Cryptocurrency Fraud , Cybercrime , Cybercrime as-a-service

British Army's Twitter and YouTube Accounts Hijacked

Army Apologizes for Temporary Interruption; Full Investigation Underway
British Army's Twitter and YouTube Accounts Hijacked
Screen grab of official Twitter handle of the British Army post account hijacking (Source: Internet Archive)

The Twitter and YouTube accounts of the British Army were briefly taken over on Sunday evening by unidentified hackers who posted content related to cryptocurrency and non-fungible tokens - NFTS - on these channels. The U.K. Ministry of Defense initially tweeted that it was aware of the breach but later confirmed that the situation had been resolved and that an investigation was underway.

See Also: Ransomware Response Essential: Fixing Initial Access Vector

The verified Twitter account of the British Army has more than 362,000 followers; its YouTube channel has 178,000 subscribers.

The Twitter Hijack

The Twitter account of the British Army was compromised and "the account details were changed to resemble the Possessed NFT project" instead, says Molly White, a software engineer and a cryptocurrency and blockchain enthusiast, in her blog Web3 is going just great.

Tweets posted on the British Army' Twitter account after hijacking (Source: Internet Archive)

The tweets from the British Army's account following its takeover announced a "new NFT collection" and directed users to a fake minting website, White says. The website also had a fake counter that showed the number of available NFTs reducing, she adds.

The tweets have now been taken down by the British Army after it regained control over its Twitter account. But according to the archived data from Sunday evening, as seen in the above image, the account details contain the legitimate link to Possessed NFTs - linktr.ee/pssssd - that directs to pssssd.xyz, but the tweets posted from the British Army's handle contain a typosquatted link - thepossssed.xyz - that directs to a phishing page, as described by White.

Fake webpage asking users to connect to its wallet possibly to exfiltrate data (Source: ISMG)

On Saturday, a day before the account hijacking incident took place, the official unverified Twitter handle of Possessed NFT alerted its users of a verified scam account on the platform operating under the same name.

The tweet asked the users to report the account and be cautious of any fake claims from the Possessed NFT account. The founders, however, have not responded to Information Security Media Group's request for a comment on this and other verified accounts that appear in Twitter's search.

Also, no links between the fake website and the claimed scam accounts could be established.

YouTube Takeover

Around the same time as the Twitter handle hijacking, the British Army's YouTube channel was also taken over, and the name of the account was changed to ARK Invest, an investment management firm founded by Cathie Wood, White says in her blog.

British Army's hijacked YouTube channel (Source: Internet Archive)

The hijacked channel ran an old yet legitimate livestream of Elon Musk's talks and interviews but also contained scam ads or inserts in the video promoting doubling in value of Bitcoin and Ether. "This is a common YouTube scam," White says.

Followers of the two social media platforms only regained a sense of confidence, however, late in the night, when the British Army tweeted for the first time since the account takeover incident. Repeating the U.K. Ministry of Defense's statement, the British Army apologized to its followers for the "temporary interruption" of the feed, assuring users normal services had resumed.

Human Ignorance or Missing 2FA?

No explanation for the social media security breach has been shared publicly. But information security commentator Graham Cluley in his blog post cited the carelessness of the British Army's social media team on the password front and/or lack of two-factor or multifactor authentication as potential reasons for the unauthorized access.

"It is sadly still common for social media users to have not enabled two-factor authentication on their accounts, which can make it much more difficult for hackers to gain access even if they do manage to determine an account's password. Instructions for how to enable 2FA on Twitter and YouTube accounts are, one hopes, now being shared within the British Army to anyone who hasn't yet enabled these and similar security features," Cluley says.

Earlier Incidents

This is not the first time that crypto scammers have leveraged an account takeover attack to target unsuspecting users.

In December 2021, the Twitter handle of Indian Prime Minister Narendra Modi was "briefly compromised" but "immediately secured," according to correspondence from the prime minister's office (see: Indian PM Modi's Twitter Account Compromised - Again).

In July 2020, the verified Twitter accounts of several known personalities - including politicians such as President Joe Biden and former President Barack Obama, entrepreneurs such as CEO Elon Musk and Microsoft's Bill Gates, and technology companies such as Apple - were hijacked in what appeared to be a cryptocurrency scam (see: Several Prominent Twitter Accounts Hijacked in Cryptocurrency Scam).

Twitter disabled these accounts from tweeting until a full password reset had been completed and the scam messages deleted, the social media company stated at the time. Twitter's investigations revealed that the attackers had targeted Twitter employees through a social engineering scheme to obtain access to the high-profile accounts.

More details and a statement about the current account takeover episode related to the British Army is still awaited as Twitter has not yet responded to ISMG's request.

This is a developing story.


About the Author

Mihir Bagwe

Mihir Bagwe

Senior Correspondent, Global News Desk

Bagwe previously worked at CISO magazine, reporting the latest cybersecurity news and trends and interviewing cybersecurity subject matter experts.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing fraudtoday.io, you agree to our use of cookies.