The Pegasus spyware could have allowed the operator to carry out 24-hour surveillance of messages and calls made on a Number 10 device
Image: Getty Images)
Downing Street has been the victim of a major security breach after powerful spyware linked to the United Arab Emirates was found on a Number 10 device, it has been claimed.
The spyware – which could have allowed the operator to carry out 24-hour surveillance of messages and calls – was found on a device on Number 10’s network.
The worrying security breach of prime minister’s residences took place on July 7, 2020.
The Israeli Pegasus spyware was also thought to have infected Foreign Office devices between July 2020 and June 2021 on at least five separate occasions.
Those infections were again linked to hackers in the UAE, as well as India, Cyprus and Jordan.
An investigative journalist at the New Yorker magazine revealed news of the Number 10 infection.
It came after testing conducted on several Downing Street phones, including the device belonging to the prime minister.
But Britain’s National Cyber Security Center couldn’t locate the device in question and the nature of the information stolen couldn’t be determined, according to the reports.
John Scott-Railton, a senior researcher at the Citizen Lab center at the Univestity of Toronto, told the magazine: “When we found the No10 case, my jaw dropped.”
He believes UK authorities have failed to realize the significant threat Pegasus poses and has been left “spectacularly burned” as a result.
Another senior researcher, Bill Marczak, adds: “We suspect this included the exfiltration of data.”
Speaking about the FCO attacks, Citizen Lab director Ron Deibert said the agency’s international nature means the hacking could have taken place abroad.
He said: “Because [The FCO and FCDO] have personnel in many countries, the suspected FCO infections we observed could have related to FCO devices located abroad and using foreign SIM cards, similar to the hacking of foreign phone numbers used by US State Department employees in Uganda in 2021.”
Mr Deibert added that the UK is currently embroiled in “ongoing legislative and judicial efforts” relating to cyber policy.
He said Downing Street is also working out how to remedy losses incurred by spyware victims.
In a separate incident in 2021, Boris Johnson changed his phone when it emerged his mobile number had been on the internet for more than a decade.
Earlier this year, Brit businesses were warned to bolster their digital defenses after “malicious” cyber incidents targeted Ukraine.
The National Cyber Security Center (NCSC) has updated its guidance to UK firms and groups and said it is investigating the recent reports of “malicious cyber incidents in Ukraine”.
The NCSC said it had not identified any current threats to the UK, but noted its updated guidance would allow organizations “to build resilience and stay ahead of potential threats”.
The centre’s director of operations, Paul Chichester, said: “The NCSC is committed to raising awareness of evolving cyber threats and presenting actionable steps to mitigate them.
“While we are unaware of any specific cyber threats to UK organizations in relation to events in Ukraine, we are monitoring the situation closely and it is vital that organizations follow the guidance to ensure they are resilient.
“Over several years, we have observed a pattern of malicious Russian behavior in cyberspace. Last week’s incidents in Ukraine bear the hallmarks of similar Russian activity we have observed before.”
The updated guidance encourages organizations to reduce the risk of falling victim to a cyber attack by taking “actionable” steps.