Cyber Incident Victim: US Central Command
Date:
Jan 2015
Location:
United States of America
Summary
The US Central Command's Twitter and YouTube accounts were compromised by a group supporting Islamic State, resulting in threatening messages and the posting of non-classified internal documents, including military personnel contact details, basic maps, and presentation slides. The military command characterized the incident as cyber-vandalism with no operational impact or sensitive data exposure, though it coincided with a presidential address on cybersecurity vulnerabilities. While the breach prompted operational reviews, officials assessed it as an embarrassment rather than a significant security threat, attributing it to compromised social media credentials rather than systemic network infiltration.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On January 12, 2015, the US Central Command (Centcom) experienced a compromise of its official Twitter and YouTube accounts by individuals claiming affiliation with Islamic State (ISIS). The hackers posted multiple messages on Centcom’s Twitter feed, including threats directed at American soldiers such as "American soldiers, we are coming, watch your back," accompanied by signatures referencing ISIS. The attackers also disseminated internal military documents via the compromised Twitter account, including PowerPoint slides, maps, and lists containing names and phone numbers of military personnel. These documents included basic maps of North Korea highlighting population centers and nuclear sites, maritime defense slides related to China’s coastline attributed to MIT’s Lincoln Laboratory, and the Pentagon mailing address of General Martin Dempsey, Chairman of the Joint Chiefs of Staff. Centcom’s YouTube account was similarly breached, though specific details of the YouTube content were not elaborated in available reports. The US military suspended both accounts within hours to contain the incident, restoring visibility to the Twitter feed by the end of the day, though it remained inactive.
Centcom characterized the incident as “cyber-vandalism,” emphasizing no classified information was exposed and no operational impacts occurred. A Pentagon official anonymously acknowledged the breach as an embarrassment but not a security threat, noting the leaked materials lacked sensitivity and mirrored publicly available information from think tanks. Cybersecurity expert Professor Alan Woodward assessed the attack as a “slip” rather than a major breach, attributing it to compromised credentials of an individual managing the account. The White House confirmed an investigation into the incident, with spokesman Josh Earnest distinguishing between significant data breaches and social media account compromises. The hack coincided thematically with President Obama’s same-day speech on national cybersecurity vulnerabilities, though no direct operational link was established. Centcom indicated the incident would prompt a review of security protocols for public-facing digital assets, particularly regarding access controls for non-classified communication platforms. No further intrusions into Centcom’s classified networks or systems were reported in connection with this event.