IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Security experts 'concerned' over compromise of British Army's social media accounts

For a number of hours on Sunday evening, the British Army's Twitter and YouTube accounts were peddling NFTs

The operational security (opsec) of the British Army has been questioned by security experts after its social media accounts were compromised on Sunday.

Both the British Army’s Twitter and YouTube accounts were taken over by a currently unknown party this weekend, resulting in the feeds being changed to promote non-fungible tokens (NFTs) before being reverted back to normal.

While under control of the compromisers, NFT-related tweets were posted and retweeted, the account’s images were changed, and the display names were also altered. The Twitter account handle was never tampered with throughout the incident.

British Army Twitter account shown to be compromised with altered images and display name

Wayback Machine

The videos on the military’s YouTube channel were deleted and replaced with Elon Musk-themed pro-cryptocurrency videos which amassed thousands of viewers.

Concerns have been raised over the opsec of the British Army’s social media team and how such a compromise was ever able to take place. 

Senior researcher at Toronto-based Citizen Lab John Scott-Railton said scams targeting verified accounts, attempting to take over their accounts, are common but raised the question of how easy it would be for a hostile nation-state to see success with a similar campaign.  It “should trouble our sleep,” he said in a tweet.

Fielding questions on how effective the communications from a hijacked account could be, Scott-Railton pointed to Citizen Labs’ previous work on risk models for this situation. 

One example he used to demonstrate the effect was the case of the Syrian Electronic Army hacking the Associated Press’ Twitter account, posting tweets claiming two explosions had hit the White House leaving then-President Barack Obama injured. 

The incident went on to bring the Dow Jones Index down by 1% briefly, he said.

Responding to the compromise of the British Army’s feeds, the Ministry of Defence (MoD) said that “an investigation is underway” and that it would not comment any further until that investigation has reached its conclusion. 

Although it’s currently unclear how the compromisers took control of the social media accounts, one former MoD and GCHQ cyber security expert has said that one possibility could be that a third party in the British Army’s supply chain could have gained access through a plug-in or social media management tool. 

Related Resource

Securing endpoints amid new threats

Ensuring employees have the flexibility and security to work remotely

Whitepaper cover with image of female employee working at home on laptopFree Download

“If this plugin or tool was not protected then it could have given the cyber attacker the ability to directly post onto the social media accounts without having to log in to both Twitter or YouTube,” said James Griffiths, co-founder and technical director at Cyber Security Associates.

“The British Army social media management team may have been a target, however, it’s likely that they would have had multi-factor authentication (MFA) in place to prevent an attack like this from happening,” he added. 

“Clearly both Twitter and YouTube have MFA capability to protect accounts so it will be interesting to know for sure how the attackers managed to compromise these high-profile accounts.”

Featured Resources

The Total Economic Impact™ Of Turbonomic Application Resource Management for IBM Cloud® Paks

Business benefits and cost savings enabled by IBM Turbonomic Application Resource Management

Free Download

The Total Economic Impact™ of IBM Watson Assistant

Cost savings and business benefits enabled by Watson Assistant

Free Download

The field guide to application modernisation

Moving forward with your enterprise application portfolio

Free Download

AI for customer service

Discover the industry-leading AI platform that customers and employees want to use

Free Download

Most Popular

Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022
The benefits of a hardware update for SMBs
Sponsored

The benefits of a hardware update for SMBs

2 Aug 2022