A group calling itself the Cyber Caliphate hacked the Twitter and YouTube accounts for the U.S. military’s Central Command on Monday. “I Love you ISIS,” the group posted atop CENTCOM’s Twitter page, along with threats to American soldiers and a cache of documents it claimed to have hacked.

But all is not what it seems with the cyber jihadis. Privately, defense officials told The Daily Beast they were skeptical that the hacking was conducted by ISIS but said it was too early to say who carried out the attack.

And there are early signs that the Cyber Caliphate may be more of a ruse than a group of hardline Islamic extremists. One of the seven Twitter accounts it followed was “Andrew Jackson Jihad,” a folk punk bank from the American Southwest.

A Pentagon statement confirmed Monday that “the U.S. Central Command Twitter and YouTube accounts were compromised,” adding that Department of Defense (DoD) officials were taking “appropriate measures to address the matter.” The breach lasted less than two hours, starting at 12:30 p.m. Eastern time. CENTCOM’s Twitter account was shut down first, followed by its YouTube channel, which was used temporarily to post ISIS propaganda videos.

Control of the military’s social media accounts was a clear security breach but may not by itself have given the hackers access to sensitive information.

Col. Steve Warren, a Pentagon spokesman, called the hacking a “cyber prank” that did not compromise Defense Department secure networks. He said the Pentagon has been in contact with Twitter and YouTube and that it is analyzing what was posted.

If the hacking was a prank, it’s still not clear who was behind it, how the hackers got access to the sites, and what they were trying to accomplish.

There are some clues, however, about the Cyber Caliphate’s real identity. Among them: The fact that it used the acronym ISIS.

The “I love you ISIS” mash note the Cyber Caliphate posted seemed to signal allegiance to the group. But while the self-declared Islamic State is called ISIS or ISIL by the United States, that name is rarely used by members and supporters of the group.

Ali Soufan, a terrorism analyst and former FBI special agent, made that point on his Twitter account.

If ISIS supporters were behind the hack, they were either so unfamiliar with the group they used the wrong name—or so crafty they planned the error to look like amateurs.

The “Cyber Caliphate” Twitter account, still up as of 3:30 p.m. Monday, was activated just last week. On January 6, the group announced it had taken over the Twitter feeds of a newspaper and TV station in New Mexico. With those accounts under its control it posted documents claiming to have come from a hack of the FBI.

As AOL news reported at the time:

“Documents obtained from an online repository linked to from the television station’s Twitter appear to be from Stewart County, Tennessee. They include federal bulletins on how to handle anti-police protests related to Ferguson, government invoices and contracts, court documents and even letters.”

Although the hackers bragged Monday about hacking into “Pentagon networks,” it’s not clear that they leaked any secret information. As The New York Times reported, “many of the documents posted by the hackers appear to be public records, including transcripts of congressional testimony. Some documents, such as a summary of the costs of major Pentagon weapons systems, are readily available on the Defense Department’s website.”

So if a group inspired by ISIS wasn’t behind the hack, who was? It could be a group with its own political agenda, like the pro-Assad Syrian Electronic Army. The hacker crew has targeted CENTCOM in the past. Perhaps this time, it used ISIS as a smoke screen to throw off the authorities.

Whoever was behind the hack, it was a troubling security breach for the Pentagon, though not one that seemed to cause much real damage.

“It’s embarrassing,” Sen. Lindsey Graham (R-SC) told reporters of the hack Monday. “It’s...a propaganda advancement for these guys. I don’t think it compromises our national security but it should be a wakeup call for all of us.”

Defense Department officials concede that its Twitter and YouTube accounts could be susceptible to hacking because there are often several people with access to any one account, making the changing of passwords less likely and shared among joint YouTube and Twitter accounts, a defense official explained to The Daily Beast. Some with access update the sites from both their cell phone and computers.