Report reveals new information on the Downing Street cyber-attacks

A new report has been released confirming the cyber-attacks on various devices at Downing Street.

Downing Street has allegedly fallen victim to a substantial security breach, following the finding of a powerful spyware software linked to the United Arab Emirates on a Number 10 device according to a report by The New Yorker.

The report claimed that Pegasus spyware made by the Israeli spyware company NSO Group was used on July 7, 2020,in an attempt to hack into a device connected to the network at 10 Downing Street. A UK government official confirmed that there was a hacking attempt, however, they did not confirm whether Pegasus was used.

NSO Group claims that Pegasus is only sold to foreign governments following approval from the Defence Ministry, to be used as a tool for catching criminals and terrorists, but it states that it is not able to control whom its clients decide to monitor nor does it have access to the information collected.

 The National Cyber Security Centre, which works under the jurisdiction of the British Defence Ministry, led the investigation into various devices at Downing 10, including the Prime Minister’s, but were unable to locate the infected device.

John Scott-Railton, a senior researcher at the Citizen Lab centre at the University of Toronto, told The New Yorker: “When we found the No10 case, my jaw dropped.” Bill Marczak, another senior researcher added: “We suspect this included the exfiltration of data.”

Foreign Office devices were also believed to be victims of cyber-attacks between July 2020 and June 2021 on at least five separate occasions. Commenting on these attacks, Ron Deibert, the Citizen Lab Director at the University of Toronto, stated:

“Because [The FCO and FCDO] have personnel in many countries, the suspected FCO infections we observed could have related to FCO devices located abroad and using foreign SIM cards, similar to the hacking of foreign phone numbers used by US State Department employees in Uganda in 2021.”

Deibert also stated that the UK is currently faced with “ongoing legislative and judicial efforts” relating to cyber policy and Downing Street is also working out how to remedy losses incurred by spyware victims.