British Army Twitter and YouTube feeds hijacked by crypto-promos
If you can't defend against crypto bros…
The British Army has apologized after its Twitter and YouTube accounts were compromised by entities that used them to promote NFTs.
As recorded by The Wayback Machine, the @BritishArmy Twitter feed hosted content promoting non-fungible tokens described thusly: "The Anomalies is a collection of special Possessed 1/1s".
According to Web3-watcher Web3 is going just great, the British Army YouTube account was taken over at the same time as the Twitter takedown.
The YouTube takeover replaced the legit account with fake logos resembling those used by an investment management firm and filled it with more crypto boosterism – namely a video that cut an old chat between Elon Musk and Twitter founder Jack Dorsey into a new and misleading narrative.
The @BritishArmy account apologized for the outage.
Apologies for the temporary interruption to our feed. We will conduct a full investigation and learn from this incident. Thanks for following us and normal service will now resume.— British Army 🇬🇧 (@BritishArmy) July 3, 2022
The Ministry of Defence later swung into action, as follows:
We are aware of a breach of the Army's Twitter and YouTube accounts and an investigation is underway.— Ministry of Defence Press Office (@DefenceHQPress) July 3, 2022
The Army takes information security extremely seriously and is resolving the issue. Until their investigation is complete it would be inappropriate to comment further.
The breach of the Army's Twitter and YouTube accounts that occurred earlier today has been resolved and an investigation is underway.— Ministry of Defence Press Office (@DefenceHQPress) July 3, 2022
The Army takes information security extremely seriously and until their investigation is complete it would be inappropriate to comment further.
Social media services increasingly use two-factor authentication before allowing password changes. The Register mentions this only as it suggests whoever was behind the hijack was able to access a Defence email address to get into the social media accounts. Either that, or the British Army needs to use much stronger passwords.
- UK Ministry of Defence takes recruitment system offline, confirms data leak
- Five Eyes nations fear wave of Russian attacks against critical infrastructure
- This is AUKUS for China – US, UK, Australia reveal defence tech-sharing pact
The takeovers have of course sparked reams of disdainful comment.
Ironically, some of those appear on this video that features General Sir Patrick Sanders, who in June assumed the post of chief of general staff – the head of the British Army – delivering a speech in which he stated: "Defence is only as strong as its weakest domain. And technology does not eliminate the relevance of combat mass."
Sanders added: "I bow to no one in my advocacy for the need for game-changing digital transformation. To put it bluntly, you can't cyber your way across a river. No single platform, capability, or tactic will unlock the problem."
But better security for social media accounts looks like a good start. ®
- Advanced persistent threat
- Black Hat
- Bug Bounty
- Cabinet Office
- Common Vulnerability Scoring System
- Competition and Markets Authority
- Computer Misuse Act
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Home Office
- Identity Theft
- Kenna Security
- Palo Alto Networks
- Remote Access Trojan
- RSA Conference
- Trusted Platform Module
- Zero trust