Pranksters Hijack U.S. Navy Facebook Page to Stream ‘Age of Empires’ Game
Table of Contents
- By Dawna M. Roberts
- Published: Oct 27, 2021
- Last Updated: Mar 18, 2022
In what appears to be a practical joke, hackers took over the U.S. Navy’s Facebook page for its destroyer, the USS Kidd, and streamed live gameplay for the Age of the Empires online game.
What is the Age of Empires?
According to Threatpost “Age of Empires is a real-time online multiplayer strategy game in which the objective is to advance one’s civilization. Players “build, settle, trade and fight” their way from the Stone Age into the future, reaching certain milestones (inventing the wheel, ending feudalism) along the way.”
Along with taking over the page and streaming the gameplay for four hours, the fraudsters also changed the About page to “Gaming Video Creator.”
Task & Purpose, a military reporter, first noted the prank and said the page was hijacked at 10:26 p.m. on Sunday. During the short stint, the page received thousands of amused comments. One, however, pointed out that the incident was “Just in time for Cyber Awareness month.”
How Did the U.S. Navy Respond?
Cmdr. Nicole Schwegman, a Navy spokesperson, told the press that “The official Facebook page for USS Kidd (DDG 100) was hacked. USS Kidd‘s Facebook page had unauthorized access from an unknown entity.”
Facebook reclaimed the page and secured it, but the page was still not back up as of Thursday.
The Cybersecurity Ramifications
Even though many onlookers thought the prank was cute, it has serious cybersecurity ramifications.
CTO of Breach Quest, Jake Williams, commented “But many military units use Facebook pages as an official communication channel, particularly for family-readiness groups. A threat actor compromising an official Facebook page could create confusion and morale problems.”
It does not bode well that the U.S. Navy lost control of a Facebook page. Threat researchers suspect it occurred due to a reused password and a credential stuffing attack.
Williams added, “Unfortunately, many official pages are managed using a shared login, and as a result, multifactor authentication (MFA) is not enabled. Where possible, organizations should not use shared logins for official pages. Instead, they should delegate control of the pages to individual accounts and ensure they have MFA enabled.”
Tips to Secure Social Media Sites to Prevent an Account Takeover
Account takeover (ATO) attacks are becoming much more common as new data from breaches hits the dark web. Reused passwords are one of the biggest reasons for this. Some tips the Navy and regular users can employ to secure their social media pages are:
- Always use long, strong passwords and maintain control over access.
- Never reuse passwords on multiple accounts.
- Watch out for phishing emails that request login information or links that take you to a fake login page.
- Never click links in email or text message, even on social media.
- Be cautious about friend requests and only allow those you know to see your profiles.
- Turn off commenting whenever you can.
- Secure your social media accounts by going through every privacy and security setting and battening down the hatches.
- Keep antivirus software running on every device that you access your social media accounts with.
- Be careful about allowing apps to access your social media accounts.
- Keep operating systems and apps updated with the latest security patches.
- Keep a close eye on your social media accounts, looking for anything suspicious.
- Never share personal information online with strangers. Keep in mind that profile data can be scraped, so never share sensitive data like social security numbers, driver’s license numbers, or other personal details on your social media profiles.
- Never connect to public Wi-Fi without using a VPN.