CENTCOM's Twitter profile was changed to read "CyberCaliphate / I love you ISIS," and tweets were posted stating, "American soldiers, we are coming, watch your back," and "ISIS is already here, we are in your PCs, in each military base."
Soon after, the Twitter account was suspended, then returned to CENTCOM's control with a tweet stating, "We're back! CENTCOM temporarily suspended its Twitter account after an act of cybervandalism."
The hackers also tweeted images of PowerPoint slides, claiming they were sensitive documents stolen from Pentagon networks, but all of the files posted were publicly available documents.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
General Lloyd Austin III, commander of CENTCOM, responded by sending a letter to servicemembers and their families stating, "I recognize that this has caused significant angst among family and friends who are understandably concerned about their loved ones’ safety. I want to personally reassure you that we are taking this matter very seriously and we continue to take all possible measures to keep our personnel safe."
In a statement published following to the attack, CENTCOM said its operational military networks were not compromised, and there was no operational impact to CENTCOM itself. "We are viewing this purely as a case of cybervandalism," the statement said. "In the meantime, our initial assessment is that no classified information was posted and that none of the information posted came from CENTCOM's server or social media sites."
Still, Lance Cottrell, chief scientist at Ntrepid, said by email that attacks like these can have a significant impact, like the 2013 breach of the Associated Press Twitter account claiming there had been explosions at the White House, which caused a brief plunge in the stock market.
In this case, though, the hackers didn't do anything that drastic. "There was clear potential for similar harm from this kind of attack, but it was not taken advantage of," Cottrell said.
NBC News reports that following the breach, the Office of the Secretary of Defense ordered that the passwords for 50 social media accounts controlled by the Secretary's office be changed, that all procedures for managing its social media be reviewed, and that account administrators be advised on how to protect the accounts.
Rapid7 global security strategist Trey Ford told eSecurity Planet by email that while two-factor authentication is available for Twitter accounts and would have blocked an attack like this, "it is normal for shared PR accounts like this to lack that additional layer of security, making them an easier target."