Hackers targeted the database of a firm which handles the security for some of Britain’s most secretive sites – including a nuclear submarine base and a chemical weapon lab
Top secret security information on British military and intelligence sites has been leaked online by hackers linked to Russia.
They released thousands of pages of data which could help criminals get into the HMNB Clyde nuclear submarine base, the Porton Down chemical weapon lab and a GCHQ listening post.
Information about high-security prisons and a military site key to our cyber defences was also stolen in the raid by group LockBit. Hackers targeted the databases of Zaun, a firm which makes fences for maximum security sites. The information was then placed on to the internet’s dark web, which can be accessed using special software.
Last night Labour MP Kevan Jones, who sits on the Commons Defence Select Committee, warned: “This is potentially very damaging to the security of some of our most sensitive sites.
“The Government needs to explain why this firm’s computer systems were so vulnerable. Any information which gives security arrangements to potential enemies is of huge concern.”
We can reveal the information was stolen last month in a major attack on West Midlands-based Zaun, which makes fences and perimeter security measures for high-risk sites and provided security barriers at the London 2012 Olympics. LockBit is described as the world’s most dangerous hacking gang and key suspects are Mikhail Matveev in the FBI’s Most Wanted list after attacks on 1,400 global targets. They include a £66million blackmail attempt on the Royal Mail – which refused to pay up.
Several Russian nationals have been held in America and Canada accused of cyber raids. LockBit is said to have financial links to Russian gangsters. In one leaked document relating to specific equipment bought to protect Porton Down, Wilts, Zaun describes its work there as “very secretive”. Also published was a sales order detailing goods bought for HMNB Clyde – better known as Faslane, home to Trident nuclear subs.
The leaked documents also include a sales order report for equipment at GCHQ’s communications complex in Bude, Cornwall. GCHQ describes Bude as playing “a critical part” in our security. The leak includes security equipment at RAF Waddington, Lincs, where the Reaper attack drones squadron is based, and Cawdor Barracks, whose 14th Signal Regiment deals in electronic warfare.
Detailed drawings for perimeter fencing at Cawdor, in Pembrokeshire, were attached to company emails. There is also a map highlighting installations at the site. Paperwork relating to a string of jails, including Category A Long Lartin, Worcs, and Whitemoor, Cambs, was also leaked.
We have chosen not to publish specific details about the equipment, while Zaun would not discuss ransom demands last night. A security expert labelled the incident a “devastating blow to our national security infrastructure”.
And Tory MP Tobias Ellwood, chair of the Defence committee, said: “How does this affect the ability of our defence establishments to continue functioning without threat of attack?
“How do we better defend ourselves from Russian-backed interference no doubt related to our stance in supporting Ukraine? Finally, this is another example of how conflict is no longer limited to the traditional battlefield, it now includes the digital domain and is placing ever greater demands on security apparatus.”
LockBit is said to have issued £80million in ransom demands worldwide. It has been on the radar of the FBI since 2020. Russian national Ruslan Magomedovich Astamirov was charged in the US “for involvement in deploying numerous LockBit ransomware and other attacks in the US, Asia, Europe, and Africa”.
The US Department of Justice said: “LockBit ransomware variant first appeared around January 2020. LockBit actors have executed over 1,400 attacks, issuing over $100million in demands and receiving tens of millions in Bitcoin.”
In 2022 the US announced charges against Mikhail Vasiliev, a dual Russian and Canadian national. He is being held in Canada and is awaiting extradition to the US. A second Russian, Mikhail Pavlovich Matveev, is wanted “for alleged participation” in separate LockBit conspiracies.
Zaun, which has alerted police, recorded a pre-tax profit of almost £700,000 in its last accounts. The firm said: “LockBit will have potentially gained access to some historic emails, orders, drawings and project files. We do not believe classified documents were stored on the system or have been compromised.
“The National Cyber Security Centre has been contacted and we are taking advice. Zaun is a victim of a sophisticated cyber attack and has taken all reasonable measures to mitigate any attack on our systems.”
The Government said: “We do not comment on security matters.”
The firm’s name might mean “fence” in German, but British company Zaun’s security barriers appear to have come crashing down, writes Professor Anthony Glees, Security and Intelligence expert.
It is a devastating blow to our national security infrastructure for details to be leaked on the dark web about security equipment provided to sensitive sites – including the home of Britain’s nuclear deterrent. It shows the ease with which Russia-linked hackers can breach high-strength computer systems at will.
The cache of documents relates to equipment made by high-security fencing specialist Zaun supplied to a host of sites. They include Faslane, home of the UK’s nuclear submarines, top-secret government lab Porton Down, and GCHQ’s Bude outpost.
Any hostile intelligence service would give their right arm to have these kinds of details.
A retired British Intelligence officer once told me that intelligence is like the bones of kippers. In and of them- selves the bones seem to be of little consequence – but, taken together, they are what make the kipper.
In other words, having access to specific security equipment at a sensitive site gives hostile actors a rich picture of what is actually there.
Every detail about the UK’s defence estate is of huge interest to our foes. It follows other serious breaches involving Scotland Yard and the Police Service of Northern Ireland.
National security is a core duty of government. Hacks must be stopped before they get through. Sloppy protocols, especially by suppliers, seem to be a weak spot in our armour.
Ironically, the company making secure fencing to keep people out has, inadvertently, let our enemies in.
Get email updates with the day’s biggest stories