The Mail on Sunday has learned that the prime minister and 25 of her cabinet members’ personal cell phone numbers are being sold online.
They are available on a dubious US website that charges just £6.49 for access to the data, which cyber experts fear China and Russia may use to eavesdrop on high government officials.
The website includes contact information for Liz Truss, Chancellor Kwasi Kwarteng, Ben Wallace, James Cleverly, and Suella Braverman, as well as those for the Defense and Foreign Ministries.
There is also Sir Keir Starmer’s phone number, the leader of the Labour Party.
After the MoS informed them of the hack, which also contained email addresses and passwords, Ministers last night assessed the danger with national security experts on the eve of the Conservative Party conference.
The Cabinet Office said that it was looking into the matter and that some of the data was outdated. However, the MoS acknowledged that the data haul included Ms Truss’s and 26 other up-to-date phone numbers for the Cabinet.
The hack was described as “really alarming” yesterday night by a former British intelligence official, who also cautioned that software that sends a virus to a phone through text message might be used to target sensitive information.
The US website, which this publication declines to identify, allows subscribers to easily search for any information by entering in a person’s name.
The service searches through data that has been taken in cyber breaches dating back more than ten years in only a few short seconds. The website claims to have a searchable database with more than 14 billion files of “compromised assets.”
The identity of the website’s creators is still unknown. The phone number listed on the website rings out unanswered. Its office is located outside of the flash and glamour of the Sin City Strip, in a less affluent part of Las Vegas.
However, the office was a shabby prefab used as a service address for hundreds of firms when a MoS reporter arrived on Friday to inquire about who administers the website.
I’m afraid I can’t provide you that information, the receptionist responded. Sincerely, I am powerless to help.
The MoS found the Prime Minister’s personal cellphone number in a matter of seconds after paying a £6.49 charge to use the site for a week.
A result of a search for “Elizabeth Truss” seemed to include a mobile phone number, which the website said had been taken in a 2020 breach of Covve, a well-known digital contacts book.
When our reporter entered the phone number to WhatsApp, a picture of the Prime Minister from last Christmas’ profile appeared.
We investigated and eventually verified that Ms. Truss had been using the number at least since 2011. Additionally, this publication verified that the website had the current phone numbers for every member of the Cabinet, with the exception of Northern Ireland Secretary Chris Heaton-Harris and Deputy Prime Minister Therese Coffey.
There were the current phone numbers for seven Labour frontbenchers, including the shadow foreign secretary David Lammy, the shadow health secretary Wes Streeting, and the shadow climate secretary and former leader Ed Miliband.
Our reporters searched the location for top military and intelligence personnel but were unable to locate any.
Experts caution that mobile devices are especially vulnerable to cyber assault. The Saudi Crown Prince Mohammed bin Salman is accused of using the Israeli Pegasus technology, which allows users to access phones without the owner’s knowledge, to hack Jeff Bezos, the founder of Amazon. And according to allegations made by a court last year, Dubai’s ruler Sheik Mohammed used it on his ex-wife Princess Haya and five friends.
Former British intelligence officer and cyber security specialist Colonel Philip Ingram MBE said: “The fact that the Prime Minister’s and her Cabinet colleagues’ phone numbers are available online is a remarkable security breach.” It is really alarming and startling, and it will lead to ructions within the government.
‘Mobile phones are a vulnerable point of entry for Britain’s foes because of the amount of business that Ministers and Opposition leaders do on WhatsApp groups and other phone applications,’ claims the report.
Col. Ingram said that a text message, which doesn’t even need to be opened, may start surveillance software on a phone.
Pegasus has access to almost everything on that machine. He cautioned that the user of the phone would not be aware of it as it disappears in the background. ‘ And given that China is a global leader in the creation of tools like these, you can be sure that other countries like Russia and China use software that is very identical to yours.
For many years, the US spied on German chancellor Angela Merkel’s phone using a similar technique. This is a significant data leak from the perspective of a nation-state. God only knows what is leaking if you have the phone numbers of people like the Prime Minister, the Chancellor, and the Defense Secretary available.
“If you can get into someone’s phone, you can follow their movements, who they are interacting with, and all kinds of stuff that would assist the adversary,” said security expert Professor Anthony Glees from the University of Buckingham. Whether you want to use information as blackmail, you may find out if they are having an affair or anything else.
“The UK is perhaps Ukraine’s biggest ally in its conflict with Russia. We must be really vigilant.
We take cyber security very seriously, and we have organizations like the National Cyber Security Centre to support businesses and people in defending their personal information against online attacks, according to a Cabinet Office spokeswoman.
The Government is aware that there are websites that compile information on previous data breaches, thus a lot of the information on these websites is outdated and inaccurate.
“Ministers get regular security briefings and advice,” which includes guidance on safeguarding personal information and reducing cyber risks.