist hacktivist groups like Anonymous are waging a successful war against the powers that be. This might not directly affect your average citizen or small business but the methods they use to wage war all come back to best security practices that we all need to follow. Anyone on the grid or internet is vulnerable to the same kinds of attacks from these or any groups.
Here are a set of tips to follow that apply to Twitter as well as any password protected account on the internet you would like to keep private.
1) Use Strong Passwords to prevent being the victim of hacks. Twitter encourages a Minimum of 10 characters but longer is better. I recommend 15 characters minimum using upper/lower/numbers/symbols. Do not use common dictionary words and do not reuse passwords across multiple web sites.
2) NEVER use personal information such as phone numbers or birthdays.
3) Use login verification (also called two step authentication) whenever available. This additional step can be annoying but is another layer of security protection.