Listen to the article
Scientists working at a military base which was at the heart of the Skripal nerve agent probe fear their personal details may have been stolen by cyber criminals.
Workers at the Defence Scientific Technical Laboratory (DSTL) at Porton Down, Salisbury, were alerted to the security breach this month by union officials.
The base had been key in determining that it was Novichok which had been used in the attempted murder of Russian double agent Sergei Skripal and his daughter Yulia in Salisbury in 2018.
Other victims of the hack include technicians and engineers at the defence company BAe Systems, the electronics firm Siemens, and Rolls Royce all of which have military contracts.
All of those affected by the cyber attack are members of the trade union Prospect – whose 160,000 members also include senior Ministry of Defence (MoD) civil servants.
Although the MoD was not targeted directly, information belonging to some of the department’s scientists may have been stolen through what experts call a gateway attack – where criminals obtain information by hacking into organisations like Prospect and contractors.
Prospect was hacked in June but most of its members only learnt this month that personal information, including bank account details, personal email addresses, employment records and even their sexual orientation, may have been stolen.
The delay by Prospect in announcing the extent of the security breach has caused huge frustration amongst the trade union’s members who have warned about the dangers of UK national security being compromised.
An email seen by National Security News and sent by one DSTL scientist to Prospect, said: “We in DSTL work in national security, some in extremely sensitive roles dealing with current operations.
“When you found our data had been compromised you should have told us all immediately as our personal security is at risk. Was our data unencrypted? In whose Cloud was it? Who accessed it. Who was the threat actor? “
Another email said “The membership of this union includes top-level civil servants, the defence sector, nuclear sector etc — it’s a national security risk. The data could well end up in the hands of a hostile state actor.”
A Prospect member also claimed that the organisation refused to identify hackers or whether a ransom had been paid to retrieve stolen data.
Lord West, a former Security Minister under Labour, said he believed Russia was behind most of the recent spate of cyber attacks.
Lord West, a former head of the Royal Navy, who produced the UK’s first cyber strategy in 2009, added: “There is still a huge lack of awareness of the threat posed by cyber attacks. “Most of these originate from Russia with some from China and a lesser extent from Iran.
“Hackers will often target small businesses working for the MoD to gain access to bigger projects. For example rather they might target an SME producing valves for a nuclear submarine and use that as a gateway into the system.
“The key to preventing these attacks is better cyber security but also making sure your employees are aware the moment an organisation is hacked so they can take appropriate action.”
DSTL is one of the most sensitive and secure military bases in the UK and is where MoD scientists identified that the deadly nerve agent was used by Russian agents to poison the former Russian intelligence officer Sergei Skripal, his daughter Yulia in 2018.
Much of the work carried out by scientists, especially into deadly biological agents like the Ebola virus, is top secret.
Details of the latest cyber hack have emerged after the Mail On Sunday revealed last week that Russian hackers have stolen hundreds of sensitive military documents containing details of eight RAF and Royal Navy bases as well as Ministry of Defence staff names and emails – and posted them on the dark web.
It also emerged last week that a
A cyber attack on Jaguar Land Rover (JLR) will cost an estimated £1.9bn and has been the most economically damaging cyber event in UK history.
Experts at the Cyber Monitoring Centre (CMC) have analysed the continuing fallout from the hack, which halted the car giant’s production on 1 September for five weeks and caused widespread delays across JLR’s supply chain.
According to the CMC, 5,000 businesses have been affected in total and a full recovery will not be reached until January 2026.
An MoD spokesman said: “Ministry of Defence Spokesperson said: “We are aware of an incident affecting Prospect and are monitoring the situation closely.
“This was not an attack on MOD or any of its systems, and no classified information has been compromised. We continue to provide advice and support to Prospect as appropriate.”
A Prospect Spokesperson said: “We take our responsibility to our members incredibly seriously. We worked relentlessly to ensure we knew the precise scope of impact so we could notify those affected, in accordance with our legal obligations, and not cause unnecessary concern to other members who did not need to be notified.
“This required extensive detailed work to achieve and was completed as quickly as possible. Differentiating and identifying impact did take time but this allowed us to provide tailored communications, so members we notified knew exactly how they were affected and the support we were making available to them.
“We have engaged with employers, who are reinforcing our advice to affected members, including those in sensitive roles, and this will continue. Based on our engagement to date, there is no basis to suggest any broader security risk.”