Whilst Obama delivered a speech on cyber security at the Federal Trade Commission, Twitter and YouTube accounts belonging to US Central Command were hacked by a group supporting the Islamic State (IS). Ironic, as his speech called for better data protection and disclosure about security breaches. And embarrassing?
In a statement Centcom said that the hack was,
“… a case of cyber- vandalism”, “These sites reside on commercial, non-Defense Department servers and both sites have been temporarily taken offline while we look into the incident further.”
Centcom were right to downplay the hack. It’s been widely reported that the various documents shared on Twitter that appeared to reveal confidential information, were already in the public domain. No physical damage was done, and as this is Twitter we’re talking about, there is no real compelling evidence to say that this really was IS.
From a corporate communications standpoint, the hacking of Centcom’s social media profiles represent a potentially devastating reputation issue. The @CENTCOM Twitter account boasts 121,000 followers, regularly publishing rich media about recent operations. For example, a recent YouTube video shows an airstrike being conducted against three IS warehouses.
The US were fortunate to have their Twitter account hacked so obviously by an IS support group. The tactic deployed could suggest amateurs were working behind the scene. A more subtle, and reputational devastating hack, would perhaps have been an intelligent shift in Centcom’s messages. To 121,000 people, phishing links could have been shared that planted computer viruses, data could have been stolen from users, computers hijacked. Alternatively the account could have published IS propaganda, showing the devastation the West may have caused civilian populations.
Yet, what was the purpose of this hack? The group published the addresses of retired army generals, tweeting “AMERICAN SOLDIERS, WE ARE COMING, WATCH YOUR BACK!” Revealing information that could easily be perceived as top secret (we now know it was public domain material). The aim here was to generate fear; that you are unable to escape the terrorism of IS.
This is pure and simple propaganda. Terrorism is born from various ingredients of certain messaging that together forms the emotionally charged noun ter-ror-ism. Violence will be used or suggested to achieve a political goal. It’s incredible that even in Twitter’s 140 characters, terrorism can be expressed. That perceptions can be generated.
Imagine the corporate damage that could be caused if JP Morgan’s Twitter account was infiltrated. What could environmental groups post on the Twitter feed of a fracking group? In a Machiavellian move, what could one corporate competitor plant on another’s Twitter feed? This US hack dealt in changing perceptions, this isn’t new; it’s public relations.
Did the IS support group achieve their goal in this case? Perhaps. The wanted to generate fear, and unless it was for the mainstream media’s settling statements, they could have succeeded.
More importantly, what does this hack tell us about corporate communication? Faster action was needed. The hack lasted for 30 minutes before Twitter suspended the account. Beyond this there are important questions about Centcom’s security procedures and their communication response to the crisis (which was a traditional media statement).
This wasn’t a terrorist attack, it was a corporate case of cyber vandalism. Something every corporation can protect against.