This past weekend, a hacker – or perhaps hackers – took over the Twitter and YouTube accounts of the British Army, during which time the Twitter account’s name was changed to “psssd,” while its profile and banner pictures were changed to resemble a nonfungible token (NFT) collection dubbed “The Possessed.”
The hack was apparently part of an effort to push people towards cryptocurrency scams.
The account had been changed earlier on Sunday to “Bapesclan,” the name of another NFT collection. It remains unclear – yet it is unlikely – whether the actual Bapesclan was involved. In addition, the name of the U.K.’s military YouTube account had been changed “Ark Invest,” an apparent reference to St. Petersburg, Florida-based ARK Investment Management LLC.
The British Army’s Twitter feed currently has 362,000 followers, while the YouTube channel has 177,000 subscribers.
Locked And Secured
Twitter confirmed that the British Army’s account had been compromised, but that it was locked and secured.
“We are aware of a breach of the Army’s Twitter and YouTube accounts and an investigation is underway,” a spokesperson for the British Army said in a statement.
By Sunday evening the issue had been addressed, and the UK’s Ministry of Defence Press Office (@DefenceHQPress) announced via Twitter, “The breach of the Army’s Twitter and YouTube accounts that occurred earlier today has been resolved and an investigation is underway. The Army takes information security extremely seriously and until their investigation is complete it would be inappropriate to comment further.”
While such hacks of social media aren’t all that uncommon, it certainly put the spotlight on the seriousness of the issue.
“The threat of cyberattacks is growing as both state and non-state actors are increasingly able to carry out attacks of varying severity aimed at various targets. Hybrid warfare and threats coming from the cyber domain are very much on the Ministry of Defence’s radar however, the procurement and implementation of cybersecurity systems is struggling to keep up with the growing sophistication of technology used by even unprofessional hackers,” warned Madeline Wild, associate defense analyst at international analytics firm GlobalData.
This recent attack highlights a problem with the cybersecurity preparedness of the British Army that was first noted back in 2013 when the parliament’s defence committee released the first major report on the issue. It warned at the time that Britain’s armed forces could be “fatally compromised” by a sustained cyber attack, and called upon the government to do more to boost the security of its computer systems.
Such warnings have apparently gone unheeded.
“The recent attack is the second cyber-incident suffered by the British Army in six months, raising further concerns over the strength of the service’s cyber defenses,” added Wild. “It is important to consider the ramifications of a hack such as this if it had been carried out by a terrorist organisation or enemy state. Both incidents are embarrassing for the Army, in part due to their nature and since neither seem to have required overly hi-tech software to be successful.”