Shapps: 'potential contractor failings' may have made Mod hack easier

08/05/2024

MPs are set to be told about the massive data breach tomorrow

Failures by a formerly government-owned contractor may have made a cyber attack on Armed Forces data being blamed on China ‘easier’ to carry out, the Defence Secretary said today.

Grant Shapps confirmed that Shared Services Connected Ltd (SSCL) was the company whose system was hacked, exposing the names and bank details of hundreds of thousands of service personnel – and some home addresses.

In a statement to MPs this afternoon Mr Shapps suggested that little or no data had been stolen, as he announced a probe into what happened.

Up to 272,000 service personnel may have been hit by the data breach, Mr Shapps told MPs as he set out an eight-point plan to support and protect those potentially affected.

He blamed the attack on a ‘malign actor’, but failed to confirm reports that China was behind the break-in despite saying a nation state may have been involved.

But he also criticised SSCL, saying there was ‘evidence of potential failings by them that may have made it easier for the malign actor to gain entry.’

Politicians and experts said the attack bore all the hallmarks of Chinese origin.

Conservative former leader Sir Iain Duncan Smith told Sky News: ‘This is yet another example of why the UK Government must admit that China poses a systemic threat to the UK and change the integrated review to reflect that.

‘No more pretence, it is a malign actor, supporting Russia with money and military equipment, working with Iran and North Korea in a new axis of totalitarian states.’

Former defence minister Tobias Ellwood told the BBC’s Radio 4 Today programme: ‘Targeting the names of the payroll system and service personnel’s bank details, this does point to China because it can be as part of a plan, a strategy to see who might be coerced.’

It comes as president Xi visits France on a state visit, where he will hold talks with Emmanuel Macron.

The Chinese embassy in London denied involvement, saying claims of an attack were ‘completely fabricated and malicious slanders’.

microsoft, shapps: 'potential contractor failings' may have made mod hack easier

Speaking to broadcasters in south-east London, Rishi Sunak said there were ‘indications that a malign actor’ had compromised the database, but declined to attribute the attack to a specific state or ‘actor’.

It comes as president Xi visits France on a state visit, where he will hold talks with Emmanuel Macron.

Conservative former leader Sir Iain Duncan Smith told Sky News : ‘This is yet another example of why the UK Government must admit that China poses a systemic threat to the UK and change the integrated review to reflect that.’

Labour’s shadow defence secretary John Healey named the contractor as SSCL.

Up to 272,000 service personnel may have been hit by the data breach, Mr Shapps told MPs.

He set out an eight-point plan to support and protect those potentially affected.

The Ministry of Defence (MoD) took immediate action when it discovered the breach, taking the external network – operated by a contractor – offline.

Downing Street said the Government had also launched a security review of the contractor’s operations.

The Prime Minister’s official spokesman declined to comment on speculation about the origin of the attack ahead of a planned statement to the Commons on the incident by Defence Secretary Grant Shapps this afternoon.

Mr Shapps is not expected to attribute the attack to a specific state or actor when he addresses MPs on Tuesday afternoon.

It comes less than two months after Chinese state-affiliated actors were blamed by the government for two ‘malicious’ cyberattack campaigns in the UK.

The two incidents involved an attack on the Electoral Commission in 2021 as well as targeted attacks against MPs sceptical of China.

In a speech made in the commons last month, Deputy Prime Minister Oliver Dowden confirmed that the Chinese ambassador would be summoned to ‘account for China’s conduct in these incidents’.

He also announced that the UK – alongside international partners including the US – would be issuing sanctions against the Chinese government.

The MoD is said to be hopeful that serving personnel will not be concerned about their safety. Those impacted by the data breach will be given advice and support tomorrow.

The contractor system is not connected to the main MoD computer systems and has been taken down with a review launched.

Up to 250,000 people could be impacted by the breach with their names and bank details amongst the information that has been compromised

It comes less than two months after Chinese state-affiliated actors were blamed by the government for two ‘malicious’ cyberattack campaigns in the UK (file image)

All salaries were paid at the last payday, with no issues expected at the next one at the end of this month, although there may be a slight delay in the payment of expenses in a small number of cases.

The MoD is said to have worked on the issue intensively over the last 72 hours to figure out how much data was exposed during the hack. It is understood that investigations have not shown any data to have been taken so far.

Up to 250,000 people could be impacted by the breach with their names and bank details amongst the information that has been compromised.

The identification of Special Forces soldiers – who are entitled to lifelong anonymity – has not been compromised according to defence sources.

The country’s President Xi Jinping is currently on a two-day state visit to France – his first visit to Europe since 2019.

Meeting with French President Emmanuel Macron yesterday, President Xi called for a ‘worldwide truce’ during the Olympic Games this summer.

The incident risks dissuading other countries with challenging relationships with China from sharing sensitive intelligence with the UK.

The cyber attacks that hit the UK

– March 2024

The UK and the United States accused China of a global campaign of ‘malicious’ cyber attacks in an unprecedented joint operation to reveal Beijing’s espionage.

Britain publicly blamed China for targeting the Electoral Commission watchdog and for being behind a campaign of online ‘reconnaissance’ aimed at the email accounts of MPs and peers.

The Electoral Commission attack was identified in October 2022, but the hackers had first been able to access the commission’s systems for more than a year, since August 2021.

– December 2023

A Foreign Office minister told the Commons that private conversations of high-profile politicians and civil servants were compromised by Russia’s principal security service during ‘sustained’ attempts to interfere in UK politics.

A cyber influence campaign by a group known as Star Blizzard, ‘almost certainly’ a subordinate of an FSB cyber unit, had ‘selectively leaked and amplified information’ since 2015.

– July 2022

The British Army confirmed a ‘breach’ of its Twitter and YouTube accounts. The channel featured videos on cyptocurrency and images of billionaire businessman Elon Musk.

The official Twitter account had retweeted a number of posts appearing to relate to NFTs (non-fungible tokens).

– July 2021

The UK accused the Chinese government of being behind ‘systematic cyber sabotage’ following a hacking attack which affected a quarter of a million servers around the world. The attacks, which took place in early 2021, targeted Microsoft Exchange servers.

– April 2021

Britain accused Russia’s foreign intelligence service of being behind a major cyber attack on the West.

The Foreign, Commonwealth and Development Office (FCDO) said the National Cyber Security Centre (NCSC) had assessed that it was ‘highly likely’ the SVR was responsible for the so-called SolarWinds hack.

– July 2020

Britain, the United States and Canada accused Russian spies of targeting scientists seeking to develop a coronavirus vaccine.

The three allies said hackers linked to Russian intelligence were seeking to steal the secrets of research bodies around the world, including in the UK.