The Bitish Army’s Twitter and YouTube accounts have been advertizing NFTs over the weekend.

The cybersecurity of the British Army was questioned by experts after its social media accounts were compromised on Sunday, according to a report in ITPro.

The British Army’s Twitter and YouTube accounts were taken over by a currently unknown party, resulting in the feeds promoting non-fungible tokens (NFTs) before being reverted back to normal.

While under the compromisers’ control, NFT-related tweets were posted and retweeted, account images changed and display names altered. The Twitter account handle was never tampered with throughout the incident.

The videos on the military’s YouTube channel were deleted and replaced with Elon Musk-themed pro-cryptocurrency videos which amassed thousands of viewers. Concerns have been raised over the cybersecurity of the British Army’s social media team and how such a compromise could occur. 

Losing sleep

John Scott-Railton, Senior researcher at Toronto-based Citizen Lab, said high-profile account hacks are common enough to raise questions on how easy it would be for a hostile nation-state to launch a similar campaign. It “should trouble our sleep”, he wrote in a tweet.

Fielding questions on how effective the communications from a hijacked account could be, Scott-Railton pointed to Citizen Labs’ previous work on risk models for this situation. One example is the Syrian Electronic Army’s hack of the Associated Press’ Twitter account, posting tweets claiming two explosions had hit the White House leaving then-President Barack Obama injured. The incident caused the Dow Jones to drop by 1 percent.

Responding to the compromise of the British Army’s feeds, the Ministry of Defence (MoD) said that “an investigation is underway”. The ministry is refraining from further comments until the investigation has reached its conclusion. 

Tip: Bug bounty platform employee dupes customers