Classified documents revealing details of UK-US trade talks leaked ahead of the 2019 election were stolen from the email account of former trade minister Liam Fox by likely Russian hackers.
Two sources with direct knowledge of the matter told Reuters that hackers accessed Fox’s email account multiple times between 12 July and 21 October last year. They added that the attack had the characteristics of a state-backed operation.
Among the stolen information were six tranches of documents detailing British trade talks with the US, which were brandished by Jeremy Corbyn as proof that the NHS would be up for sale in a post-Brexit trade deal.
‘Spear phishing’
Dominic Raab, the foreign secretary, confirmed last month that “Russian actors” had sought to interfere in the election “through the online amplification of illicitly acquired and leaked Government documents”.
It is not known whether Fox – who remains an MP – was still serving as a trade minister at the time of the hack. He stepped down from the Cabinet after Boris Johnson became prime minister last year.
The hack is one of the most direct examples of suspected Russian meddling in British politics. A parliamentary report last month revealed that the UK government failed to prepare for Moscow’s attempts to interfere with the 2016 Brexit referendum and has made little effort to assess what happened since then.
Fox’s email account was hacked using a so-called “spear phishing” message, Reuters reported, which tricks the target into handing over their password and login details. It is unclear if the hackers who stole the documents also leaked them online later on.
Public interest?
Labour defended their use of the documents at the time by claiming they had done so in the public interest. The details of the talks had been posted on Reddit.
Corbyn claimed that the documents revealed a government plot to sell off the NHS to Donald Trump’s America – an accusation repeatedly denied by Johnson.
Britain last month accused Russian state intelligence operatives of hacking international pharmaceutical research in an effort to win the global race for a vaccine against Covid-19.
The UK’s National Cyber Security Centre (NCSC) revealed that vaccine and therapeutic sectors in multiple countries have been targeted, although it declined to list specific names of institutions on security grounds.
The NSCS named the group responsible for the hacking as APT29, adding that it is “almost certainly” an arm of Russian intelligence. The group also goes by the name of Cozy Bear or The Dukes, and has targeted vaccine research organisations in Britain, the US and Canada.
Related: What two different Russia reports tell us about Boris Johnson