Amidst growing concerns over cybersecurity vulnerabilities, suspicions of state involvement have arisen following a significant breach in the UK’s armed forces payroll system, prompting diplomatic tensions and calls for enhanced security measures. Here’s the full story.
Online Shift
In yet another sign of the shift of espionage activity to the online realm, a recent significant breach in the UK’s armed forces payroll system has come to light.
270,000 Records
The breach exposed approximately 270,000 payroll records of active, reserve, and veteran military members to malignant foreign state actors.
Third-Party
The payroll records were managed by a third-party contractor, SSCL, a privately owned French company Sopra Steria subsidiary.
Deeply Embarrassing
The sheer scale of the breach is deeply embarrassing for the government, as the hackers accessed incredibly sensitive information, including the names, bank details, and addresses of serving personnel, reservists, and veterans.
Many Suspect China
While government officials have been at pains not to name who they suspect may be behind the hack, suspicions have been widely discussed, with China emerging as the primary suspect.
“Malign Actor”
Grant Shapps, the Defence Secretary, refused to lay the blame at China’s door, cautiously suggesting only the involvement of a “malign actor.”
“National Security”
Shapps added, “For reasons of national security, we can’t release further details of the suspected cyber-activity behind this incident.”
Naming and Shaming
Despite the government’s reticence to name the country many believe is behind the hack, others on the government benches were considerably less concerned with naming and shaming the accused.
“Does Point to China”
Speaking to BBC Radio 4’s Today programme, Tobias Ellwood, who was previously the chair of the Commons Defence Committee, stated, “Targeting the names of the payroll system and service personnel’s bank details, this does point to China because it can be as part of a plan, a strategy to see who might be coerced.”
“Anti-China Political Farce”
For its part, China has vehemently denied that it was behind the hack. A Chinese embassy spokesperson stated, “We urge the relevant parties in the UK to stop spreading false information, stop fabricating so-called China threat narratives, and stop their anti-China political farce.”
Questions Raised
The government has been attacked for its handling of the data breach, and serious questions have been raised about its preparedness and accountability for cyber security threats.
No Strategy
John Healey, the shadow Defence Secretary, claimed that the hack and the government’s reluctance to blame China showed that the government had “no cross-government China strategy”, leaving the UK open to more similar hacks from Beijing.
“Evidence of Failings”
Concerns were also raised about the suitability of the contractor SSCL, who was handling the military records. Grant Shapps told the Commons that there was “evidence of failings” in the recently privatised company.
Review Launched
The breach has led the Ministry of Defence (MoD) to launch a review of SSCL’s operations, and the Cabinet Office is conducting its own review of the company’s work for other government departments.
Credit Checks
While the extent of the security breach remains unclear, measures have been taken to mitigate any potential risks to armed forces personnel. The government is offering credit checks for those affected to ensure that their bank data is not accessed.
Fool Me Once
This is not the first time China has been publicly or privately blamed for breaches in the UK’s online security.
Electoral Commission Attack
The government recently publicly blamed China for a cyber attack on the Electoral Commission in August 2021 that breached the data of millions of voters on the electoral register.
“No More Pretence”
China’s perceived bullish attitude to the cyber-attacks has proven too much for some Conservative MPs, with Ian Duncan Smith stating, “No more pretence, China is a malign actor, supporting Russia with money and military equipment, working with Iran and North Korea in a new axis of totalitarian states.”
Proliferation of Cyber Attacks
The government has previously appeared slow to realise the pervasive threat posed by cyber-attacks on UK institutions, though its long-term defence strategy paper did note that as a tactic, the use of “commercial spyware, ransomware, and offensive cyber capabilities by state and non-state actors has proliferated.”
Inherent Weakness
The Armed Forces payroll data breach has brought to the forefront the inherent weaknesses of the modern, always-online world, particularly regarding online government information.
Genuine Risks
While the ease of buying and selling, tracking customers for ads and tailoring online experiences that make users more likely to buy products have been invaluable for businesses, there are still genuine risks when adversarial states or hackers looking for money misuse these systems.
Uncertain Future
However, what this hack might mean for the UK’s online security in the future remains to be seen.
The post UK Armed Forces Payroll Leaked in Suspected State-Sponsored Cyberattack first appeared on Swift Feed.
Featured Image Credit: Shutterstock / William Barton.