UK Police Data Leaked on the Dark Web; Russian hackers hold 13 million records to ransom

After an apparent refusal to pay a ransom demand, Russian hackers leaked a sample of 13 million UK police data records to the dark web in retaliation.

The files were stolen from a police contractor, and Russian hackers only released a small portion of what they stole, but threatened to release more if their demands continue to be released. be pushed back. It’s unclear exactly what personal information was breached, but dark web samples contain indications that the data was stolen from a nationwide traffic monitoring system and contain photos of drivers caught speeding. .

UK Police Data Extracted From Contractor, Ransom Denial Leads To Partial Leak

The hack is attributed to the Clop Gang, a ransomware group that has been operating since 2019 and was particularly active in early 2021 (two of its most significant past violations involved ExecuPharm and the business collaboration company Accellion). Some gang members were arrested in Ukraine over the past summer, but the group’s Russian hackers quickly resumed operations. The group has earned tens of millions of dollars from some of its attacks and is considered a major player among cybercriminals.

The group is known to operate a dark website through which they dox the victims who don’t pay. In that case, the victim was Scotland-based IT support company Dacoll Group. Dacoll contracts with the UK government for the maintenance of the Police National Computer (PNC), a shared system used by many law enforcement agencies across the country.

Dacoll has apparently been successfully phished, giving Russian hackers access to around 13 million UK police data records. The company then refused to pay a ransom demand, the amount of which is unknown. Not much is currently known about the information that was compromised, but the group has put hundreds of data samples on its dark website as evidence of the attack and threatened to publish more if the entrepreneur was not reconsidering his position on the ransom.

The National Cyber ​​Security Center said it was working with Dacoll and law enforcement to investigate the incident. Dacoll recently released a statement saying the breach occurred on October 5. UK Police data sampling has since been removed from the dark website, and it is unclear whether Russian hackers intend to follow through on their threats to post more. .

Russian hackers leak information saying traffic camera data was stolen

Among the UK police data samples uploaded to the dark web were images from traffic cameras, the kind that go off automatically when a vehicle is detected exceeding the speed limit. This indicates that the recordings were stolen from the Automatic License Plate Recognition System (ANPR). Some of the leaked samples show close-up images of the faces of drivers captured by the radar.

UK citizens would undoubtedly like many more details on what Russian hackers had access to, but UK agencies and Dacoll are understandably very silent on the smallest details of the attack. There is cause for concern given that Dacoll provides services to 90% of UK law enforcement agencies through its subsidiary NDI Technologies. The company’s NDI Recognition Systems is the one that supports ANPR systems; UK Police data is shared with Highways England and DVLA through the company’s software products.

Russian hackers have once again pointed out that organizational cybersecurity is only as good as the weakest link in a supplier supply chain with reliable access, but this time with potentially more serious consequences. than usual.

As Saryu Nayyar, CEO of Gurucul observes: “It is not certain that the published evidence is valid, although it seems possible that it could be used to identify and blackmail motorists and other individuals… In this case, the data, when it should have been treated as confidential, was easily phished and downloaded. The police and their salesman Dacoll have little incentive to pay this particular ransom, so the onus of identity will fall on those cited by the evidence. It’s unfortunate that a Dacoll error results in potential loss for others, so the police should consolidate their own systems and deal with those whose evidence has been leaked. “

The incident raises the question of what can be expected of the average person when government agencies, who are entrusted with the most sensitive personal information, face a security breach. As the holiday season approaches, it remains to be seen what the UK government will do to remedy the situation; British citizens still need to know exactly what the Russian hackers got on with. The worst-case scenario would be access to their driver’s license information, a key element in enabling thieves to establish a change of address for the purpose of identity theft.

Garret Grajek, CEO of YouAttest, points out that the impetus falls mainly on the government contractors who have access to this sensitive information: “The real question: what are companies doing with all the chaos that is happening? The key is to focus on strong security practices. NIST’s guidelines on zero trust (SP 800-27) and cloud security (SP 800-210) are a good place to start. Identity is the key to all of these directives and countermeasures. It starts with a business knowing which identities are authorized at which resources and is imperative for cybersecurity.

Baber Amin, COO of Veridium, has additional suggestions for securing UK police data at the root: “In this case, the IT company and UK police should implement corresponding access control. Preventing successful phishing attacks, as usual, requires a layered approach to security and access.

  1. Eliminate all unauthenticated access by requiring that every connection be authenticated.
  2. Eliminate all single-factor authentication by enabling multiple factors.
  3. Depending on the information you are accessing, assign different authentication factors based on their level of trust.
  4. Create a multi-channel authentication policy so that a single compromised channel does not compromise the system.
  5. Do not allow full access on all systems, even if the user authenticates through some sort of MFA. Compartmentalize all accesses.
  6. Implement tools that check for unusual activity, such as polls, multiple failures, big data ingestion, or big data mining.
  7. Implement tools that assess endpoint trust and can identify bots and automated processes.
  8. Implement behavioral biometrics to distinguish normal users from bots and bad actors.

The victim was Scotland-based IT support company Dacoll Group, which serves the UK Police National Computer (PNC), a shared system used by many law enforcement agencies across the country. #ransomware # cybersecurity #respectdataClick to Tweet

As Russian hackers purposely removed their sample from UK police data, it’s possible the incident will end quietly as Clop fears it will attract the same level of heat that REvil recently (the group has already withstood a wave of arrests). But UK residents will have an additional worry as the holiday season approaches that they shouldn’t have to deal with, as the Home Office takes the side of downplaying the incident and delaying the public assessment of the potential damage.

Comments are closed.