Police f iles posted on dark web after shadowy Russian hackers target Scottish IT f irm
POLICE in Scotland are investigating after confidential information held by forces around the country was stolen by Russian cyberhackers.
In a hugely embarrassing security breach, a notorious gang has managed to hack a Scottish IT firm that handles access to the UK’s police national computer (PNC).
Swathes of police data plundered from the firm’s files has been released on the dark web with the threat of more to follow.
The hackers – a notorious Russian gang called Clop – are believed to have demanded a ransom from the company after launching a ‘phishing’ attack in October that gave it access to material including the PNC which holds personal information and records of 13 million people.
The firm targeted by the hackers is IT management company Dacoll, based in Bathgate, West Lothian.
After the data was stolen, the hackers demanded a ransom. But when Dacoll refused to pay, the cyber gang uploaded hundreds of the files onto the dark web, a hidden area of the internet only accessible through a specialised web browser.
It includes images of motorists which Clop appears to have taken from the national vehicle licence plate recognition camera system. Raw footage from Automatic Number Plate Recognition (ANPR) includes close-up images of the faces of drivers who have been snapped speeding by motorway gantry or traffic monitoring cameras.
It is unclear what additional – and potentially even more sensitive –
‘Damage caused by this leak is unfathomable’
information Clop has taken and may release on the dark web, where it could be scooped up by fraudsters and blackmailers.
Philip Ingram, a national security expert and former British military intelligence colonel, said: ‘This is an extremely serious breach of a company that is providing a capability to police forces across the UK.
‘The damage caused by this kind of data leak is unfathomable as it brings into question the oversight and cybersecurity arrangements that exist between multiple public and private organisations to manage sensitive law enforcement data.’
Dacoll was established in 1969 by electrical engineer Brian Colling, who had previously repaired washing machines and fridges before doing national service with the RAF. The 88-year-old has grown the company into a UK-wide IT solutions provider with 160 staff.
One of Dacoll’s subsidiaries, NDI Technologies, provides a ‘critical’ service for 90 per cent of the UK police forces, allowing officers to gain remote access to the PNC when they are on the beat or in cars. Another Dacoll firm, NDI Recognition Systems, provides IT support for the ANPR systems used by the police, Highways England and the DVLA.
Last night, a spokesman for the company said: ‘Dacoll Group can
Ransomware attack on company that manages access to UK national crime computer ++ GCHQ launches probe
confirm we were the victims of a cyber incident on an internal company network on October 5.
‘Steps were taken to contain and mitigate the incident, and we were able to quickly start returning to our normal operational levels.
‘We have kept everyone affected fully informed. There is an ongoing criminal investigation led by Police Scotland. All relevant agencies including the Information Commissioner’s Office have been notified.’
UK security services have also launched investigations into the cyber attack.
A spokesman for the National Cyber Security Centre, which is part of GCHQ, said: ‘We are aware of this incident and are working with law enforcement partners to fully understand and mitigate any potential impact.’
Clop has earned millions of pounds through ransomware hacks in the past two years. Victims have included the oil giant Shell, American bank Flagstar and the University of California.
Like many ransomware groups, they send phishing emails to employees which appear genuine but actually contain a virus that harvests data when opened by the unsuspecting recipient.
An NCA spokesman said: ‘The National Crime Agency is aware of an incident affecting Dacoll and we are supporting the criminal investigation, which is being led by Police Scotland.’
Last night, Police Scotland confirmed that it is investigating the incident. A spokesman said: ‘Police Scotland’s Cyber Investigation Unit has received a report of an incident concerning Dacoll and an investigation is under way into the matter.
‘Inquiries are ongoing and we are working with our partners to support them.’