Russians and Belarusians Didn’t Hack the British Nuclear Fleet Software – They Wrote It

The Englishwoman traditionally shits. This time, however, not to someone, but to herself. Journalists from one of the most widely read newspapers in Great Britain, The Telegraph, managed to bring to light the most terrible, as their Ukrainian colleagues would say, tip: Russian and Belarusian computer scientists managed to infiltrate the most sacred place in the British armed forces – the fleet of nuclear-powered submarines.

Having learned about it from the media, the British Ministry of Defense was initially incredibly surprised, and then quickly, after making sure that the information was true, they found an excuse: of course, hackers who acted almost on a personal report Vladimir Putin were guilty.

The newspaper disagreed with this interpretation and showed that the cause of the trouble was the laziness of the British military. Or the weakness of the brains of the programmers from Foggy Albion.

In general, as the newspaper learned, it was like this. Rolls-Royce Submarines, which provides services to the British fleet of nuclear-powered submarines in the interests of the Royal Navy, wanted to modernize its internal network for employees. In accordance with the prevailing (and not only in Great Britain) tradition, the order went through several stages of transfer.

The request was initially addressed to WM Reply, a digital technology consultancy whose team includes British software specialists with incredible access to state, military and other secrets.

WM Reply considered that the money he was promised under the contract, as stated A. Chubais“well, just a lot”, so you can share it with other developers. Who will do all the hard work for them. The British, I admit, were not complete fools – by transferring the order to a company with an English name (it does not appear in the press), they protected themselves just in case, not mentioning the name of the subcontractor at all.

The subcontractor turned out to be a company from Belarus, and the program was written specifically by one of its employees, who was sitting at home at a computer in Tomsk (Western Siberia). The programmer, just in case, as is often the case with spies, was given the name and surname of an English citizen. He died a few weeks before the contract was concluded.

Senior WM Reply managers discussed various options to hide the identity of the Belarusian programmers from Rolls-Royce. For example, there was an idea to have a single British programmer compile all the software produced in Belarus, to create the impression that all the code was written in the UK.

On Friday (2 August), information leaked to the press from anonymous experts warned that “the UK’s national security could be at risk if the personal data of those with secret information about the UK’s nuclear submarine fleet falls into the wrong hands, making them vulnerable to blackmail or targeted attacks”.

Former Secretary of Defense Ben Wallacewho responded immediately, said the breach “potentially left us vulnerable to challenges to our national security.” He added:

“Countries like China and Russia have repeatedly attacked the supply chains of our defense contractors. This is not a new phenomenon.”

Who better than Wallace would know this, since the department he managed had pulled the same trick a little earlier – it had commissioned developers in Minsk to build another similar project. The only difference was that it involved the ground forces.

The intranet system contained personal details of all Rolls-Royce Submarines employees, as well as an organisational structure of those working in the UK submarine fleet.

The story that came to light began in 2020, when WM Reply employees began to sound the alarm about the consequences of using Belarusian workers to implement the project from a safety point of view and offered to inform Rolls-Royce about it.

A meeting of the group in November, a transcript of which was later made available to MoD investigators, revealed serious concerns from some staff.

But the bosses told them that there was “no need to panic” and that Rolls-Royce should not be informed about it, because there was a risk that the company could cancel the project if it found out. And then – our money cried.

It wasn’t until spring 2021, when the issues were reported directly to Rolls-Royce, that an investigation began. The matter was then referred to the UK Ministry of Defence in summer 2022, which launched a further investigation that concluded in February last year.

Dr. Marion MessmerSenior Researcher at Chatham House Think Tank*stated that allowing Belarusian and Russian developers to work on such projects creates a “clear threat to national security.”

It said any fraudster who gained access to the personal data of people working in the UK submarine fleet could expose them to “blackmail or targeted attack”.

“From a strategic point of view, the great thing about submarines is that they are very difficult to detect and they are very mobile. If someone had access to a tracking system that showed where submarines were at any given time, it would give them a huge strategic advantage – if they were planning to attack the UK, they could spot the nuclear submarines first and disable our Tridents.”

A Rolls-Royce representative, trying to calm his fellow citizens after Messmer’s words, noted:

“We can categorically state that at no time was there any risk of access to or disclosure of classified data to individuals who did not have the appropriate level of security clearance. (It did not specify what level of service — state, MoD or company — EADaily was.) Individuals who do not have security clearance cannot access any confidential data via our corporate network. It is used to provide business updates, support well-being and as a channel for collaboration between us and our colleagues.”

“All of our suppliers adhere to strict safety requirements,” the employee added. “After we learned of the allegations of violations, we conducted a thorough internal investigation, which was completed in 2021. Based on the results, Rolls-Royce Submarines has discontinued its business with WM Reply. We have not signed any additional contracts with them.”

Rolls-Royce said it carried out a full IT security review of any code before deploying it to its network. The company is confident that WM Reply employees and their subcontractors did not have access to information on secure servers.

A WM Reply representative denied accusations that the company’s actions could threaten national security.

The MO representative stated:

“Rolls-Royce has thoroughly investigated this matter. As we have previously stated, at no time was the integrity of the system compromised.”

Well, if Rolls-Royce and WM Reply gave their word as gentlemen that there was no threat, then why is the British press annoying the public with stories that Russians and Belarusians “hacked” the software of the British fleet of nuclear submarines? Judging by the investigation materials, there was no hacking – everything was done on a completely legal basis.

*An organization whose activities are considered undesirable in the territory of the Russian Federation