UK government urges caution over blaming China for Ministry of Defence breach
Britain’s defense minister, Grant Shapps, urged caution on Tuesday following reports that China was suspected of hacking a third-party payment system used by the armed forces.
News of the incident broke over the bank holiday weekend, with a Sky News headline first announcing that China had hacked the Ministry of Defence.
Several reports followed repeating that China was suspected of being behind an attempt to compromise the network of a contractor called SSCL — which operates completely separate from the MoD’s own systems — responsible for payments to regular and reservist personnel, as well as some veterans.
These reports did not make clear whether the suspicion about China came from qualified experts based on technical evidence or if it simply reflected the expectations of politicians and officials.
In a statement to the House of Commons on Tuesday, Shapps said up to 272,000 service personnel may have been impacted by the incident, but that “initial investigations have found no evidence that any data has been removed.”
Shapps added that while the government did not currently believe that any information had been stolen, it was acting as if data had been compromised as a precaution and to ensure that those serving in the armed forces were adequately protected.
He stressed there was evidence of potential failings by the contractor “which may have made it easier for the malign actor to gain entry,” and that a full investigation into the contractor had been launched to examine these failings and minimize the risk of similar incidents in the future.
Despite widespread calls for the government to attribute the attack to China in the House of Commons on Tuesday, the defense minister stressed that it was too early to make that assessment.
“For reasons of national security, we can’t release further details of the suspected cyber activity behind this incident. However, I can confirm to the House that we do have indications that this was the suspected work of a malign actor and we cannot rule out state involvement,” said Shapps.
He repeatedly referenced the Butler reforms, a series of changes affecting how the British intelligence community makes assessments following a review into failings associated with assessments about Iraq possessing weapons of mass destruction.
One of the principal criticisms the Butler review made about the intelligence community at that time was that its assessments were not adequately insulated from politicians’ expectations.
Beijing has responded to the media reports by describing them as “completely fabricated and malicious slanders.” China has similarly criticized allegations regarding its hacking activities even when these are made by the government after the full assessment process has taken place.
Unlike in the United Kingdom and United States, where the governments have avowed their cyber capabilities and published detailed information about how these are regulated and deployed, China does not acknowledge engaging in cyber operations.
The lack of a formal acknowledgement about these activities runs contrary to widespread attributions of offensive cyber activities to Beijing. The British government earlier this year accused Chinese state-affiliated hackers with “carrying out malicious cyber activity targeting UK institutions and individuals important to our democracy.”
That targeting allegedly included last August’s hack of the country’s Electoral Commission, the independent agency overseeing voting eligibility as well as political parties' election financing.
Responding to the Defence Secretary’s statement on Tuesday, a range of British politicians highlighted these hostile activities — which unlike the SSCL hack have been formally attributed to China — and called on the government to take a harder line with Beijing.
Alexander Martin
is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.