British Army's Twitter and YouTube Accounts HijackedArmy Apologizes for Temporary Interruption; Full Investigation Underway
The Twitter and YouTube accounts of the British Army were briefly taken over on Sunday evening by unidentified hackers who posted content related to cryptocurrency and non-fungible tokens - NFTS - on these channels. The U.K. Ministry of Defense initially tweeted that it was aware of the breach but later confirmed that the situation had been resolved and that an investigation was underway.
The breach of the Army’s Twitter and YouTube accounts that occurred earlier today has been resolved and an investigation is underway.— Ministry of Defence Press Office (@DefenceHQPress) July 3, 2022
The Army takes information security extremely seriously and until their investigation is complete it would be inappropriate to comment further.
The verified Twitter account of the British Army has more than 362,000 followers; its YouTube channel has 178,000 subscribers.
The Twitter Hijack
The Twitter account of the British Army was compromised and "the account details were changed to resemble the Possessed NFT project" instead, says Molly White, a software engineer and a cryptocurrency and blockchain enthusiast, in her blog Web3 is going just great.
The tweets from the British Army's account following its takeover announced a "new NFT collection" and directed users to a fake minting website, White says. The website also had a fake counter that showed the number of available NFTs reducing, she adds.
The tweets have now been taken down by the British Army after it regained control over its Twitter account. But according to the archived data from Sunday evening, as seen in the above image, the account details contain the legitimate link to Possessed NFTs -
linktr.ee/pssssd - that directs to
pssssd.xyz, but the tweets posted from the British Army's handle contain a typosquatted link -
thepossssed.xyz - that directs to a phishing page, as described by White.
On Saturday, a day before the account hijacking incident took place, the official unverified Twitter handle of Possessed NFT alerted its users of a verified scam account on the platform operating under the same name.
Posse, there is a new verified SCAM account. Please report and go careful pic.twitter.com/F83o045Ar5— pssssd (@ThePossessedNFT) July 2, 2022
The tweet asked the users to report the account and be cautious of any fake claims from the Possessed NFT account. The founders, however, have not responded to Information Security Media Group's request for a comment on this and other verified accounts that appear in Twitter's search.
Also, no links between the fake website and the claimed scam accounts could be established.
Around the same time as the Twitter handle hijacking, the British Army's YouTube channel was also taken over, and the name of the account was changed to ARK Invest, an investment management firm founded by Cathie Wood, White says in her blog.
The hijacked channel ran an old yet legitimate livestream of Elon Musk's talks and interviews but also contained scam ads or inserts in the video promoting doubling in value of Bitcoin and Ether. "This is a common YouTube scam," White says.
Followers of the two social media platforms only regained a sense of confidence, however, late in the night, when the British Army tweeted for the first time since the account takeover incident. Repeating the U.K. Ministry of Defense's statement, the British Army apologized to its followers for the "temporary interruption" of the feed, assuring users normal services had resumed.
Apologies for the temporary interruption to our feed. We will conduct a full investigation and learn from this incident. Thanks for following us and normal service will now resume.— British Army (@BritishArmy) July 3, 2022
Human Ignorance or Missing 2FA?
No explanation for the social media security breach has been shared publicly. But information security commentator Graham Cluley in his blog post cited the carelessness of the British Army's social media team on the password front and/or lack of two-factor or multifactor authentication as potential reasons for the unauthorized access.
"It is sadly still common for social media users to have not enabled two-factor authentication on their accounts, which can make it much more difficult for hackers to gain access even if they do manage to determine an account's password. Instructions for how to enable 2FA on Twitter and YouTube accounts are, one hopes, now being shared within the British Army to anyone who hasn't yet enabled these and similar security features," Cluley says.
This is not the first time that crypto scammers have leveraged an account takeover attack to target unsuspecting users.
In December 2021, the Twitter handle of Indian Prime Minister Narendra Modi was "briefly compromised" but "immediately secured," according to correspondence from the prime minister's office (see: Indian PM Modi's Twitter Account Compromised - Again).
In July 2020, the verified Twitter accounts of several known personalities - including politicians such as President Joe Biden and former President Barack Obama, entrepreneurs such as CEO Elon Musk and Microsoft's Bill Gates, and technology companies such as Apple - were hijacked in what appeared to be a cryptocurrency scam (see: Several Prominent Twitter Accounts Hijacked in Cryptocurrency Scam).
Twitter disabled these accounts from tweeting until a full password reset had been completed and the scam messages deleted, the social media company stated at the time. Twitter's investigations revealed that the attackers had targeted Twitter employees through a social engineering scheme to obtain access to the high-profile accounts.
More details and a statement about the current account takeover episode related to the British Army is still awaited as Twitter has not yet responded to ISMG's request.
This is a developing story.