This is awkward.

“ISIS is already here, we are in your PCs, in each military base. With Allah’s permission we are in CENTCOM now,” said one tweet sent from CENTCOM’s account.

The apparent hack came as President Obama addressed the nation regarding cyber security. He is expected to propose two pieces of cyber security legislation and to address the effort in his upcoming State of the Union address.

The hackers subsequently tweeted images of spreadsheets containing the home addresses, phone numbers, and email addresses of dozens of current and former senior U.S. military officers.


The hacked Twitter page was up for a good half-hour, posting maps of foreign nuclear sites and information about American officers, before Twitter shut it down. The hacked Centcom YouTube page, which is now stocked with jihadi videos, is still up as I write this.

Is this really ISIS, though? And have they really lifted classified information from Centcom servers? Here’s one reason to doubt:

Good point. Why not call themselves the “Islamic State” or just “the caliphate”? Another reason to doubt:

Why are they passing off publicly available maps as secret if they’ve really got the goods? And why is it that they posted maps of North Korean and Chinese nuclear sites instead of information related to the Middle East? It’s odd that “ISIS” would care about the Far East. Is this really ISIS? Is it, maybe, North Korean hackers looking for payback after the U.S. imposed sanctions over the Sony hacking? Or is it some other outfit, maybe even freelancers, just looking to humiliate the White House?

Mission accomplished on the last point, at least. Stand by for updates.

Update: On second thought, I’m changing the headline so that it doesn’t claim that “ISIS” hacked Centcom. Now that I look more closely, they never refer to themselves as ISIS; the ISIS reference, as you can see in the image tweeted by Soufan, appears to be part of the phrase “i love you isis.” The hacker’s calling himself “CyberCaliphate.”

Update: The most disturbing reveal on the hacked account was a list of U.S. officers that apparently included their home addresses. (I didn’t see it myself.) If this is all a prank using publicly available info, where’d the hacker get that list?