News

Russian hackers leak classified British police data on the ‘Dark Web’ after ransom was refused


The Mail on Sunday revealed that confidential information held by some British police forces had been stolen by Russian hackers in an embarrassing security breach.

The cybercriminal Clop has released some of the material it looted from the IT company dealing with police national computer access (PNC) on the so-called “dark web” — with the threat of more to follow.

Clop is believed to have demanded a ransom from Dacoll, after launching a “phishing” attack in October that gave it access to materials, including those of the PNC, which holds the personal information and records of 13 million people.

It’s not clear what additional – and possibly more sensitive – information the Clop might release on the dark web, where scammers can get hold of it (file image used)

When Dacoll refused to pay, the hackers uploaded hundreds of files to the Dark Web, a hidden area of ​​the Internet that can only be accessed through a specialized web browser.

The company declined to disclose the size of the ransom demanded.

The files include photos of motorists, which Clop appears to have taken from the National Automatic Number Plate Recognition (ANPR) system.

The footage includes close-ups of the drivers’ faces captured as they were speeding.

It’s not clear what additional – and perhaps more sensitive – information Clop might publish on the dark web, where scammers can get hold of it.

Like many ransomware suites, Clop sends emails

Like many ransomware groups, Clop sends “phishing” emails (in the form of a file) to employees, which look authentic but actually contain a complex virus.

Philip Ingram, a national security expert and former colonel in British Military Intelligence, said: “This is a very serious breach of a company that provides a capability to police forces across the UK.

“The harm caused by this type of data leakage is incomprehensible as it raises questions about the cybersecurity arrangements that exist among many public and private organizations to manage sensitive law enforcement data.”

Dacoll, headquartered in West Lothian, was founded in 1969 by electrical engineer Brian Colling, who previously repaired household appliances before performing national service with the RAF.

The 88-year-old has successfully developed the company into a UK-wide IT solutions provider, with 160 employees.

NDI Technologies, a subsidiary of Dacoll, provides a “critical” service to 90 per cent of the UK’s police force, giving officers remote access to the PNC.

Dacoll’s other company, NDI Recognition Systems, provides IT support for ANPR systems used by Police, Highways England and the DVLA.

A spokesperson for the National Cyber ​​Security Center said: “We are aware of this incident and are working with law enforcement partners to fully understand and mitigate any potential impact.”

Clop has earned millions of pounds through ransomware hacks in the past two years. Among the victims were the oil giant Shell, the US bank Flagstar and the University of California.

Russian hackers stole classified information from some British police forces in an embarrassing security breach (file photo)

Russian hackers stole classified information from some British police forces in an embarrassing security breach (file photo)

Like many ransomware suites, it sends “phishing” emails to employees, which look authentic but actually contain a complex virus that collects data when opened.

Faced with the possibility of leaking sensitive material, some companies are paying the ransom, including US insurance giant CNA Financial which was said to have paid $40m (£30m) earlier this year.

The Treasury revealed last month how Clop targeted Stor-A-File, a British data storage firm whose clients include GP practices, NHS hospital trusts, local councils, law firms and accountants.

A spokesperson for the National Crime Agency said last night: “The agency is aware of an incident affecting Dakol and we support the investigation.”

A Dacoll spokesperson said: “We can confirm that we were the victims of a cyber incident on October 5.

We have been able to quickly return to our normal operating levels. The incident was limited to an internal network that is not connected to any of our clients’ networks or services.



Source link

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button