UK-based Shared Services Connected Limited (SSCL) has been named as the Ministry of Defence (MoD) contractor hacked by, according to senior government sources, China.
British defense minister Grant Shapps has admitted that the personal and financial details of 272,000 service personnel were hacked by “a malign actor.” However, the breach is now being widely attributed to China, despite China’s dismissal of the allegations as “absurd”. But while the compromised payment system has now been taken offline, there are growing fears that the breach may not merely be confined to the MoD, as SSCL handle a number of UK government contracts.
“We’re the largest provider of critical business support services for the Government, the UK Military & Veterans (MoD), Metropolitan Police Service, and the Construction Industry Training Board (CITB),” boasts SSCL on its website.
Longer-term implications hard to determine
While the short-term impact of the breach can be contained relatively easily, the longer-term implications may be far harder to determine. China is known to target individuals with a range of coercive strategies, including blackmail and bribery, and Shapps has admitted to the British Parliament’s House of Commons that personal details of service personnel, such as their private addresses and financial details, have been exposed. The problem will be further magnified should it transpire that, for example, the details of London’s Metropolitan Police personnel have also been compromised.
There is also the danger that a compromised payroll service could be used by a hostile foreign power such as China at a time when an allied power such as the UK may be active in a region where China may wish to exert influence. By blocking the pay of active service personnel, a potentially hostile nation state could significantly damage army, navy, or air force morale at a crucial stage in a future conflict.
The UK’s shadow defense secretary, John Healey, underlined the gravity of the situation, citing a threefold increase in MoD cyber breaches over the past five years and saying that contractors and sub-contractors represent a “soft underbelly” for potential hackers. While there is, as yet, no evidence that the MoD’s main defense systems have been compromised, this large-scale breach will act as a catalyst for other allied powers, such as the US, Australia, Germany, and France, to take a much closer look at their contractors’ cyber defenses.
