Yesterday, the verified Twitter account and the YouTube page linked to United States Central Command were hacked by a group claiming to be the Islamic State. The hackers immediately began posting threats and propaganda, as well as American military documents to CENTCOM’s social media accounts.

While CENTCOM did confirm that hackers had improperly accessed these accounts, they claimed that the documents released — including the names and addresses of American military officers – were not classified. “CENTCOM’s operation military networks were not compromised and there was no operational impact to U.S. Central Command,” a statement released by the U.S. military read.

But the so-called ISIS hackers also exposed a few careless tells indicating that they were not necessarily Islamist militants with some information technology expertise.

The hackers claimed they were representatives of “ISIS,” a term that the actual representatives of the Islamic State abhor. The hackers released unclassified American military preparations for conflicts in Northeast Asia against North Korea and China, a region of little concern to militants in the Middle East. And, according to The Daily Beast, the hackers were big fans of “American folk-punk.”

“And there are early signs that the Cyber Caliphate may be more of a ruse than a group of hardline Islamic extremists,” The Daily Beast report read. “One of the seven Twitter accounts it followed was ‘Andrew Jackson Jihad,’ a folk punk bank from the American Southwest.”

As this report speculates, it is possible that these subtle indications that ISIS was not behind this attack might be a ruse. The ISIS-linked hackers may have been cleverly throwing investigators off of their tracks. But this defeats the purpose of a terrorist act. Terror organizations go out of their way to claim credit for spectacular assaults on institutions previously believed to be secure. It would be counterproductive to hack CENTCOM and then to cede the credit for that assault to another organization.

So if a group inspired by ISIS wasn’t behind the hack, who was? It could be a group with its own political agenda, like the pro-Assad Syrian Electronic Army. The hacker crew has targeted CENTCOM in the past. Perhaps this time, it used ISIS as a smoke screen to throw off the authorities.

Whoever was behind the hack, it was a troubling security breach for the Pentagon, though not one that seemed to cause much real damage.

Well, whoever was behind this attack, they had a keen interest in the security situation in and around North Korea. Given the recent high-profile hacking of Sony Studios, which purportedly involved actors from that region, it is reasonable to start investigating this cyber-attack there. On the other hand, the “Cyber Caliphate’s” interest in both American culture and in police tactics related to the anti-government protests that sprung up in the wake of the Ferguson riots also suggest that these hackers may be domestic in origin.

In either case, the group behind the hacking of CENTCOM’s social media accounts on Monday is probably not based in Mosul or Raqqa.