1. Military

Jihadi posting on Internet is latest effort in fear campaign, experts say

In an online posting this week, jihadis boast about the temporary takeover of the Twitter and YouTube accounts of U.S. Central Command, based at MacDill Air Force Base, in January 2015. 
In an online posting this week, jihadis boast about the temporary takeover of the Twitter and YouTube accounts of U.S. Central Command, based at MacDill Air Force Base, in January 2015. 
Published Jul. 30, 2016

The latest salvo in the jihadi cyber war against the United States was fired Thursday via a social media posting from a group supporting the Islamic State.

The posting, in the form of an infographic, bragged about successful attempts to hack into U.S. Central Command's social media sites and of online jihadi "kill lists" aimed at inspiring "lone wolf" attacks. The target: State Department employees and more than 10,000 U.S. troops.

The online campaign, according to a group that monitors jihadi organizations, may have helped incite attacks like the July 14 truck massacre in Nice, France, that killed 84 and the Tuesday attack on a French priest whose throat was slit inside a church.

"Altogether, these entities contribute to (the Islamic State's) persistent machine of threats and incitements," said Matt Ortiz, head of the Dark Web and Cyber Security department at the SITE Intelligence Group. "These recent attackers were all likely influenced by this wave of incitements, just as other attackers have been.''

The online battle has been going on since the attacks on Sept. 11, 2001, with jihadi groups using the Internet for propaganda, to raise funds, to gain recruits and increasingly to order and inspire attacks. ISIS in particular has raised the stakes in cyber warfare with its sophisticated messaging campaign.

Showing off jihadi hacking and targeting capabilities is designed to spread fear, according to SITE, especially among civilians who are increasingly being targeted.

The jihadis are meeting that objective, one Tampa veteran said.

"The asymmetric warfare tactic to broadcast the names, social media profiles and home addresses of U.S. servicemen … is beyond troubling," said Dan O'Shea, a former Navy SEAL and chief operating officer of Sc2 Corp., a Clearwater company that mines and analyzes social media like the jihadi postings.

O'Shea said the postings "show the global scale and scope of the danger of the Islamic State cyber capability."

But they also show a relatively low level of hacking expertise, according to a Clearwater cyber security firm, KnowBe4. And bluster. CentCom, headquartered at MacDill Air Force Base, was last hacked in January 2015.

The infographic was posted Thursday on the Telegram channel of "Yaqeen Media," a group that supports the Islamic State but has no official ties to it.

It includes boasts about older incidents and more current ones. The hack of CentCom 18 months ago was a temporary takeover of the command's Twitter and YouTube accounts. But the "kill lists" have been spread online more recently.

The Telegram channel posting, in English and Arabic, extols the work of the United Cyber Caliphate, one of several groups purporting to wage cyber war for the Islamic State. It was one of their associated groups, the Cyber Caliphate, that carried out the CentCom hack.

A United Cyber Caliphate attack on a Nigerian website in May exposed the personal information of more than 1,100 people, many of them Americans. That prompted the FBI to send out a warning.

When asked Friday about the latest posting, FBI spokesman Matthew Bertron said the bureau is working with local, state and federal partners "to address any online posts of a threatening nature and to keep the public informed of potential threats." He declined to elaborate.

The latest posting was designed to legitimize United Cyber Caliphate and spread propaganda about the hacking abilities of the Islamic State, said Ortiz, the SITE expert. It also illustrates the disturbing trend of targeting random civilians in addition to more traditional targets like military and law enforcement personnel.

The "kill lists" have come with dire instructions, according to a SITE report.

A May 14 posting about killing Texans stated, "We want them dead." The group also threatened to release additional names of State Department workers, saying, "We will kill you all." In an earlier posting, the group threatened State Department employees on its kill list with another ominous message:

"Watch your windows very well. The #FBI can't help you. We will drink from your blood."

Though there has yet to be any physical attacks in the United States as a direct result of the lists, Ortiz said SITE compiled its report because of heightened alert among government agencies and the public.

Officials at CentCom said their social media sites haven't been compromised since the last attack, which never threatened the military's secure communications systems.

The hacking efforts show a range of skill, according to SITE and KnowBe4, the Clearwater-based cyber security firm.

While some of the names on the kill list appear to have come from public records, "the lists appear to be compiled via nonpublic sources, especially when factoring what would be immense labor and difficulty required to manually compile the information via those public records," the SITE report said.

Stu Sjouwerman, founder and CEO of KnowBe4, said the recent Telegram posting contained information compiled by low-skilled hackers.

"They are nothing special," Sjouwerman said of the hacker groups' ability to glean information on troops, government workers and civilians.

Still, they've created trouble in Tampa and beyond.

Before CentCom shut down its accounts for several hours, the hackers posted what MacDill officials said was unclassified information that included names and addresses of retired U.S. military general officers, PowerPoint slides about military operations in Asia and threats against U.S. military personnel.

The command, which oversees U.S. military operations in Iraq, Syria, Afghanistan and 17 other nations in the Middle East and Southwest Asia, treated the incident as "cyber vandalism."

No classified information was posted, nor did any of it come from CentCom's server or social media sites, according to the command, which said it notified the Pentagon and law enforcement about the personal information released.

Contact Howard Altman at or (813) 225-3112. Follow @haltman.