back to article British Army Twitter and YouTube feeds hijacked by crypto-promos

The British Army has apologized after its Twitter and YouTube accounts were compromised by entities that used them to promote NFTs. As recorded by The Wayback Machine, the @BritishArmy Twitter feed hosted content promoting non-fungible tokens described thusly: "The Anomalies is a collection of special Possessed 1/1s". @ …

  1. ShadowSystems

    I have a secure computer.

    A Commodore 64 that's gathering dust in a box. It's not plugged in to power, has no internet connection, doesn't run any modern OS, can't run most modern programs, is impervious to all modern exploits, and any successfull hijack would vanish with a simple reboot.

    Granted, it also can't do much in the way of computational grunt work, but that's not what you said. You said there was no single computer security. That view is false. There is such a system, it's just that it's also not up to the task for which you need a massive supercomputer.

    But I'll happily challenge you to a game of Blue Meanies from outer space! =-)

    1. Dan 55 Silver badge

      Re: I have a secure computer.

      You can still mine bitcoin on a C64 though. Imagine a beowulf cluster of those.

      1. Version 1.0 Silver badge
        Go

        Re: I have a secure computer.

        Mining bitcoin on a C64 might result in 1btc every ten years these days, originally you might have been getting one bitcoin a week ... and been able to buy a pizza!

        1. katrinab Silver badge
          Black Helicopters

          Re: I have a secure computer.

          It my arithmetic is correct, it is more like one bitcoin every 108,658,453 years.

    2. Prst. V.Jeltz Silver badge

      Re: I have a secure computer.

      I dont know , do use the old 1541 drive with it?

      could be a virus in those boot sectors just waiting for you to get a modem and a business productivity app and it'll email your files out...

  2. Anonymous Coward
    Facepalm

    The standard

    We apologize . . .

    We are aware . . .

    We are investigating . . .

    We will have no further comment during the investigation.

    And, as is standard, we will never learn the results.

    1. veti Silver badge

      Re: The standard

      Are they wrong to apologise? To be aware? To investigate? To refuse to speculate until the investigation is done?

      Just trying to work out which part of the response you are finding offensive.

      1. Gene Cash Silver badge

        Re: The standard

        It's offensive because it's the same tired lines trotted out every time, along with "this affected only a small number of customers"

        It's also offensive because the apology is no more sincere than a 4-year-old's promise not to eat all the cookies. I'm insulted by the fact they apparently expect me to accept that.

        They're not investigating. They pretty much already know how it was done. So that's bullshit as well.

        They say they take security seriously. If they actually did, this would not have happened.

        So it's all bullshit meant to placate and appease. I find that offensive.

        1. Persona

          Re: The standard

          it's all bullshit meant to placate and appease

          What option other do they have? They don't give a shit. Why should they. What they can't do is say that, otherwise the press would have a field day and soon questions would be asked in parliament, where the response would be to placate and appease.

          1. Halfmad

            Re: The standard

            Oh they care.

            Bigwigs will not be pleased.

    2. Loyal Commenter Silver badge

      Re: The standard

      If it was anything other than their "soshal meeja" accounts, I might be concerned.

      1. Yet Another Anonymous coward Silver badge

        Re: The standard

        So you don't think any harm can be done to military effectiveness by the messaging sent out to the social media accounts presumably eagerly followed by those in the armed forces, their families and those thinking of joining ?

        1. Loyal Commenter Silver badge

          Re: The standard

          I somehow doubt that the official channels of communication within the armed forces include Twitter.

          Yes, it might be used for recruiting, but I hardly see how an interruption of a few hours to an account that probably posts things sporadically is going to harm that.

          I certainly can't envisage personnel in the field pulling up their mobile phones to check Twitter. If anything, they'll be explicitly forbidden from even having their phones with them whilst on deployment because the things can be tracked, and triangulated pretty accurately just from the cell towers they attach to.

      2. doublelayer Silver badge

        Re: The standard

        How they got into those accounts might be a problem. As the article said, either they had a password leaked or the attacker has access to one of their contact methods to perform a reset. Either of those could be concerning for additional actions, although given what this attacker chose to do, probably not that bad.

        1. Loyal Commenter Silver badge

          Re: The standard

          Those accounts are almost certainly managed by someone sat in an office block somewhere who takes orders from on high but is not privy to anything else. They certainly won't be the same people who have anything to do with anything actually military. The odds are they are a civilian marketing agency outsourced from the military, whose only interaction with those in uniform is to sit in a meeting room once every couple of months to discuss the next recruitment campaign.

  3. Ken Moorhouse Silver badge

    In the old days...

    In the old days the consequences of anyone breaking the Official Secrets Act was sufficient deterrent to stop miscreants (almost literally) dead in their tracks.

    I used to know "someone" who worked for the MoD. We used to tease him rotten about what we had for lunch on a given day, then turn to him and say "you're very quiet 'H', what did you have?" He was unable to tell us, the most we could get out of him was that yes, his place had a cafeteria and that was where he ate lunch.

    Is someone going to tell these baddies "you saw these emails? We're now going to have to keel you"?

    Things ain't what they used to be.

    1. Old Shoes

      Emails? Think of the DMs

      Having access to the Twitter account means they’d also have access to the direct messages (DMs) that people have sent in over the years.

      That could be quite revealing! I hope they had DMs turned off otherwise their could be privacy-related fines in the offing.

  4. Mr Dogshit

    Let's face it

    Both these things are likely to have been outsourced to Capita

    1. Yet Another Anonymous coward Silver badge

      Re: Let's face it

      Who outsourced them to some chaps in Korea who offered a very good price.

      What do you mean there are 2 Koreas?

  5. Doctor Syntax Silver badge

    Send a task force to deal with them.

  6. Anonymous Coward
    Anonymous Coward

    Aren't You Heartily Sick Of This......

    Quote: "<your organisation name here> takes information security extremely seriously....."

    Yup.....they take it seriously for five minutes AFTER a hack has been made public.

    Today it's the British armed forces.....and tomorrow? Peter Thiel must smile every time he sees a headline like this!!

    1. Loyal Commenter Silver badge

      Re: Aren't You Heartily Sick Of This......

      ...except it's not the British Armed Forces that have been hacked. It's individual accounts on Twitter and Youtube. The air-gap between those and any real defence work is likely to be several miles wide. As someone else pointed out above; these are probably both outsourced to Crapita anyway.

      1. Nifty Silver badge

        Re: Aren't You Heartily Sick Of This......

        One upvote for sheer optimism

  7. Peter2 Silver badge

    Realistically, they don't have 2FA setup on twitter because while that works very well for a single person or a small team in a single location, it falls down when you have people spread across the country and the impact of somebody guessing the password for a twitter account is pretty much the definition of negligible.

    1. Dan 55 Silver badge

      Twitter can use TOTP so the same shared secret can be passed to several people's phones/computers.

      1. Pen-y-gors

        TOTP?

        How does Top of The Pops help secure passwords?

        And this week at number 3, we have that old favourite "password"

        At number 2, is new entry "secret"

        But at number one, for the two hundredth week running, is good old "1234"

        1. adam 40 Silver badge

          Re: TOTP?

          Well TOTP did harbour a few secrets for many years.

          How's about that then, Guys and Gals???

    2. Brewster's Angle Grinder Silver badge

      "...somebody guessing the password for a twitter account is pretty much the definition of negligible...."

      For most firms. But not if you are in the information security business, where the reputational damage is huge. And armies are in the information security business; just look at Russia's failures in Ukraine. If you can't properly secure Twitter, what else can't you properly secure?

      1. Peter2 Silver badge
        Meh

        In ye olde cold war, there was a joke about two Russian generals meeting in Paris after a clash with NATO, and one asking the other about how the "air war" had gone. (The joke being that if you'd taken the entire of Europe then winning fights in the air becomes a bit irrelevant)

        About the same could be said today with "so, who did win the war for control over our Twitter account". It's utterly irrelevant to the actual outcome of a shooting war.

        Unlike NATO provided artillery blowing up your ammunition storage dumps, for instance.

        1. Yet Another Anonymous coward Silver badge

          >It's utterly irrelevant to the actual outcome of a shooting war.

          Arguably twitter is the most important weapon in the Ukraine war

          Ukraine have a chance because their leader is good on western media, which keeps western politicians interested, which keeps western materiel flowing.

        2. Brewster's Angle Grinder Silver badge

          A fish with a rotting head is rotten to the core...

          I've heard that joke before and still don't get it - not least because we've repeatedly seen how air superiority assures ground superiority in conventional conflicts. (Another of Russia's failures in Ukraine seems to be a failure to gain total air superiority - although maybe drones have changed the game.) And, as noted above, media superiority assures superior national moral and funding.

          Moreover, a power that can build tanks and artillery and train infantry to win a ground war should be able to do the same for the air war. And vice versa.

          Likewise, any organisation that can secure battlefield coms and maintain operational security, should be able to secure their social media. (And, conversely, if squaddies think you don't give a shit about the security of your twitter account, what useful information have they also decided you don't really care about?) Modulo out-sourced Crapita, if applicable.

  8. elsergiovolador Silver badge

    hunter2

    <Cthon98> hey, if you type in your pw, it will show as stars

    <Cthon98> ********* see!

    <AzureDiamond> hunter2

    <AzureDiamond> doesnt look like stars to me

    <Cthon98> <AzureDiamond> *******

    <Cthon98> thats what I see

    <AzureDiamond> oh, really?

    <Cthon98> Absolutely

    <AzureDiamond> you can go hunter2 my hunter2-ing hunter2

    <AzureDiamond> haha, does that look funny to you?

    <Cthon98> lol, yes. See, when YOU type hunter2, it shows to us as *******

    <AzureDiamond> thats neat, I didnt know IRC did that

    <Cthon98> yep, no matter how many times you type hunter2, it will show to us as *******

    <AzureDiamond> awesome!

    <AzureDiamond> wait, how do you know my pw?

    <Cthon98> er, I just copy pasted YOUR ******'s and it appears to YOU as hunter2 cause its your pw

    <AzureDiamond> oh, ok.

  9. Howard Sway Silver badge

    a fake minting website, complete with a fake counter

    Damn those bastards, tricking people into wasting their money on a fake NFT crypto scam, instead of wasting it on a real NFT crypto scam!

    Presumably the army has now deployed a better password then "army1" *

    * Or whatever it was. Can't Twttr and Ytb set up a more secure authentication method for big orgs?

  10. Anonymous Coward
    Anonymous Coward

    NFT Crypto bad!

    Blowing people up; spiffing!

    1. Sgt_Oddball
      Coat

      Re: NFT Crypto bad!

      It's a shame the old jokes seem to have been forgotten.

      I the one along the lines of...

      "Join the British Army. Go to new and interesting places. Meet new and interesting people, then kill them..."

      I appear to have lost my coat. It was the forest camo one...

      1. Persona

        Re: NFT Crypto bad!

        It's not like that anymore. Now they kill new and interesting people with drones so don't need to visit the new and interesting places.

      2. TimMaher Silver badge
        Coat

        Re: old jokes

        Wow! I remember that from the sixties.

        BTW I’ve just found an old army coat, in the bushes at the back of the mess.

      3. tiggity Silver badge

        Re: NFT Crypto bad!

        I used to have a T-Shirt along those joke lines (from another long forgotten thing, small ads in a music weekly paper - not sure which as I would rifle through them in the shop & see which looked most worth a read & buy that, most likely "Sounds" as that was the one I purchased most often)

  11. williamsth

    Military grade security

    Does this now set the benchmark for "military grade" security?

  12. Pen-y-gors

    Building bridges?

    "to put it bluntly, you can't cyber your way across a river."

    Possibly not, but with good networks and drones, you can sure as heck stop the opposition getting across a river. Ask the RuZZians. And the same things can help you find and secure a good place for your engineers to build a bridge.

    1. MrReynolds2U

      Re: Building bridges?

      True.

      But also is "cyber" a verb now as well?

      I hate the bastardisation of our terminology.

      1. adam 40 Silver badge

        Re: Building bridges?

        It does have a cybering to it...

        1. JamesTGrant

          Re: Building bridges?

          I cybered so hard my cyber cybered

          1. A Nother Handle

            Re: Building bridges?

            Cyber cyber cyber cyber cyber cyber buffalo.

    2. katrinab Silver badge
      Black Helicopters

      Re: Building bridges?

      Maybe.

      But you can cyber your way to preventing the enemy from crossing the river.

  13. VoiceOfTruth

    There it is again

    -> The Army takes information security extremely seriously

    Blah blah blah blah. We can all copy and paste the same phrase.

  14. low_resolution_foxxes

    It has to be said, the averaging marketing 'crayon faerie' given access to a Twitter account is usually held to a much lower standard of control and IT security than your average engineer.

    The conversations usually start with "But I absolutely CANNOT update the company Twitter account without a high-spec iMac." and "I would also like it on my iPhone please".

  15. Anonymous Coward
    Anonymous Coward

    why?

    First thing that came to mind is why the fuck does the army have social media accounts.

    Seems pretty fucking pointless and a waste of manpower.

    1. SundogUK Silver badge

      Re: why?

      Recruiting.

  16. Anonymous Coward
    Anonymous Coward

    I suspect that its no one at the MOD whos actually in charge of their Youtube and Twitter accounts, but its been outsourced to some PR company who will probably be the one who got compromised and the password were stolen from them.

    Although i did once buy a laptop from a auction of old MOD kit where they had bothered to remove the hard drive but no one checked the optical drive before it was sold and it contained a CD which was all about camouflage techniques and labelled as sensitive.

    1. logicalextreme

      Was the CD painted with a camp pattern? Maybe they did check the drive but just couldn't see the disc.

  17. Danny 2

    Dad's Cyber Army

    I couldn't decide whether Musk or Putin should replace Hitler in this song, I just want our non-British pals to hear it:

    Bud Flanagan - Who Do You Think You Are Kidding Mr Hitler?

  18. Anonymous Coward
    Anonymous Coward

    Let's hope

    They've enabled 2FA on the nuclear warheads.

    1. Anonymous Coward
      Anonymous Coward

      Re: Let's hope

      Is that 2 Finger Authentication?

      1. ravenviz Silver badge

        Re: Let's hope

        I’ve often thought that nuclear buttons should be operated through a small guillotine that chops your hand off when you press it, just to make sure you really believe in what you’re doing!

        1. Ken Moorhouse Silver badge

          Re: should be operated through a small guillotine that chops your hand off when you press it

          Successful avoiders of this policy will still be able to shake their fist. Battle of Agincourt anyone?

          (Free beer for responding with the connection).

          1. CrazyOldCatMan Silver badge

            Re: should be operated through a small guillotine that chops your hand off when you press it

            Battle of Agincourt anyone?

            The British gesture of the two-finger salute is said to have stemmed from English & Welsh archers gesturing to the French to indicate they still had the fingers required to fire a bow..

            The French had a habit of cutting said fingers off if the captured a bowman.

            1. Ken Moorhouse Silver badge
              Pint

              Re: should be operated through a small guillotine that chops your hand off when you press it

              CrazyOldCatMan: Yes, that was what I was alluding to. Have one of these---->>>

            2. Loyal Commenter Silver badge

              Re: should be operated through a small guillotine that chops your hand off when you press it

              Sadly, whilst appealing, this is almost certainly apocryphal.

  19. DS999 Silver badge
    Facepalm

    Nothing will help restore confidence in crypto faster

    Than seeing public hacks of Twitter used to push crypto scams.

  20. Tron Silver badge

    Pathetic.

    The army using the some trite tosh that corporates use.

    Whomsoever left the post-it note with the week's password on in full view of the couriers should be forced to do a few laps in one of the army's duff Ajax vehicles to shake some sense into them, before being relieved of their duties.

    Then tweet 'We have been hacked. We sacked the moron who let this happen. The SAS will quietly deal with those responsible. Their bodies will not be found'.

    And no, we don't need more 2FA. 4FS, I am sick of farting about with texts and e-mails for two layers of passwords to do anything, particularly spending £2 on ebay for something the shops can no longer be arsed to sell. Additional complexity like 2FA excludes elderly people from society as more stuff goes online.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like