Local audiences were surprised to see militant, Pro-ISIS tweets and images on the Twitter feeds of the Albuquerque Journal and CBS and Fox affiliates in Delmarva, Maryland, and a station in Tennessee earlier this week, sending those news organizations scrambling to regain control of their social media accounts and leaving some scratching their heads as to why a group sympathetic to ISIS would target local media markets.
Hackers, who call themselves CyberCaliphate, posted familiar images of a man with his face shrouded in a scarf as well as messages such as "With Allah's permission we began with New-Mexico and we are in Tennessee now. We hacked FBI databases. #CyberCaliphate," and pledged “INFIDELS, NEW YEAR WILL MAKE YOU SUFFER.”
Indeed it appeared that the group had accessed government sites since a link on the Twitter feed for the Tennessee station led to a dump of what Stewart County, Tenn. Mayor Rick Joiner told AOL News were legitimate documents from government servers there. In addition, a link to a document dump on Pastebin on the Albuquerque Journal's Twitter account revealed personal data and alleged sealed criminal records of people residing in New Mexico, the AOL report said.
The nature of the messages and the hack point away from ISIS's “official” presence on social media, which, Ian Amit, vice president at ZeroFox, told SCMagazine.com in an interview are “typically closely tied to things they do on the ground.” ISIS activity on social media is usually centered around supporting their activities and events. “There's not a lot of malicious activity but rather more propaganda,” said Amit. “They're trying to spread the word and justify their actions.”
Instead, members of CyberCaliphate are more likely an ad hoc group of “keyboard warriors” who want to join the cause but “are less inclined to pack their bags and ship over to Eastern Europe or the MidEast” to join in combat, said Amit.
He suggested that the group might have a “hit list” of sorts of media outlets they plan to hack.
Local stations and papers make sense, too, from both easy access and social impact perspectives. Larger organizations like CNN “are more protected” while smaller markets may have common vulnerabilities that can be exploited. Two targets “were using the same product on the backend end,” said Amit.
Craig Jahelka, general manager at affected station WBOC in Maryland, told radio station WGMD that the station was “pretty sure” the hackers got in with the login and password of someone in the news department. "We're not sure how they got it, but when they got in they somehow managed to figure out two other employees' log-ins and passwords," he said.
That sounds right to Amit, whose social media management firm has been monitoring the Islamic State's online progress. “Once someone leaks a password or it's obtained by brute force attack, then it's the same M.O.,” he said.
“From a social or psychological perspective” the attacks have “more impact on the target audience,” Amit added. There's a perception “that the local station is mine” and the attack feels like it's in the audience's backyard.
UPDATE: The CyberCaliphate reportedly posted an image vowing to take revenge for the drone strike that took out ISIS hacker Junaid Hussain.