14 DAY TRIAL // The US General Services Administration (GSA) ordered an audit of the security practices used for protecting unauthorized access to social media accounts administered by government agencies.
The organization started to promote information on the two-factor authentication (2FA) security measure. This decision comes after the Twitter and YouTube accounts of the US Central Command (CENTCOM) were hijacked by a pro-ISIS group of individuals on Monday.
800 federal managers to perform independent audits
Although the take-over lasted for about half an hour, the perpetrators, operating under the name CyberCaliphate, managed to post messages and videos with ISIS propaganda. They also directed visitors to documents containing military plans and details about US Army retired personnel.
According to a statement from CentOS, the information disclosed by the attackers was not classified and could be obtained from publicly available sources.
“Immediately after the hack was noticed, GSA began widespread distribution of guidance for preparing for and responding to social media hacking, an instructional video on how to increase security with two-step verification, and asked more than 800 federal managers in the SocialGov Community to conduct independent audits of their programs and confirm the audits with their leadership,” BuzFeed learned from a GSA spokesperson.
To better pass on the message, GSA also scheduled a webinar on Thursday on how government agencies should prepare and respond to social media incidents of this kind.
2FA ensures increased protection of an online account
2FA is a simple mechanism specifically created to protect unauthorized logging into an online account, if the username and password are compromised. It relies on a third authentication code that is generally delivered to a device owned by the real holder of the account.
As such, even if an attacker has the right credentials, they still need the third code to gain access to the targeted account.
Judging by the quick reaction from GSA, it would seem that hijacking CENTCOM’s social media accounts was possible because this security measure was not enabled.
In lack of 2FA, CyberCaliphate could have compromised the assets by first taking over the email of the person administrating the CENTCOM accounts and simply changing the credentials. The same could have been achieved by simply sending a phishing email that lured to a fake Twitter log-in page.
There isn’t any real damage caused by this incident, even if the perpetrators claimed breaching US military systems and exfiltrating secret files; but it does deal a serious PR blow as far as CENTCOM is concerned.