The Twitter and YouTube accounts of the British Army were briefly taken over on Sunday evening by unidentified hacker(s) who posted cryptocurrency and NFT related content on these channels. The U.K. Ministry of Defense initially tweeted that it was aware of the breach, but later confirmed that the situation was resolved and that an investigation was underway.
The verified Twitter account of the British Army has more than 362,000 followers; its YouTube channel has 178,000 subscribers.
The Twitter Hijack
The Twitter account of the British Army was compromised and "the account details were changed to resemble the Possessed NFT project" instead, says Molly White, a software engineer and a cryptocurrency and blockchain enthusiast, in her blog Web3 is going just great.
The tweets from the British Army's account following its takeover announced a "new NFT collection" which directed users to a fake minting website, White says. The website also had a fake counter that showed the number of available NFTs reducing, she adds.
The tweets have now been taken down by the British Army after it regained control over its Twitter account. But according to the archived data from the evening of July 3 [as seen in the above image], it can be seen that the account details contain the legitimate link to Possessed NFTs -
linktr.ee/pssssd that directs to
pssssd.xyz, but the tweets posted from the British Army's handle contains a typosquatted link
thepossssed.xyz which directs to a phishing page, as described by White.
On Saturday, a day before the account hijacking incident took place, the official unverified Twitter handle of Possessed NFT had alerted its users of a verified scam account on the platform operating under the same name.
he tweet asked the users to report the account and be cautious of any fake claims from the Possessed NFT account. The founders, however, have not responded to Information Security Media Group's request for a comment on this and other verified accounts that appear in Twitter's search.
Also, no links between the fake website and the claimed scam accounts could be established.
Around the same time as the Twitter handle hijack, the British Army's YouTube channel was also taken over, and the name of the account was changed to ARK Invest, an investment management firm founded by Cathie Wood, White says in her blog.
The hijacked channel ran an old yet legitimate livestream of Elon Musk's talks and interviews, but contained scam ads or inserts in the video promoting doubling in value of Bitcoin and Ether money. "This is a common YouTube scam," White says.
A sense of confidence, however, amongst its followers on the two social media platforms only came late into the night when the British Army tweeted for the first time since the account takeover incident. Repeating the U.K. Ministry of Defense's statement, the British Army apologized to its followers for the "temporary interruption" of the feed, assuring users normal services had resumed.
Human Ignorance or Missing 2FA?
No explanation for the social media security breach has been shared publicly. But information security commentator Graham Cluley in his blogpost cited the carelessness of the British Army's social media team on the password front and/or lack of two-factor or multi-factor authentication as potential reasons for the unauthorized access.
"It is sadly still common for social media users to have not enabled two-factor authentication on their accounts, which can make it much more difficult for hackers to gain access even if they do manage to determine an account's password. Instructions for how to enable 2FA on Twitter and YouTube accounts are, one hopes, now being shared within the British Army to anyone who hasn't yet enabled these and similar security features," Cluley says.
While this account takeover attack may have tricked many, it is not the first time that crypto scammers have leveraged it to target unsuspecting users.
In December 2021, the Twitter handle of Indian Prime Minister Narendra Modi was "briefly compromised" but "immediately secured," according to correspondence from the prime minister's office (see: Indian PM Modi's Twitter Account Compromised - Again).
In July 2020, several known personalities' including politicians such as President Joe Biden and former President Barack Obama, entrepreneurs such as CEO Elon Musk and Microsoft's Bill Gates, and technology companies like Apple, verified Twitter accounts were hijacked in what appeared to be a cryptocurrency scam (see: Several Prominent Twitter Accounts Hijacked in Cryptocurrency Scam).
Twitter disabled these accounts from tweeting until a full password reset was completed and the scam messages deleted, the social media company stated at the time. Twitter's investigations had revealed that the attackers had targeted Twitter employees through a social engineering scheme to obtain access to the high-profile accounts.
More details and a statement about the current account takeover episode related to the British Army is still awaited as Twitter is yet to respond to ISMG's request.