Last week, reports emerged that the British Army’s Twitter and YouTube accounts were breached by cyber-hackers, who flooded the channels with giveaways and competitions relating to NFTs, changed the account names and added new profile pictures. The reports were later confirmed by The Ministry of Defence, who confirmed late on Sunday that both breaches had been “resolved.”
It is however an illustration of how sometimes even high profile organisations with cybersecurity experts can fall victim to a hack.
We spoke to ex-military/ex-MOD/ex-GCHQ cyber expert, James Griffiths, Co-founder and Technical Director of Cyber Security Associates (CSA) based in Gloucester. All CSA staff have enhanced Government security clearance and James has personally worked within Cyber Security for over 15 years, which included a distinguished career as an Army Royal Signals Senior Operator, spending the last five years of service working as an Operator providing cyber offensive capability to the UK government, including MOD and GCHQ.
James explains the hack may have come via a third party plug in or social media management tool, saying:
“The confirmed cyber security breach upon the British Army’s YouTube and Twitter accounts yesterday could have been achieved via a third party within the supply chain using a plugin or a social media management tool. If this plugin or tool was not protected then it could have given the cyber attacker the ability to directly post onto the social media accounts without having to login to both Twitter or YouTube.
“Social media and the reach that accounts have to publish information and recommendations has exploded over the past few years. The British Army social media management team may have been a target however, it’s likely that they would have had Multi-Factor Authentication (MFA) in place to prevent an attack like this from happening. Clearly both Twitter and YouTube have MFA capability to protect accounts so it will be interesting to know for sure how the attackers managed to compromise these high-profile accounts.”
The MOD is yet to confirm whether they are aware of the source, saying:
“We are aware of a breach of the Army’s Twitter and YouTube accounts and an investigation is underway. The Army takes information security extremely seriously and is resolving the issue. Until their investigation is complete it would be inappropriate to comment further.”