Foreign Office cyber attacks may have risked safety of civil servants and UK’s allies, Tory MPs say
Russian and Chinese cyber attacks on the Foreign Office are a “serious security breach” which may have compromised the safety of UK civil servants and the country’s allies, Tory MPs have warned.
Cyber attackers from Russia and China were able to access the internal systems of the Foreign, Commonwealth and Development Office (FCDO) in 2021 and see the day-to-day business of the Government department responsible for national security, i has revealed.
The hacks, which came at a time when tensions with Russia and China were ramping up, allowed state-linked cyber attackers to access official FCDO material including emails, internal messages, and teams meetings.
While the information available to adversaries did not include classified or sensitive information, Tory MPs warned the breach still posed a serious risk to UK officials and its allies.
Conservative Chair of the Foreign Affairs Committee Alicia Kearns said it “puts the safety of not just FCDO staff at risk” but also contractors of Government and vulnerable individuals in “some of the most dangerous and autocratic” countries in the world.
“Whilst it’s a relief no classified materials were accessed, it is a serious security breach,” she told i.
“Countries who stalk and intimidate our FCDO public servants now know who is working on which sensitive environment or fragile country, and the strategic and intimate thinking of the department that plays a major role in keeping us safe.”
Former Tory leader Sir Iain Duncan Smith echoed her concerns, calling the hack “very dangerous” not just for the UK but also for its allies.
“The exposure of all interchanges of communications between senior operatives in any department, but particularly in the Foreign Office, is dangerous,” he told i.
“Our allies and friends in the free world will have been unguarded in their comments that will be circulating within the office, which will have been hacked, and which gives leading information to our would-be enemies.”
Insiders at the UK’s intelligence, security and cyber agency GCHQ and the FCDO told i the cyber hacks were enabled by a member of staff “probably accidentally” downloading malware hidden in an email.
The Government ultimately did not admit to the hacks because they didn’t want the “embarrassment” that their systems had been accessed on such a scale, a GCHQ insider said.
Sir Iain said that by not publicly revealing the breach, the Government may have compromised the safety of its counterparts in Five Eyes and Nato during a “seminal year” for souring relations with China and Russia. It is not known if the UK privately warned its allies about the cyber attacks.
He told i: “This isn’t just embarrassing, this is dangerous, it’s very dangerous when ministers and officials confuse embarrassment with security risk.
“The public and politicians need to have confidence that the messaging that takes place is confidential and remains confidential on key subjects.”
