Yes, most 12 year old children could probably figure out how to hack a Twitter feed. But yesterday, the “Cyber Caliphate”— allegedly connected with the Islamic State of Iraq and al Sham— managed to gain access to social media accounts of US Central Command, responsible for American security interests in the Middle East.
Ok, they've got our attention. And the message is: "we are tech savvier than you thought, and we want to do more." The timing of the intrusion a week after the gruesome attacks in Paris is also not lost on us.
So, what is the Cyber Caliphate? We don’t know much. But some suggest that the ringleader is Briton Junaid Hussain who was once imprisoned for hacking into former Prime Minister Tony Blair's assistant's Gmail account. Hussein has been connected with a group of hackers called Team Poison, which claims to have gained unauthorized access to the networks of Blackberry and NATO and teamed up with “Anonymous” to infiltrate banks. Other reports indicate Hussain recruits digital experts to come to Syria and Iraq to join ISIS. If accurate, this is extremely concerning.
The CENTCOM hack matters because it demonstrates that the Cyber Caliphate’s skills are developing. No, the group didn’t access classified systems or even unclassified ones. What’s more likely is that the group picked CENTCOM for a different reason – because it would get more attention than the previous intrusions they’ve claimed. In the past month, the group twice hacked the Albuquerque Journal: once on Christmas Eve (the website) and once last week (the Twitter account). The group also swapped out the main headline on New Mexico’s Mountain View Telegraph website and broke into Maryland's WBOC 16 tv station website and Twitter feed. Changing headlines on a website is more complex than just obtaining a password and sneaking into Twitter. It's serious enough that the FBI is investigating.
It's easy to miss blips on the digital radar when there are so many, but if our miscalculation about the kinetic capabilities of ISIS is any measure, we ought to pay attention to the CENTCOM hack. There’s been lots of chatter online about "cyberjihad" and "digitaljihad." For months, we've seen messages boasting about advanced capabilities, better encryption and that cyber attacks against critical infrastructure in America and elsewhere are coming. ISIS's social media sophistication is impressive, and this online network is ready-made for seeking out sympathetic supporters with coding expertise.
Last year, the former head of McAfee David DeWalt told the Financial Times that "We've begun to see signs that… terrorist organizations are attempting to gain access in cyber weaponry." Software exploits can be bought relatively easily online. How to use them is the hard part, but if those behind the Cyber Caliphate have better skills than we give them credit for, we need to act now. Thankfully, earlier today the president provided Congress with another draft cyber security bill; hopefully politics won’t get in the way.
It's one thing to publish slick and engaging online magazines like Dubiq and even to use hashtags effectively to attract attention. It's quite another to actively infiltrate websites and take over Twitter accounts. Even if the Cyber Caliphate isn't directly related to ISIS (which it seems to be), the fact that someone wants to help this terror group with its digital offense is sobering. Those of us tracking the electronic capabilities of terrorists have been anticipating this moment — with dread— for some time. Today, it's just a non-violent intrusion into Twitter. Tomorrow, it could be much more complicated. We've got to actively prevent scenarios that could be much worse.
Meg King is the Strategic and National Security Adviser to the President & CEO of the Woodrow Wilson International Center for Scholars. The views expressed in this piece are solely those of the author.