A high profile hack of the social media accounts for the US military’s Central Command (@CentCom) took place last week, perfectly timed to coincide with President Obama's speech on cyber security.
In what some officials have described in the national press as ‘a complete embarrassment”, the hackers not only infiltrated the Twitter account, replacing the cover and profile picture with that of a masked Jihadi with a statement ‘I love you isis’, but also managed to infiltrate their YouTube account to upload two propaganda films.
Whilst in control of the Twitter account they posted personal details about US military and also posting very worrying threats to military families. In total, it is reported that it took the US military 40 minutes to regain control.
The hack comes hot on the heels of the Sony hack attack on the lead up to Christmas, providing what is becoming a constant reminder of just how vulnerable we are to cyber attacks.
What was interesting about this attack was that the official statements did little to quash any concerns that the public at large had about the attack. For example, the Daily Mail, quoted John Earnest from the White House press office stating that there was ‘a significant difference between what is a large data breach and the hack of a twitter account’.
On paper, perhaps factually correct but the comment read as a giant dismissal of the social media issue at hand – how do we (from Government to the public at large) protect ourselves from social media security breaches? And his statement would have perhaps provided little comfort for the thousands of military families thinking that if the US military themselves couldn’t protect their own twitter account - what hope had they of locking down their personal profiles securely?
Confusing still, were the reports linked to the cause of the attack. Some referenced a hack of a ‘third party hosted service’ followed by statements implying that Twitter was an easy target, whilst others talked about a breach of the password. The latter would have been the cause of serious embarrassment for a defence establishment. The scenarios linked to passwords, could have included anything from a mobile phone or tablet device being stolen with the password to the twitter account stored, or a member of staff falling for a ‘phishing’ email or worse (and perhaps unthinkable) a rogue employee.
So the official line obviously appears to focus on a more palatable version of events – i.e. the ability to penetrate the social media platform itself. A situation we are becoming increasingly familiar with such high profile attacks like the Snappening and the celebrity picture hack of iCloud reminding us just how trusting we are in today’s digital era.
However, with all the finger pointing of blame, what is clear is that something as simple as having the Twitter account ‘verified’ and stronger ‘two pairs of eyes’ management protocols may have perhaps added another layer of security and demonstrated to the public at large that all of the appropriate steps had been taken to secure these accounts, perhaps a situation the President Obama would on reflection be pursuing with his team to ensure that all the necessary security checks are in place in future.
The story has resonated around the world, turning the spotlight on the use and reliance on social media platforms by the armed forces. The US defence team admit that there are literally thousands of social media accounts linked to their military efforts.
Military families have reported the sheer joy that social media brings in keeping them in touch with their loved ones on the front line, with the new found ability to share the trials and tribulations of family life, driving morale on the frontline. The benefits are also being demonstrated closer to home as families left behind during difficult conflicts or important times of the year (Christmas) have been able to connect and access a support network of families in a similar predicament, relieving the pressure and supporting official counselling channels.
Officials also describe the ‘official’ uses of social media as an important communications tool in keeping their frontline up to date. Here in the UK the
DUN Project (Defence, Uncertainty and Now Media) @DUNproject is monitoring British military social media accounts to understand the key topics of conversation via social media channels. They reported in September 2014 that the top three topics of conversation in early 2014 were - recruitment, Afghanistan and training, demonstrating an important use of social media in driving the public awareness and expansion of the military.
So if social media performs are a really important function for the military but is plagued with security issues why haven’t the military thought about developing their own social media platform - a military owned Facebook?
Perhaps they have? But it would be easy to overlook the cost of developing a ‘me too’ version of Facebook . Just looking at how many staff Facebook employs gives a clear indication that it might be a diversification too far with a hefty price tag attached. Then there would be the need for continuous investment to keep the technology up to speed and bug free with the evolution of the digital environment, browsers and IT equipment! And at the moment they get all of that for free by using the platforms that already exist.
But perhaps the biggest issue that a ‘self made’ platform would have and the reason that so many organisations who have had a similar thought in the past have said no to the ambitious IT team for suggesting it, is that bespoke built social media platforms fail to address the very essence of social media i.e. reach.
A picture paints a thousand words and the ability for a post to be made and shared with friends and family around the world is something that most military personal and civilians have seen become engrained culturally into family life. To take that ability away would surely leave a gaping hole in not only communication but family life? Likewise, if the DUN Project is reporting ‘recruitment’ as a key business function rather than a self made platform would be little help in reaching newcomers and the public at large!
So we believe that for now the military will stick to the existing channels, perhaps working closer with the platforms (where they can) to create more secure environments for their frontline and backroom forces alike, educating and giving military families the tools to live a ‘secure’ cyber life.
James Leavesley - CEO
CrowdControlHQ is the UK’s leading social media risk, compliance and management platform. Winner of CIR magazine - Risk Management Product of the Year (specialised) 2014
Please share our blog & tweet us your thoughts @CrowdControlHQ
To contact us for a web demo click here.