Centcom hack: a publicity coup, not a cyber war

The attack on US military Twitter and Youtube accounts by the "CyberCaliphate" was a stunning PR victory but nothing more - but more high-level attacks could come in the future, according to analysts.
5 min read
14 January, 2015
The CyberCaliphate secured a PR coup with the Centcom hack

The hacking of US Central Command's Twitter and YouTube accounts by apparent supporters of the Islamic State group created big headlines and sent US account managers scrambling to minimise the fallout.

The hack earlier this week allowed the "CyberCaliphate" to post "ISIS is already here, we are in your PCs, in each military base" to followers of the Central Command, or Centcom, the arm of the US military responsible for Middle East operations.

It was the latest in a number of such attacks in the Middle East: The Saudi Arabian Ministry of Health's website was overrun by Muslim Brotherhood supporters in Morocco last Spring and several major media organisations have fallen prey to raids by the Syrian Electronic Army.

But are the attacks a real threat to their targets, or just an embarrassing publicity stunt?

     Any idiot can vandalise the signpost, so we have to recognise when to shrug and say, ‘so what?’

Crack or Hack?

"What happened at Centcom was more of a superficial crack than a hack," said Sarb Sembhi, the director of cyber security firm, Storm Guidance. "There was no breach of confidential information so it is embarrassing more than anything else."

Similarly, having pro-Muslim Brotherhood messages on Saudi government webpages or "Long live #Syria al-Assad" on the BBC Weather Twitter feed succeeds in mocking an adversary but exacts little actual damage.

'Cracking' social media sites is much less taxing, and much less damaging, than a hack into an internal network.

"Any idiot can vandalise the signpost, so we have to recognise when to shrug and say, 'so what?'" said Afzal Ashraf, director of Privatimus UK and Consultant Fellow, International Diplomacy at the Royal United Services Institute (RUSI).

In the recent breach of Centcom, photos, maps and contact details were posted suggesting the perpetrators had managed to get into secure areas. In fact, the data was available for any serious online digger. A sound understanding of how to use Google, rather than a proficiency in computer programming, was sufficiant to harvest the information.

"It's kiddie level stuff," said Kasper Rasmussen, a lecturer in Computer Science at Oxford University's Cyber Security Centre. "You don't even need a formal education if you spend time learning this from the internet."

Under the radar

The real threat comes not from "vandalising the signpost" but from complex hacks that pass under the radar and break into internal systems.

     The threat is very real. If anything it is being underplayed and the politically motivated threats are definitely on the rise


Major infiltrations such as the Stuxnet attack on Iran's nuclear programme or the Shamoon malware that ravaged Saudi Arabia's oil industry and Qatar's gas producers operate on a different level to the likes of the Centcom debacle or the social media coups of the Syrian Electronic Army.

"The threat is very real. If anything it is being underplayed and the politically motivated threats are definitely on the rise. Advanced persistent attacks are becoming more common and hacktivism or cyber vandalism are on the decline," said RUSI's Ashraf.

The Stuxnet virus attack on Iran's nuclear facility in 2010 was one of the most complex and audacious cyber attacks ever carried out. Many suspect US and Israeli involvement.

Iran's tightly guarded nuclear facilities were isolated from the internet to guard against infiltration, making physical infiltration necessary.

Ashraf said the creators published "mines" on the internet - small malicious programs - that then found their way into equipment used by someone working on the Iranian nulcear programme. From there, the virus did its work.

However, the consequence of this tactic was leaving the "mines" on the internet for other hackers to pick up, develop and deploy.

The malware was highly intricate and designed to attack the control systems of industrial machinery, including factory assembly lines and nuclear power stations.

The "Red October" cyber attack remained undetected from 2007 until 2013 and succeeded in stealing sensitive encrypted files from government bodies, nuclear research centres and oil and gas institutions in the Europe and North America.

     Now there is more access to hacking capabilities because more people have the skills and the technology. This is only going to grow
Like the Stuxnet attack on Iran, Red October advanced the understanding and capabilities on hacking.

"The countries and groups behind these kinds of attacks are irresponsibly fuelling a cyber arms race making all of the internet less secure," said Ashraf.

In theory, this mean that hackers such as the CyberCaliphate have access to far more damaging ways of attacking their perceived enemies.

Unknown culprit

In the vast majority of cases the perpetrators of cyber attacks remain unknown. While governments or political movements, rather than criminals, are increasingly responsible, a degree of plausible deniability is almost always maintained.

"There is always a large grey area and that is intentional.  Nobody wants to be caught out and held responsible for these kinds of things," said Sembhi.

Even with the Centcom social media attack it is not clear if IS was directly involved - rather, it was possibly a "lone wolf" acting on their own initiative.

"The news is hyping up the attacks and lending itself to an exciting online debate, but we don't really know who did it. It could be a 17-year-old teenager in Washington DC," said Dr Miriyam Aouragh, a Leverhulme Fellow at Communication and Media Research Institute at Westminster University.

Smart minds

The more sophisticated hacks are still likely to be backed by governments as opposed to movements such as IS. However, the knowledge and technology is becoming increasingly available while the financial barriers fall.

"Politically motivated attacks always existed but now there is more access to hacking capabilities because more people have the skills and the technology. This is only going to grow," warned Sarb Sembhi from Storm Guidance.

Computer-literate sympathisers of the IS or the Syrian government will continue to create headlines with PR cracks. Whether they can realise in the future significant data breaches or infrastructure damage will ultimately depend on the calibre of the minds they can recruit.