According to a Reuters report, US and European investigators believe that Junaid Hussain is the leader of a group which, on Monday, took control of the Twitter and YouTube accounts belonging to US Central Command (CENTCOM). These accounts have typically been used to offer updates on airstrikes against ISIS but hackers have since used the accounts to issue threats against US military and tweet images of purported internal documents – a move which is intended to suggest the Pentagon's internal networks have been breached.
20-year-old Hussain, who was jailed for six months in 2012 for hacking into the address book of former Prime Minister Tony Blair, is believed to be the main user of a Twitter account linked to CyberCaliphate (the account was suspended on Tuesday) and reportedly moved to Syria in 2013 in order to kick-start ISIS' efforts in cyber-space.
Alex Kassirer, an analyst with Flashpoint Global Partners, told Reuters that the Birmingham-raised Hussain - who has reportedly threatened to hack the bank accounts of the UK's rich and famous to fund ISIS activity - recruits hackers for the group's “digital terrorism” efforts, pointing to a number of ads that the group has posted on extremist websites.
Sean Sullivan, security advise at F-Secure, told SCMagazineUK.com that the Finnish firm started tracking Hussain some six months ago, after engaging in a conversation with him on Twitter following his alleged involvement with Team Poison, a team of hackers who claimed to have gained unauthorised access to the networks of BlackBerry.
“You could see he was a kid looking for something to believe in, to be associated with. He was literally a rebel without a cause,” said Sullivan, who said that the two spoke on Japanese philosophy and Hussain's belief that 'knowledge is power'.
CENTCOM oversees US military actions in the Middle East, but a spokesman has said that no classified or sensitive information has been compromised. Spokesman Army Colonel Steve Warren said the attacks were “inconvenient and an annoyance. But that's all it is.”
CyberCaliphate is also believed to have hacked the Albuquerque Journal in New Mexico and Delaware television station WBOC.
Shortly after news of the attack emerged, US President Barack Obama unveiled new proposals to strengthen cyber-security laws in the country. These suggestions are being sent to Congress today.
Andrey Dulkin, CyberArk's senior director of cyber innovation, told SCMagazineUK.com that the CENTCOM attack proves that social media remains an overlooked threat
“Shared privileged accounts, which include social media credentials, are a commonly overlooked threat,” he said via email.
“This is compounded by the fact that many enterprises have numerous social media accounts on Twitter, Facebook, YouTube and LinkedIn; often with unique accounts for different product lines, languages, countries and stakeholders. What's more, they are often managed by third parties, which makes it even harder for the organisation to track and protect. With passwords for these accounts being shared among teams, it makes for an easy target, not least because there is no record or accountability for each individual post. To make matters worse, the same password is frequently used across multiple accounts, and often the passwords are rarely changed.
“Lax security opens the door for malicious hackers, as well as rogue current or former employees, or disgruntled social media agency members.
Trey Ford, global security strategist of Rapid7, added in an email to SCMagazineUK.com: "Attackers appear to have seized control of the @CENTCOM Twitter account - and while strong ‘multi-factor' login controls exist, it is normal for shared PR accounts like this to lack that additional layer of security, making them an easier target. The account has now been suspended, indicating this compromise was real and US Centcom is now taking back control.
“The account compromised was timed with the release of a couple of sensitive documents on Pastebin, which appears to have been designed to intimidate US soldiers. One thing to note: the Sony document dumps were laced with malware, and I expect these files may also be part of a targeted malware campaign targeting military analysts and their families."
In a blog post, Tim Holman, CEO of pen-testing outfit 2-Sec, detailed his own recent example of a social media attack where a third-party was to blame. “I have dealt with a company who allowed an intern to control their social media platforms on Twitter, Facebook and YouTube. When the intern's contract was terminated, and they weren't rehired in a paid position, the employee then walked off with their social media passwords and over the next few days posted a series of compromising and embarrassing pictures and images across the company's official accounts.
"The only reason the company actually noticed that they had been “hacked” was by the fact they were alerted by a customer, who complained at the racist and sexist images appearing under their name online."