The Washington PostDemocracy Dies in Darkness

Hack of U.S. military social media accounts prompts embarrassment, review

This screen grab illustrates one of the rogue messages sent from the U.S. Central Command Twitter account on Monday, Jan. 12, after its security was compromised. (Twitter screen grab)
Placeholder while article actions load

The high-profile hack of two social media accounts run by the U.S. military’s Central Command on Monday was an embarrassment, and has prompted the Office of the Secretary of Defense to direct its own social media managers to make sure their accounts are secure, a military official said Tuesday.

The accounts were hacked midday Monday by a group calling itself the CyberCaliphate. It distributed propaganda sympathetic to the Islamic State militant group and issued threats against U.S. troops. Centcom’s Twitter account, which had 109,000 followers at the time, and YouTube page were affected. It was a poke in the eye for military, which has used both accounts to distribute information about and videos of numerous airstrikes against the Islamic State militant group in Iraq and Syria.

Army Col. Steve Warren, a Pentagon spokesman, said Army Lt. Gen. Mark Bowman, Centcom’s director of communications and cyber, has launched a review into how the accounts were compromised. The FBI is also investigating, a bureau spokesman said Monday night.

Warren reiterated Tuesday that the military does not believe that the hack affected their secure computer networks handling classified information. It’s too soon to determine who conducted the hack or whose fault it was that the accounts were vulnerable, Warren said. He called it both a hack and cyber vandalism at times, although he says he prefers the second characterization better because he considers hacking more serious.

“I heard someone refer to it as a rock through a window or spray paint on a wall, and that’s kind of how we view it,” Warren said. “I don’t want to underplay it… it never needs to happen. But in this case it was more of an inconvenience, it was more of an annoyance, and certainly an embarrassment to some degree. But this is not something that compromised any of our systems, any of our networks or any of our important information.”

The first rogue tweet Monday was posted about 12:30 p.m. and the account was not suspended for about another 40 minutes. The background and profile photo of the Twitter account were both changed to show an apparent militant and the phrases “CyberCaliphate” and “i love you isis,” using one of the acronyms for the militant group.


The affected accounts were brought back online Monday night. The incident appeared to have at least one positive effect for Centcom: It increased its number of followers from about 109,000 at the time of the attack to about 122,000 as of Tuesday at 12:50 p.m.