Via Foreign Policy, a fascinating story of the pair likely behind the CENTCOM Twitter and YouTube hack this week. The hack did not appear to breach CENTCOM itself. Most of the information posted was publicly available, but it was a breach nonetheless and particularly embarrassing as it happened while President Obama gave a speech on cybersecurity:
The main suspects: a group led by Junaid Hussain, a 20-year-old who moved from Britain to Syria — accompanied by his 45-year-old alt-rock girlfriend — to kick-start the Islamic State’s hacking campaign.
Prior to his arrival in Syria, British authorities already knew Hussain, who now reportedly goes by the name Abu Hussain al-Britani. He spent six months in prison in 2012 for hacking into the email account of a top aid to former British Prime Minister Tony Blair. He also cheekily blocked a British government anti-terror hotline with prank calls.
In recent years, Hussain has taken a more radical turn. He jumped bail to travel to Syria last year in an effort to join the Islamic State. There, he met up with Sally Jones, a 45-year-old woman from Kent he had met online back home, who abandoned her children to meet with Hussain. They were reputedly married in Syria; she now goes by the name Umm Hussain al-Britani…
Like all loyal cyber jihadists, the two had robust, anti-Western social media presences before being blocked. For her part, Jones, who once fancied herself as an amateur rock and roller, now chirps about beheading Christians with a “blunt knife.” She’s traded short black skirts and guitars for a burqa and an AK-47.
Hussain was also active on social media before getting shut down. He’s posted a picture of himself pointing an assault rifle at the camera with a bandana tied ominously around his nose and mouth. The young hacker also voiced support for the Michael Brown protesters in Ferguson, Missouri last year.
The two are reportedly in Syria recruiting hackers for the jihad. Abandoned her children and rock ‘n’ roll to wear a burqua and hire for the ISIS IT help desk? I cannot fathom. These two made international headlines and a mockery of U.S. cybersecurity for a day by basically typing in password123 on the Pentagon’s social media pages. Super.
The military is, ahem, tightening password security in response to the attack. Which, frankly, should make all of us very worried about what anyone in the federal government is doing to prevent more sophisticated attacks:
On Tuesday, Pentagon spokesman Col. Steve Warren told reporters that he has ordered all 50 Office of Secretary of Defense social media websites to change their passwords and increase the strength of their passwords — and offered a tip sheet to social media account administrators on “how to keep their accounts more secure.”
DoD has thousands of social media websites that it is operating in an official capacity.
Security experts say that the Central Command hack should serve as a wake-up call for military social media. “They probably could have avoided this using ordinary [password] hygiene,” Roger Kay, president of research firm Endpoint Technologies, told FoxNews.com.
Standard security procedures include the use of long passwords with multiple characters and ensuring that only a small number of people can access the accounts, according to Kay. “You want to have just one or two individuals responsible for the account,” he said. “They should be named individuals, so that if there’s a problem, you can go to those people.
Pro-tip: Two-step verification, y’all. Start with that. It’ll help keep the CyberCaliphate at bay.