IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Security experts 'concerned' over compromise of British Army's social media accounts

For a number of hours on Sunday evening, the British Army's Twitter and YouTube accounts were peddling NFTs

The operational security (opsec) of the British Army has been questioned by security experts after its social media accounts were compromised on Sunday.

Both the British Army’s Twitter and YouTube accounts were taken over by a currently unknown party this weekend, resulting in the feeds being changed to promote non-fungible tokens (NFTs) before being reverted back to normal.

While under control of the compromisers, NFT-related tweets were posted and retweeted, the account’s images were changed, and the display names were also altered. The Twitter account handle was never tampered with throughout the incident.

British Army Twitter account shown to be compromised with altered images and display name

Wayback Machine

The videos on the military’s YouTube channel were deleted and replaced with Elon Musk-themed pro-cryptocurrency videos which amassed thousands of viewers.

Concerns have been raised over the opsec of the British Army’s social media team and how such a compromise was ever able to take place. 

Senior researcher at Toronto-based Citizen Lab John Scott-Railton said scams targeting verified accounts, attempting to take over their accounts, are common but raised the question of how easy it would be for a hostile nation-state to see success with a similar campaign.  It “should trouble our sleep,” he said in a tweet.

Fielding questions on how effective the communications from a hijacked account could be, Scott-Railton pointed to Citizen Labs’ previous work on risk models for this situation. 

One example he used to demonstrate the effect was the case of the Syrian Electronic Army hacking the Associated Press’ Twitter account, posting tweets claiming two explosions had hit the White House leaving then-President Barack Obama injured. 

The incident went on to bring the Dow Jones Index down by 1% briefly, he said.

Responding to the compromise of the British Army’s feeds, the Ministry of Defence (MoD) said that “an investigation is underway” and that it would not comment any further until that investigation has reached its conclusion. 

Although it’s currently unclear how the compromisers took control of the social media accounts, one former MoD and GCHQ cyber security expert has said that one possibility could be that a third party in the British Army’s supply chain could have gained access through a plug-in or social media management tool. 

Related Resource

Securing endpoints amid new threats

Ensuring employees have the flexibility and security to work remotely

Whitepaper cover with image of female employee working at home on laptopFree Download

“If this plugin or tool was not protected then it could have given the cyber attacker the ability to directly post onto the social media accounts without having to log in to both Twitter or YouTube,” said James Griffiths, co-founder and technical director at Cyber Security Associates.

“The British Army social media management team may have been a target, however, it’s likely that they would have had multi-factor authentication (MFA) in place to prevent an attack like this from happening,” he added. 

“Clearly both Twitter and YouTube have MFA capability to protect accounts so it will be interesting to know for sure how the attackers managed to compromise these high-profile accounts.”

Featured Resources

2022 State of the multi-cloud report

What are the biggest multi-cloud motivations for decision-makers, and what are the leading challenges

Free Download

The Total Economic Impact™ of IBM robotic process automation

Cost savings and business benefits enabled by robotic process automation

Free Download

Multi-cloud data integration for data leaders

A holistic data-fabric approach to multi-cloud integration

Free Download

MLOps and trustworthy AI for data leaders

A data fabric approach to MLOps and trustworthy AI

Free Download

Most Popular

Empowering employees to truly work anywhere
Sponsored

Empowering employees to truly work anywhere

22 Nov 2022
Salesforce co-CEO Bret Taylor resigns with cryptic parting message
Business operations

Salesforce co-CEO Bret Taylor resigns with cryptic parting message

1 Dec 2022
The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

14 Nov 2022