Did China hack the Ministry of Defence? (Picture: Getty)
Ministry of Defence personnel have been exposed after it was targeted by a mystery rogue actor thought to be China.
China has been accused of the breach unofficially, according to Sky News.
Names and bank account details of service personnel and veterans were accessed in a ‘serious’ data breach targeting the ministry.
This kind of a breach in a government department in charge of UK defence is ‘significant,’ cyber security expert James Sullivan said.
To view this video please enable JavaScript, and consider upgrading to a web
browser that
supports HTML5
video
China is suspected of the major hacking (Picture: Getty)
Sullivan, director of cyber research at the Royal United Services Institute, a defence and cyber security think-tank in London, told Metro.co.uk: ‘By nature, any data that is compromised in an organisation like that is a serious incident.’
While China has been suspected of the attack, the UK government has not officially named it.
Rishi Sunak told Sky News today that ‘there are indications that a malign actor has compromised the Armed Forces payment network.’
He refused to name China, saying Defence Secretary Grant Shapps would make a statement about the incident later today.
China denied any accusations, with a spokesperson calling it ‘fabricated, malicious slander,’ Sky News reported citing the country’s Foreign Ministry.
What data was hacked?
It is understood the system of a third-party company handling payroll for the ministry was targeted.
Bank details of all serving armed forces personnel and some veterans could have been compromised, with a small number of addresses also accessed, PA says.
The first crucial steps in the investigation were to ‘understand the data’ and to identify the ‘motivation of the actor,’ Sullivan said.
RUSI’s director of cyber security James Sullivan said it is ‘within the realms of possibilities’ China is behind the breach (Provider: RUSI)
‘If it’s a criminal group it will be sold on, but if it’s a state-led operation they might want to use that data for other kinds of activity.’
‘You could, in theory, target individuals because you have their data. It could help you to understand structures within the organisation or they could sit on the data for years.’
After becoming aware of the breach, the department immediately took the external contractor’s external network offline, PA reports.
An initial investigation found no evidence that data was removed.
Is China responsible for the breach?
Sullivan pointed out the UK government has been ‘very careful not to name anyone’ at the ‘early stages’ of the probe.
He said: ‘It is just media speculation who it is. You do have the usual actors from suspect countries, and it is no surprise China is on this list.
‘It could be within the realms of possibilities. But we need to wait and see,’ he said.
Tobias Ellwood MP, former chairman of the Commons Defence Committee, told BBC Radio 4: ‘Targeting the names of the payroll system and service personnel’s bank details, this does point to China because it can be as part of a plan, a strategy to see who might be coerced.’
But Sullivan warned that an investigation ‘takes a lot of time.’
For now, the ministry will be working to understand ‘as much as possible of this actor and how they got in.’
The system managed by an external party held sensitive payroll information of Royal Navy, Armed Forces and RAF personnel (Picture: Ian Forsyth/Getty Images)
He continued: ‘The lesson for us is: governments and organisations of all sizes use third parties that are custodians of all sorts of data.
‘To me, it shows your cyber risk is not just within the organisation but with any that you have a digital relationship with.’
The attack is ‘another warning that the UK government needs to implement the highest cyber security standards.’
‘It’s about having even better cyber defences, understanding your weak points, and dealing with them accordingly,’ he added.
Why has the UK government not named China?
Sam Coates from Sky News claimed there is a ‘huge amount of nervousness’ about how to handle this publicly because of the ‘economic relationship.’
Lin Jian, a spokesperson for the Chinese Ministry of Foreign Affairs, told a press conference: ‘The remarks of these UK politicians are absurd.
‘China opposes all forms of cyber attacks, and the use of this issue to smear and vilify other countries.’
In March, the UK and US accused China of launching a ‘malicious’ campaign of cyber attacks.
Britain blamed Beijing for targeting the Electoral Commission in 2021 and for trying to get hold of email accounts of MPs and peers, PA reports.
China’s Foreign Ministry was contacted for a comment.
Get in touch with our news team by emailing us at webnews@metro.co.uk.
For more stories like this, check our news page.