Russians leak police data on to dark web after ransom rejected
CONFIDENTIAL information held by some of Britain’s police forces has been stolen by Russian hackers in an embarrassing security breach, The Mail on Sunday can reveal.
The cyber-criminal gang Clop has released some of the material it plundered from an IT firm that handles access to the police national computer (PNC) on the so-called ‘dark web’ – with the threat of more to follow.
Clop is believed to have demanded a ransom from the company, Dacoll, after launching a ‘phishing’ attack in October that gave it access to material, including that of the PNC, holding the personal information and records of 13million people.
When Dacoll refused to pay, the hackers uploaded hundreds of files on to the dark web, a hidden area of the internet only accessible through a specialised web browser. The company declined to reveal the size of ransom demanded.
The files include images of motorists, which Clop appears to have taken from the national Automatic Number Plate Recognition (ANPR) system. Footage includes close-up images of the faces of drivers who have been snapped speeding. It is unclear what additional – and potentially more sensitive – information Clop might release on the dark web, where it could be scooped up by fraudsters.
Philip Ingram, a national security expert and former colonel in British military intelligence, said: ‘This is an extremely serious breach of a company providing a capability to police forces across the UK.
‘The damage caused by this kind of data leak is unfathomable as it brings into question the cybersecurity arrangements that exist between multiple public and private organisations to manage sensitive law enforcement data.’
Dacoll, based in West Lothian, was established in 1969 by electrical engineer Brian Colling,
who had previously repaired home appliances before doing National Service with the RAF.
The 88-year-old has grown the company into a UK-wide IT solutions provider, with 160 staff.
One of Dacoll’s subsidiaries, NDI Technologies, provides a ‘critical’ service for 90 per cent of the UK’s police forces, giving officers remote access to the PNC. Another Dacoll firm, NDI Recognition Systems, provides IT support for the ANPR systems used by the police, Highways England and DVLA.
A spokesman for the National Cyber Security Centre said: ‘We are aware of this incident and working with law enforcement partners to fully understand and mitigate any potential impact.’
Clop has earned millions of pounds through ransomware hacks in the past two years. Victims have included the oil giant Shell, American bank Flagstar and the University of California.
Like many ransomware groups, it sends ‘phishing’ emails to employees, which appear genuine but actually contain a sophisticated virus that harvests data when opened.
Faced with the prospect of sensitive material being leaked, some firms pay the ransom, including US insurance giant CNA Financial which reportedly paid out $40million (£30million) earlier this year. The MoS revealed last month how Clop had targeted StorA-File, a British data storage company whose clients include GP practices, NHS hospital trusts, local councils, law firms and accountants.
A National Crime Agency spokesman said last night: ‘The agency is aware of an incident affecting Dacoll and we are supporting the investigation.’
A Dacoll spokesman said: ‘We can confirm we were the victims of a cyber incident on October 5.
‘We were able to quickly return to our normal operational levels. The incident was limited to an internal network not linked to any of our clients’ networks or services.’