Islamic State's Psychological War on U.S. Troops

While the defacement of the Pentagon’s social media accounts was no great accomplishment in terms of cyber-warfare, it was new kind of tactic for terrorists: doxing.

Under fire at home?

Photographer: Chip Somodevilla/Getty Images

This week, Pentagon officials began calling up retired generals to let them know that their home addresses, private e-mails and other personal information had appeared in a document that was publicized globally by a group claiming to support Islamic State.

The phone calls began after the Twitter and YouTube accounts of the U.S. military’s Central Command were briefly taken over by hackers who claimed to be part of IS. The Pentagon downplayed the hack, calling it “cyber-vandalism,” and stressed that the vandals did not penetrate any of the military’s classified information networks.

And while it’s true that the brief defacement of the Pentagon’s social media accounts was no great accomplishment in terms of cyber-warfare, the hack is actually a different kind of terrorist attack altogether: doxing.

The practice of doxing, or publishing people's personal information online, is usually used to unmask hackers on Web forums or annoy figures in the news. It’s a way to deprive an online outlaw of his anonymity or a public figure of his or her privacy. In this case, the posting of the personal data of retired military officers is part of a different kind of strategy, to sow terror among men and women in uniform.  

Indeed, the message could not have been clearer. One tweet read simply: “AMERICAN SOLDIERS, WE ARE COMING. WATCH YOUR BACK. ISIS."

Among the documents posted on the Centcom Twitter account was a 52-page spreadsheet titled “Retired Army General Officer Roster.” The list includes the addresses, e-mails and retirement dates of many former generals. Hence the calls many got this week from the Pentagon. (A link to the document on Pastebin has since been removed.) 

Representative Michael Turner, the Ohio Republican who is chairman of the Tactical Air and Land Forces Subcommittee of the House Armed Services Committee, told us he believes the hackers may have posted the personal addresses as a sort of hit list. “With the growing threat of sleeper cells and homegrown terrorists, these kinds of communications are not only be a threat but also a target list,” he said.

If this seems alarmist, recall that Stéphane Charbonnier, the editor of the French satirical magazine Charlie Hebdo and one of the 12 people killed last week during the massacre at its Paris office, had previously been placed on a "Wanted: Dead or Alive" list published by Inspire, the English-language online magazine of al-Qaeda in the Arabian Peninsula.

And while a spreadsheet of retired generals would be a very broad target list, it is in keeping with the behavior of Islamic State and its supporters in recent months. On Nov. 30, the FBI took the unusual step of warning current military personnel not to travel during the holidays in their uniforms because of credible but vague threats that IS sought to attack troops inside the U.S.  In October, there were two attacks on Canadian military personnel conducted by self-proclaimed jihadists.

The chairman of the Senate Armed Services Committee, John McCain, said he was informed by the Pentagon that the military was making efforts to follow up on the Twitter leaks because potential terrorists who were not even involved in the hack now have access to the sensitive information

“I am concerned because whenever those things are publicized, they could be fodder not only for the organized guys but also for the lone wolves,” McCain said. “[The military’s] answer is, ‘Well, it was just a commercial deal.’ But it was another psychological win for the bad guys.”

One retired U.S. general whose name and address appeared on the spreadsheet told us that he was notified this week that some of his personal information had been compromised. He asked us not to use his name so as to not to bring more attention to himself. But he said he feared this would be a new kind of threat for active duty and retired officers.

“I think this is problematic and a trend that will get worse,” the retired general said. “The next steps are hacking into family Facebook pages and getting information on the families and kids of military officers. We are at a time when this is incredibly easy to do. There is a tremendous amount of vulnerability out there.”

In the past, al-Qaeda has discussed in semi-public Web forums its intentions to kill well-known Americans.  In 2011, ABC News reported that al-Qaeda had posted a hit list of 179 prominent media and business figures and politicians, including Bill Gates, Rupert Murdoch and the founder of the Blackwater security firm, Erik Prince.

Bruce Hoffman, the director of security studies at Georgetown University’s School of Foreign Service, said the hack reminded him of a Saudi al-Qaeda leader, killed in 2004, who had issued a broad target list that included community activists and counter-terrorism experts. Hoffman also said Chechen insurgents have posted personal information on Russian military officers.

“As a psychological warfare weapon, it introduces a new element that warriors have never had to contend with in the past,” Hoffman told us. “There is a whole new class of military people who will have to live like Hollywood stars do, and have their personal information scrubbed from the Internet. Terrorists are smart enough to understand a modest hacking effort can create these looking-over-your-shoulder/morale issues.”

This column does not necessarily reflect the opinion of Bloomberg View's editorial board or Bloomberg LP, its owners and investors.