Why we should worry about the CENTCOM hack
Top security US military operation hacked
Classified data safe, but some individuals maybe warned of personal risks
Can anyone be trusted to be secure online?
Yesterday, the US Military's Central Command Youtube and Twitter feeds were both hacked, purportedly by ISIS terrorists.
Photo credit: Official U.S. Navy Imagery / Foter / CC BY
CENTCOM were quick to put out a statement (see it here) reassuring the public that none of their operational systems had been breached, and this was only an attack on "commercial, non-Defense Department servers."
They go on to state that "initial assessment is that no classified information was posted" but then refer to "the potential release of personally identifiable information". Indeed they admit that they "will take appropriate steps to ensure any individuals potentially affected are notified as quickly as possible."
So pretty worrying for anyone personally affected, but also more widely troubling. What does this say about security standards in place within what should be one of the most highly secure parts of the world's leading superpower.
It's possible someone was careless with their password, and it simply leaked. However, that seems unlikely for military personnel so more probable is a brute force attack using extensive computer power to try multiple potential passwords. However, a successful attack of that nature implies that CENTCOM personnel were not using strong passwords - they may have been relatively short, using only letters and numbers not symbols and potentially even recognisable dictionary words. It is a shame they had not read our recent post on how to create a secure password (see here).
And given two separate sites were cracked within minutes of each other, there is also a strong suspicion that the same weak password was used for both accounts.
And that then makes you worry a little that the person who created this password may well have used it or a version of it on other more secure sites as well. I imagine quite a lot of passwords have been changed at CENTCOM in the last 24 hours.
Once again, the lessons are the same:
Don't use the same username and password combination on more than one site (Me and My ID gives you a simple way to have and record a unique username for each and every site you sign up to)
Create strong passwords with symbols and without standard words
Even organisations you think should have cybersecurity fully in place are vulnerable - they are only as strong as the weakest link in their defence.
Me and My ID is just one way to give yourself added peace of mind that all the data you share online is not at the mercy of the IT department of any one of the sites you use.