The British Army's Twitter and Youtube accounts were hacked this weekend, apparently as part of a scheme to promote certain collections of NFTs (thanks, BBC). The twitter feed as it was can be viewed here: essentially the hackers replaced all the imagery around the account, and began retweeting NFT-related schemes to the British Army's roughly 365,000 followers. They also renamed the account 'pssssd' and, later, 'Bapesclan'.
The army's Youtube account, on the other hand, played host to a bunch of those fake crypto videos where footage of Elon Musk is intercut with a particular crypto pitch, in order to give the false impression that the billionaire Tesla founder (and crypto enthusiast) is associated with a given scheme.
These elements of the attack were followed by a more concerning turn when the account decided to toy around with geopolitics, declaring that the UK was at war with Pakistan.
pic.twitter.com/86Ju1zOz09July 3, 2022
Obviously this didn't amount to anything, but in an age of misinformation it is all-too-easy to imagine how such stuff could be misused and persist online, long after control of the account is regained.
Shortly after the Pakistan post, the account was restored to its rightful owners and the various posts made by the hackers removed. The Army confirmed the hack and posted the following: "Apologies for the temporary interruption to our feed. We will conduct a full investigation and learn from this incident. Thanks for following us and normal service will now resume."
The UK Ministry of Defence issued one of those ominously banal pieces of bureaucratic language:
The breach of the Army’s Twitter and YouTube accounts that occurred earlier today has been resolved and an investigation is underway. The Army takes information security extremely seriously and until their investigation is complete it would be inappropriate to comment further.July 3, 2022
This type of scam, whereby relatively high follower accounts are hacked in order to promulgate get-rich-quick crypto schemes, is increasingly common and has landed targets that are even higher-profile than the British Army: Kanye West has been hacked, as has Musk himself, and Bill Gates.
If I was a cryptobro, and I'm not, I would simply not hack the accounts of the organisation in charge of the SAS. But good luck with that I guess.
The British Army's slogan is Be The Best. Maybe in future it will follow such advice, and come up with a stronger password than HerMajesty01.