A Look Back in Review: Analyzing the CentCom Hack

When Twitter and YouTube accounts belonging to the military’s US Central Command were hacked, the Pentagon brass quickly dismissed the hack as nothing more than “cybervandalism,” or a “cyberprank.”  However, the opinions of cybersecurity experts vary on the impact of what appeared to be a  “trivial hack.”  I have compiled views from both sides and provided links to read more.

CentCom Hack Should Be Taken More Seriously:

• Damages Through Perception: Writing for the dailysignal.com, James Carafano, an expert in national security and foreign policy challenges, argues that the CentCom attacks need to be taken more seriously.  According to Carafano, the focus should not be on the severity of the attack itself but rather the perception of weakness created by the attack.  Read his reasons here.
• Damages Through Reputation: In a Bloomberg article titled “The CentCom Hack Was No Joke,” the author explains that this type of hacking is an efficient vehicle for damaging reputations, rather than causing any  actual damage.  Quoting Lance Cottrell, a online privacy specialist and chief scientist at the computer-security firm Ntrepid, the article notes that “[t]he attackers are winning because of the attention they are getting rather than because of any actual damage from the attack . . . the message this sends is that official accounts on non-official platforms are highly vulnerable.”  The article goes on to explain the non-obvious ways the hack caused damage, including the potential exposure of malicious software to soldiers’ computers.  For the full article, click here.
• Damages in Varying Degrees: Peter Brookes wrote an article on the damages caused by the CentCom attack which appeared in the Boston Herald and is now accessible on DailySignal.com.  In his article, he reminds his readers that the source of the hack is not entirely clear, adding that a nation-state could have sponsored this attack.  Brookes goes on to point out the potential damages of the hack: some personal information of high ranking personnel may have been disclosed, the disruption undoubtedly distracted some element of the command from its duties for a period of time, a misunderstanding of the gravity of the event might prove to be a significant public relations victory for the Islamic State, the created perception of vulnerability might push unsure recruits to join various terrorist groups, and the seeming alarm caused by the hack might encourage more attacks of this kind.  Read more on what Brookes describes as a cyber “sting” here.

CentCom Hack is Not a Big Deal:

• Hacktivists vs. Nation-States: An article by TechWorld describes the difference between hacktivist and nation-state cyberattacks, and explains why that difference is so important when analyzing these attacks.  According to the article, because of these difference we should place our focus on nation-state attacks rather than CentCom style hacks.
• No Big Deal, It Happens all the Time: According to Slate.com, hackers try to launch assaults on Defense Department computers and networks hundreds of times a day, and while some are serious: “this one is not.”  Comparing the hack to tearing down a poster hung up by CentCom, the article quotes Matthew Devost, president and CEO of cybersecurity firm FusionX LLC, who calls the intrusion “embarrassing” but “harmless.”  The Slate.com author agrees, describing the hack as “a harmless nuisance, [and] a distraction from the real set of issues revolving around both cybersecurity and ISIS.” Read the full article here.
• DoD: No Effect on Social Media Policy: Defense Department officials have no plans to reevaluate policy on the use of social media, according to a DoD spokesperson quoted by C4IRSnet.com. Other than changing passwords, no real strategic considerations were considered.  The article quotes Jack Holt, a former DoD senior strategist for emerging media who now runs his own communications consultancy: “The true point of this is not much more than somebody basically interrupting a conversation.” To read more on the reasons behind the continued policy, read the full article here.

Finally, for those looking for an article that falls somewhere in between the two views, click here for Mashable’s report titled: “The CentCom hack wasn’t a big deal, but don’t scoff at ISIS hackers just yet.”