Hackers claiming loyalty to the Syrian government hijacked the Corps' recruiting website Sept. 2, redirecting visitors to a page calling the president a traitor.
The Marine Corps says it’s taking precautions to prevent future cyber attacks like the one that made international news Sept. 2 when hackers allegedly supporting the Syrian government compromised an official recruiting website.
The attack targeted Marines.com, a website featuring videos, photos and other promotional materials designed to inform prospective Marines about the service. Hackers claiming to be affiliated with the Syrian Electronic Army corrupted the site’s URL, causing it to redirect visitors to another website featuring photos of anonymous U.S. troops holding posterboard signs bearing messages protesting military intervention in Syria.
A message on that site, addressed to “US Marines,” called President Obama “a traitor who wants to put your lives in danger to rescue Al Qaeda insurgents” and encouraged troops to refuse orders.
A Marine Corps spokesman, Capt. Tyler Balzer, would not confirm the attackers were Syrian but said “indications seem to point to that.”
Balzer said the cyber attack affected Marines.com for only a few hours and was repaired as soon as it was discovered. The website’s content was not attacked, he said.
“It is also important to note that Marines.com is used solely as a recruiting tool and does not contain any sensitive or personally identifiable information that would be at risk in the event of an actual hack,” Balzer said via email.
No websites with a .mil suffix, including the Marine Corps’ official page, Marines.mil, were attacked or breached in the hack.
“There are a number of robust protocols in place to protect Marine networks, and those have been entirely successful thus far,” he said. “Steps have been taken to deter this type of redirect in the future.”
He declined to elaborate and would not discuss how the attackers successfully redirected the site, saying only that the Marine Corps continues to refine and update security practices to keep would-be hackers at bay.
The attack on Marines.com follows a slew of successful attacks on civilian media targets, including Thomson Reuters and The New York Times, whose site was crashed and made unavailable twice in two weeks. Earlier this year, a bogus news item posted on The Associated Press Twitter feed claimed that Obama was injured in an attack on the White House. It caused a temporary drop in the stock market.
On Sept. 5, the FBI sent out an advisory about the Syrian Electronic Army, advising heightened awareness and security protocols in light of the hacks.
Defense Department officials declined to discuss whether they’ve experienced a heightened volume of cyber threats or increased precautions.
Cybersecurity experts have called the Syrian Electronic Army attacks unsophisticated, pointing out that the hackers have failed to do any lasting damage. But one retired military officer said no one should take their threats lightly. A former chief of modeling and simulation at U.S. Cyber Command, Marc Jamison, said the Syrians’ capabilities should concern defense officials.
“If they’re able to take down one of the number-one news outlets in the United States, what does that mean?” he said. “They have redundancies. They’re not new to this game.”
Asked how much damage might the hackers be capable of, Jamison said, “That’s the million-dollar question.”