At first, It seems more embarrassing that damaging, that the United States Central Command, (better known as CENTCOM) has been hacked by pro-jihadi sympathisers. CENTCOM is responsible for US military operations in the Middle East and for a while its Twitter account showed the image “I love you ISIS” whilst tweets expressed sympathy for ISIS and the legend #CyberCaliphate. CENTCOM’s YouTube video started broadcasting pro-jihadi videos before it was quickly shut down along with the Twitter account.
The US Military was quick to say that the attack was embarrassing and an “act of vandalism”, but was not damaging? Well, no classified information or operational networks had been affected, but in this war against terrorism, the speed that images and twitter hashtags can spread is like wildfire, and images and slogans can cause damage to public reputations .
Today, the huge social sharing site Reddit.com is full of users pouring scorn on the American government’s IT security systems, especially as the account was hacked on the same day that Barak Obama announced his support for new Cyber Security Legislation. As Reddit user /r/xsaicoticx commented “Most advanced and powerful military on the planet? Their network is on par with a company whose SYSADMIN isn't paid enough and has a bad attitude and is also their bartender”.
The most important thing is that this attack shows that all companies and organisations are vulnerable to hacks against their social media accounts.
I have dealt with a company who allowed an intern to control their social media platforms on Twitter, Facebook and Youtube. When the intern’s contract was terminated, and they weren’t rehired in a paid position, the employee then walked off with their social media passwords and over the next few days posted a series of compromising and embarrassing pictures and images across the company’s official accounts. The only reason the company actually noticed that they had been “hacked” was by the fact they were alerted by a customer, who complained at the racist and sexist images appearing under their name online. The company had failed to protect their brand, and they were certainly damaged in their customers’ eyes. Forgetting to change passwords and allowing unpaid and inexperienced employees to control social media accounts is a recipe for disaster.
So what should you do to prevent similar attacks?
- Pick strong passwords, don’t use the same one for each site, and change them regularly.
- Don’t entrust your social media to an inexperienced and unsupervised member of staff. Remember this is your company’s reputation at risk – you wouldn’t expect a untrained school leaver to create your print adverts, so don’t do the same to your online advertising.
- User two-factor authentication for any online services that support it.
- Train your managers, executives and staff on the importance of cyber security and the risk of social engineering.
It’s important to remember in all of this that social media sites won’t actually tell you if you’ve been hacked. Neither do they bear any liability if you are.. Stay vigilant, regularly monitor your social media output and we’d go one further step and recommend you ensure nobody’s set up fake accounts in your company name either, as this can be just as damaging.