ISIS breaks into Pentagon accounts

This post is also available in: עברית (Hebrew)


The White House could not be more embarrassed. While President Obama was presenting the bulk of his IT security plan, the Islamic State, aka ISIS, succeeded in breaking into the Pentagon’s Twitter and YouTube accounts. The same time President Obama was delivering his statement, those compromised accounts were featuring pro-Islamic messages and internal files.

CyberArk Innovation Manager Andrei Dolkin told iHLS he was hardly surprised by this latest development. “ISIS, along with the Free Syrian Army, have exploiting the security breaches of social media networks on a regular basis, in the framework of their efforts to embarrass their enemies and undermine them,” he explains. “The primary issues with these accounts is that their security is not privilege-based, unlike the organizations’ own IT systems. Though these accounts probably do not comprise classified material, the image damage they may perpetrate can be no less damaging.”

Dolkin says this was not the first time social media accounts had been hacked into in order to wreak damage on a major scale. Two years ago, British musical giant HMV terminated numerous employees. The company’s dismissed social media manager took advantage of her access to company accounts in order to defame her former employers.

Register to iHLS Israel Homeland Security

Moreover, most organizations do not manage their own social media account directly, but rather outsource this issue. “The companies’ employees do not adhere to password security but rather tend to use the same passwords for various accounts,” reveals Dolkin. He further adds “when you also take into account the fact the team updates the passwords only rarely, this entire approach to IT security makes these social media accounts particularly vulnerable. An organization which would not realize how sensitive this issue is, and how important these account are, could fall victim to hackers.”

Pentagon sources confirmed this was an “embarrassing” event. Nevertheless, they noted the hack had no comprehensive security implications. Reportedly, Centcom, US Central Command, said no communications met with any issues, no passwords and no data was stolen, and no military operation had been compromised.

A White House spokesperson said there are ongoing efforts to trace additional hacks and noted that “there is a difference between hacking into a Twitter account and stealing major databases.”

The FBI has already launched an investigation, together with Pentagon law enforcement agencies.