British Army Twitter and YouTube feeds hijacked by crypto-promos The British Army has apologized after its Twitter and YouTube accounts were compromised by entities that used them to promote NFTs. As recorded by The Wayback Machine, the @BritishArmy Twitter feed hosted content promoting non-fungible tokens described thusly: "The Anomalies is a collection of special Possessed 1/1s". @ …
A Commodore 64 that's gathering dust in a box. It's not plugged in to power, has no internet connection, doesn't run any modern OS, can't run most modern programs, is impervious to all modern exploits, and any successfull hijack would vanish with a simple reboot.
Granted, it also can't do much in the way of computational grunt work, but that's not what you said. You said there was no single computer security. That view is false. There is such a system, it's just that it's also not up to the task for which you need a massive supercomputer.
But I'll happily challenge you to a game of Blue Meanies from outer space! =-)
You can still mine bitcoin on a C64 though. Imagine a beowulf cluster of those.
It's offensive because it's the same tired lines trotted out every time, along with "this affected only a small number of customers"
It's also offensive because the apology is no more sincere than a 4-year-old's promise not to eat all the cookies. I'm insulted by the fact they apparently expect me to accept that.
They're not investigating. They pretty much already know how it was done. So that's bullshit as well.
They say they take security seriously. If they actually did, this would not have happened.
So it's all bullshit meant to placate and appease. I find that offensive.
it's all bullshit meant to placate and appease
What option other do they have? They don't give a shit. Why should they. What they can't do is say that, otherwise the press would have a field day and soon questions would be asked in parliament, where the response would be to placate and appease.
I somehow doubt that the official channels of communication within the armed forces include Twitter.
Yes, it might be used for recruiting, but I hardly see how an interruption of a few hours to an account that probably posts things sporadically is going to harm that.
I certainly can't envisage personnel in the field pulling up their mobile phones to check Twitter. If anything, they'll be explicitly forbidden from even having their phones with them whilst on deployment because the things can be tracked, and triangulated pretty accurately just from the cell towers they attach to.
How they got into those accounts might be a problem. As the article said, either they had a password leaked or the attacker has access to one of their contact methods to perform a reset. Either of those could be concerning for additional actions, although given what this attacker chose to do, probably not that bad.
Those accounts are almost certainly managed by someone sat in an office block somewhere who takes orders from on high but is not privy to anything else. They certainly won't be the same people who have anything to do with anything actually military. The odds are they are a civilian marketing agency outsourced from the military, whose only interaction with those in uniform is to sit in a meeting room once every couple of months to discuss the next recruitment campaign.
In the old days the consequences of anyone breaking the Official Secrets Act was sufficient deterrent to stop miscreants (almost literally) dead in their tracks.
I used to know "someone" who worked for the MoD. We used to tease him rotten about what we had for lunch on a given day, then turn to him and say "you're very quiet 'H', what did you have?" He was unable to tell us, the most we could get out of him was that yes, his place had a cafeteria and that was where he ate lunch.
Is someone going to tell these baddies "you saw these emails? We're now going to have to keel you"?
Things ain't what they used to be.
Quote: "<your organisation name here> takes information security extremely seriously....."
Yup.....they take it seriously for five minutes AFTER a hack has been made public.
Today it's the British armed forces.....and tomorrow? Peter Thiel must smile every time he sees a headline like this!!
...except it's not the British Armed Forces that have been hacked. It's individual accounts on Twitter and Youtube. The air-gap between those and any real defence work is likely to be several miles wide. As someone else pointed out above; these are probably both outsourced to Crapita anyway.
Realistically, they don't have 2FA setup on twitter because while that works very well for a single person or a small team in a single location, it falls down when you have people spread across the country and the impact of somebody guessing the password for a twitter account is pretty much the definition of negligible.
"...somebody guessing the password for a twitter account is pretty much the definition of negligible...."
For most firms. But not if you are in the information security business, where the reputational damage is huge. And armies are in the information security business; just look at Russia's failures in Ukraine. If you can't properly secure Twitter, what else can't you properly secure?
In ye olde cold war, there was a joke about two Russian generals meeting in Paris after a clash with NATO, and one asking the other about how the "air war" had gone. (The joke being that if you'd taken the entire of Europe then winning fights in the air becomes a bit irrelevant)
About the same could be said today with "so, who did win the war for control over our Twitter account". It's utterly irrelevant to the actual outcome of a shooting war.
Unlike NATO provided artillery blowing up your ammunition storage dumps, for instance.
I've heard that joke before and still don't get it - not least because we've repeatedly seen how air superiority assures ground superiority in conventional conflicts. (Another of Russia's failures in Ukraine seems to be a failure to gain total air superiority - although maybe drones have changed the game.) And, as noted above, media superiority assures superior national moral and funding.
Moreover, a power that can build tanks and artillery and train infantry to win a ground war should be able to do the same for the air war. And vice versa.
Likewise, any organisation that can secure battlefield coms and maintain operational security, should be able to secure their social media. (And, conversely, if squaddies think you don't give a shit about the security of your twitter account, what useful information have they also decided you don't really care about?) Modulo out-sourced Crapita, if applicable.
<Cthon98> hey, if you type in your pw, it will show as stars
<Cthon98> ********* see!
<AzureDiamond> hunter2
<AzureDiamond> doesnt look like stars to me
<Cthon98> <AzureDiamond> *******
<Cthon98> thats what I see
<AzureDiamond> oh, really?
<Cthon98> Absolutely
<AzureDiamond> you can go hunter2 my hunter2-ing hunter2
<AzureDiamond> haha, does that look funny to you?
<Cthon98> lol, yes. See, when YOU type hunter2, it shows to us as *******
<AzureDiamond> thats neat, I didnt know IRC did that
<Cthon98> yep, no matter how many times you type hunter2, it will show to us as *******
<AzureDiamond> awesome!
<AzureDiamond> wait, how do you know my pw?
<Cthon98> er, I just copy pasted YOUR ******'s and it appears to YOU as hunter2 cause its your pw
<AzureDiamond> oh, ok.
Damn those bastards, tricking people into wasting their money on a fake NFT crypto scam, instead of wasting it on a real NFT crypto scam!
Presumably the army has now deployed a better password then "army1" *
* Or whatever it was. Can't Twttr and Ytb set up a more secure authentication method for big orgs?
I used to have a T-Shirt along those joke lines (from another long forgotten thing, small ads in a music weekly paper - not sure which as I would rifle through them in the shop & see which looked most worth a read & buy that, most likely "Sounds" as that was the one I purchased most often)
"to put it bluntly, you can't cyber your way across a river."
Possibly not, but with good networks and drones, you can sure as heck stop the opposition getting across a river. Ask the RuZZians. And the same things can help you find and secure a good place for your engineers to build a bridge.
It has to be said, the averaging marketing 'crayon faerie' given access to a Twitter account is usually held to a much lower standard of control and IT security than your average engineer.
The conversations usually start with "But I absolutely CANNOT update the company Twitter account without a high-spec iMac." and "I would also like it on my iPhone please".
I suspect that its no one at the MOD whos actually in charge of their Youtube and Twitter accounts, but its been outsourced to some PR company who will probably be the one who got compromised and the password were stolen from them.
Although i did once buy a laptop from a auction of old MOD kit where they had bothered to remove the hard drive but no one checked the optical drive before it was sold and it contained a CD which was all about camouflage techniques and labelled as sensitive.
I couldn't decide whether Musk or Putin should replace Hitler in this song, I just want our non-British pals to hear it:
Battle of Agincourt anyone?
The British gesture of the two-finger salute is said to have stemmed from English & Welsh archers gesturing to the French to indicate they still had the fingers required to fire a bow..
The French had a habit of cutting said fingers off if the captured a bowman.
The army using the some trite tosh that corporates use.
Whomsoever left the post-it note with the week's password on in full view of the couriers should be forced to do a few laps in one of the army's duff Ajax vehicles to shake some sense into them, before being relieved of their duties.
Then tweet 'We have been hacked. We sacked the moron who let this happen. The SAS will quietly deal with those responsible. Their bodies will not be found'.
And no, we don't need more 2FA. 4FS, I am sick of farting about with texts and e-mails for two layers of passwords to do anything, particularly spending £2 on ebay for something the shops can no longer be arsed to sell. Additional complexity like 2FA excludes elderly people from society as more stuff goes online.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
