US Central Command Hack: A Warning for High-Profile Accounts

A group referred to as “Cyber Caliphate” hacked into the Twitter and YouTube accounts of the United States Central Command (USCENTCOM or CENTCOM), which was reportedly compromised for approximately 30 minutes on Monday. Security concerns were raised as US authorities investigate the possible cause of the breach, which possibly includes simple password guessing.

CENTCOM has since tweeted that they've regained control of the account after temporary suspension and dismissed the hack as an act of cyber vandalism via a news release saying, “CENTCOM's operational military networks were not compromised and there was no operational impact to U.S. Central Command.” The release further ensured that “no classified information was posted and that none of the information posted came from CENTCOM's server or social media sites.”

The CENTCOM Twitter account has over 109,000 followers and has posted more than 3,600 tweets. With a relatively high social influence on topics related to the “Afghanistan”, “military”, “military defense”, and “veterans” tags, the account is an active source of information for its followers.

Despite its influence, the CENTCOM Twitter account was not verified, as revealed by a spokesman to various news portals. Verifying Twitter accounts is one way by which high-profile accounts can establish proof of identity, and as such, users with verified accounts should likewise be more responsible in securing their accounts.

[Read: FAQs about verified accounts]

Verifying accounts, however, is not the panacea of social media security. The spokesman also detailed the lack of additional security measures like two-factor authentication for the account.

Now that cybercriminals are equipped with the technical know-how, motivation, and sophisticated tools from the cybercriminal underground economy, enhanced security for online accounts should be considered a top priority, especially for those that garner global attention. Thousands, even millions, of potentially trusting followers of popular social accounts are put at risk when cybercriminals exploit them for their malicious goals.

Breached high-profile accounts could pass the following risks to their followers:

  • Malware infection via poisoned links
  • Spammed tweets in social feeds
  • Loss of personal information from phishing scams
  • Public shaming of specific individuals or groups
  • Dissemination of wrong, fear-mongering information to the general public

[Read: How Cybercriminals Abuse Twitter, What They Get from It, and How to Stay Safe ]

Setting Social Media Security for High-Profile Accounts

Operators of high-profile social accounts in public platforms need to consider the following best practices to ensure their followers’ digital security:

  • Use a strong and unique password for each social media account. Follow these guidelines for creating strong passwords.
  • Use a password manager when handling multiple accounts.
  • Use and explore secondary authentication methods, such as two-factor authentication (2FA) or biometric technology, to add layers of security in your accounts.
  • Take advantage of security options from social platforms, like verifying accounts for Twitter.
Install security patches and regularly scan for threats especially in machines or devices used to log into social accounts.

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.