26 Aug 2022

Nato investigates hacker sale of missile firm data

7:44 pm on 26 August 2022

Nato is assessing the impact of a data breach of classified military documents being sold by a hacker group online.

cybercrime, hacking and technology concept - hands of hacker in dark room writing code or using computer virus program for cyber attack

Criminal hackers are selling the dossiers after stealing data linked to a major European weapons maker (file image). Photo: 123RF

The data includes blueprints of weapons being used by Nato allies in the Ukraine conflict.

Criminal hackers are selling the dossiers after stealing data linked to a major European weapons maker.

MBDA Missile Systems admitted its data was among the stash but claimed none of the classified files belong to the firm.

The pan-European company, which is headquartered in France, said its information was hacked from a compromised external hard drive, adding that it was cooperating with authorities in Italy, where the data breach took place.

It is understood investigations are centred around one of MBDA's suppliers.

In a statement, a Nato spokesperson said: "We are assessing claims relating to data allegedly stolen from MBDA. We have no indication that any Nato network has been compromised."

Cyber criminals, operating on Russian and English forums, are selling 80GB of the stolen data for 15 Bitcoin (approximately £18,000) and claimed to have sold the stash to at least one unknown buyer so far.

In their advert for the stolen data, the hackers claimed to have "classified information about employees of companies that took part in the development of closed military projects" as well as "design documentation, drawings, presentations, video and photo materials, contract agreements and correspondence with other companies".

A free 50MB sample of the data, seen by the BBC, includes documents labelled "NATO CONFIDENTIAL", "NATO RESTRICTED" and "Unclassified Controlled Information".

In addition to the sample, the criminals supplied additional documents by email, including two marked "NATO SECRET".

Nato's classification levels are:

  • COSMIC TOP SECRET: unauthorised disclosure would cause exceptionally grave damage to Nato
  • NATO SECRET: unauthorised disclosure would cause serious damage to Nato
  • NATO CONFIDENTIAL: unauthorised disclosure would be damaging to Nato interests
  • NATO RESTRICTED: unauthorised disclosure would be disadvantageous to the interests of Nato

Unclassified Controlled Information is a US security label for information that is government created or owned; information that requires safeguarding or dissemination controls consistent with applicable laws, regulations and government-wide policies

The hackers would not confirm whether or not the material had come from more than one hacked source.

The files, which the BBC has not been been able to independently verify, detail a "communications intelligence" mission by a US air squadron carried out at the end of 2020 in Estonia over the Baltics.

It includes the call logs, full name, phone number and GPS coordinates of a person allegedly at the centre of the operation.

A former Nato official said: "There's a lot of over-classification in Nato but these labels matter. They are applied by the originator of the information and NATO SECRET is not applied lightly.

"This really is the kind of information Nato doesn't want out there in the public."

He added that the chances of the documents having been declassified were slim bearing in mind most of the files appeared to have been created between 2017 and 2020.

The sample files also included a presentation that appeared to detail the inner workings of the Land Ceptor CAMM (Common Anti-Air Modular Missile), including the precise location of the electronic storage unit within it.

One of these was recently sent to Poland for use in the Ukraine conflict as part of the Sky Sabre system and is operational.

MBDA Missile Systems has not disputed that its information had been breached but said: "The company's internal verification processes indicate that the data made available online are neither classified data nor sensitive."

However, some of the documents known to have been stolen from MBDA are labelled as "proprietary information not to be disclosed or reproduced".

MBDA Missile Systems was created in December 2001 after the merger of missile systems companies in France, Italy and the UK.

It has has 13,000 employees and is a joint venture of Airbus, BAE Systems and Leonardo.

Last year it posted revenue of £3.5b and counts the UK Ministry of Defence, US military, the European Union and Nato as customers of its weapons systems.

- BBC