Syrian Electronic Army attacks CENTCOM, but US Central Command denies it was hacked

After claiming that the U.S. intends to unleash cyber warfare on Syria, the Syrian Electronic Army tweeted “proof” that it breached U.S. Central Command systems in response to “Obama’s decision to attack Syria with electronic warfare.” A few weeks ago, SEA tweeted cyberattack threats to topple CENTCOM like a “house of cards” if the U.S. launched cyberattacks on Syria. Then on Friday, SEA tweeted:

SEA hackers targeting CENTCOM

The next tweet was: "This is part of an on-going operation and we have already successfully penetrated many central repositories." It contained a screenshot that allegedly proves SEA gained access to Army Knowledge Online (AKO) servers.

Syrian Electronic Army screenshot of access to Army Knowledge Online servers

The screenshot shows the AKO directory with access to Department of Defense organizations and Air Force operations, particularity a “Fleet Forces Command” folder with 21,866 files.

A few moments later, SEA added, “In the coming days we will update you with specific details and hundreds of documents that the #SEA has obtained.” Your guess is as good as mine as to whether that means CENTCOM. SEA hackers seem to be almost constantly attacking someone and rarely claim to have compromised an entity without backing it up with screenshots of the breach.

AKO provides “web-based enterprise information services to the United States Army, joint, and Department of Defense customers. Enterprise services are provided to these customers on both classified and unclassified networks, and include portal, e-mail, directory, discovery, and single sign-on functionality. All members of the Active Duty, National Guard, Reserves, Army civilian, and select contractor workforce have an account which grants access to Army web assets, tools and services worldwide.” Back in 2001, Wired called AKO "the world's largest intranet."

AKO Army login SSL error

After receiving an SSL error when trying to reach akologin.us.army.mil, warning "the site's security certificate is not to trusted," you see Terms of Service that must be accepted before accessing AKO "information system" that "is approved for unclassified data." It remains to be seen if the SEA attackers were able to breach classified systems.

AKO TOS to login to system for unclassified data

Totally bogus” is what CENTCOM spokesperson Oscar Seara called the SEA’s claim of breaching CENTCOM’s system.

Bob Gourley, former chief technology officer for the Defense Intelligence Agency (DIA), told The Tampa Tribune that, at most, “any access that SEA would have would be to unclassified areas and not the secure computer system called SIPRNET. Any entry would cause embarrassment, not a security concern.”

If the breach were true, Gourley would only make sure security patches are up-to-date and ask admins to change passwords. “It is a low-level response to a low-level threat,” he added.

Shortly after TBO published the article in which CENTCOM denied being hacked, SEA tweeted, “We didn't publish everything we have and the operation is still on-going so don't assume you what don't yet know.” That's an exact quote, but you can grasp the general idea.

Three days later, SEA has not tweeted anything more about CENTCOM. In fact, yesterday the hackers seem to be pointing fingers at Microsoft and what the Redmond giant allegedly charges the FBI to “spy on your emails.” The pro-Assad hackers have whacked Microsoft twice so far in 2014 via Microsoft’s various social media accounts.

As an FYI, AKO currently “has 2.3 million registered users, and supports over 350K users logging in up to a million times a day as well as receiving and delivering on average 12 million e-mails daily.” Many attacks are highly targeted and begin with spear phishing and social engineering campaigns. So even if SEA employed those tactics, it wouldn’t have been the only spear phishing e-mail hoping to lead to juicy access that some U.S. Army employees received.

Phishing e-mail caused panic, traced back to US Army as security test

“An ominous e-mail message landed in the inboxes of a small group of U.S. Army employees last month, warning of a security breach in their federal retirement plans and urging them to log in and check their accounts,” reported The Washington Post. Although the “Thrift Savings Plan Alert: Passcode Reset” e-mail was a fake, the kicker is that it was sent by an “Army combat commander, acting on his own authority to test whether anyone on his staff would fall for the trick.”

In the process of sussing out internal vulnerabilities, though, the commander sowed panic across the government: Employees forwarded the e-mail to thousands of friends and colleagues at the Defense Department, the FBI, Customs and Border Protection, the Labor Department and other agencies.

Even the Pentagon’s Chief Information Office, which oversees computer networks across the military, was unaware of the phony e-mail. 

It took three weeks to trace the fake e-mail back to Army command. During that time, investments plummeted for Thrift Savings Plan (TSP), which "holds the 401(k)-style portfolios of most federal workers." Executive Director Greg Long said, “While I can see how that particular test served the interests of the Department of Defense, that’s not my concern. Anything that causes our participants to question whether their account is safe and secure damages our interest.”

The “good news” is supposed to be that no one clicked on the fake TSP site or had their personal or account info compromised. Although such cybersecurity tests are “common practice,” this one became an embarrassment. Plenty of people are ticked and one expert called the government “bullies” who are “just pushing us around and using us for guinea pigs.”

The Post added that cybersecurity test e-mail raised the question of: How far should the government go with quality control to protect against cyber-threats? “In hindsight, all agree” that “testing security by toying with federal employees’ nest eggs” is a tactic that “should be off-limits.”

FREE Computerworld Insider Guide: Five IT certifications that won’t break you
Join the discussion
Be the first to comment on this article. Our Commenting Policies