The European, multi-country, joint venture, MBDA Missile Systems finds itself in the center of a NATO investigation into how information pertaining to MBDA’s missile system has found its way on the darknet where it is being offered for sale to any and all buyers willing to cough up 15 bitcoins. The BBC quoted a NATO spokesperson as having said, “We are assessing claims relating to data allegedly stolen from MBDA. We have no indication that any NATO network has been compromised.”

MBDA data held for ransom

In late-July “andrastea” published a ransom note to MBDA, and said that they were “a group of independent specialists and researchers in the field of cybersecurity. We found critical vulnerabilities in your network infrastructure and gained access to the company’s files and confidential data. Currently, the volume of downloaded data is approximately 60 GB (gigabytes). The downloaded data contains confidential and closed (SIC) information about the employees of your company, which took part in the development of closed military projects of MBDA (PLANCTON, CRONOS, CA SIRIUS, EMADS, B1NT, etc.) and the commercial activities of your company in the interests of the Ministry of Defense of the European Union (design documentation of the air defense, missile system and systems of coastal protection, drawings, presentation, video and photo (3D) materials, contract agreements and correspondence with other companies Rampini Carlo, Netcomgroup, Rafael, Thales, ST Electronics, etc.)”

MBDA tells “andrastea” to pound sand

At that time MBDA said they weren’t paying a ransom and that their network and infrastructure was secure. Furthermore, MBDA’s statement issued following the receipt of the note, highlighted that the company believed the data in the possession of “andrastea” was neither classified nor sensitive. Furthermore, MBDA opined that the information came from an “external drive” belonging to an Italian employee of a business partner (NFI, possibly LEONARDO who is a partner in the MBDA Missile Systems.)

MBDA’s, August 1, statement: “BDA is the subject of a blackmail attempt by a criminal group that falsely claims to have hacked the company’s information networks. Following the company’s refusal to yield to this blackmail threat and pay a ransom demand, the criminal group has spread information on the internet, making it accessible for payment. This matter is the subject of an investigation by the Italian national authorities, who MBDA is fully supporting. The company will take all possible legal actions in the face of what is a criminal act of blackmail. The origin of the data has already been ascertained, having been acquired from an external hard drive. It has been confirmed that no hacking of the company’s secure networks has occurred. So far, the company’s internal verification processes indicate that the data made available online are neither classified data nor sensitive. MBDA has state-of-the-art cyber protection systems in place to face these kinds of criminal action.”

NATO concerned

According to BBC, approximately 80 GB was being offered for sale and that the BBC had processed a 50-megabyte sample, which in fact did contain NATO classified information (NATO SECRET – information which if disclosed would cause serious harm to NATO).  The difference between the 60 GB claimed to be in the criminal’s possession in late July and the 80 GB claimed in late-August, may be as a result of multiple compromises or, more likely, the processing of the purloined hard drive has been more completely processed.

As noted supra, NATO is concerned and is engaged in the investigation and no doubt controlling the damage the release of the data may have in the viability of various missile systems used by NATO members, including those provided to Ukraine for use in their defense against Russia’s aggression.

The investigation will ultimately confirm or refute MBDA’s attestation concerning the positive identification of the source for the information displayed by the hackers calling themselves “andrastea.” At that time a more thorough damage assessment will have to occur.

Related News

Christopher Burgess (@burgessct) is an author and speaker on the topic of security strategy. Christopher, served 30+ years within the Central Intelligence Agency. He lived and worked in South Asia, Southeast Asia, the Middle East, Central Europe, and Latin America. Upon his retirement, the CIA awarded him the Career Distinguished Intelligence Medal, the highest level of career recognition. Christopher co-authored the book, “Secrets Stolen, Fortunes Lost, Preventing Intellectual Property Theft and Economic Espionage in the 21st Century” (Syngress, March 2008). He is the founder of securelytravel.com