Former UK Prime Minister Liz Truss’s personal phone was hacked earlier this year by suspected foreign agents, putting national security at risk, according to a new report on Sunday.
Unnamed “security sources” told the Mail on Sunday that the incident was discovered during the Conservative Party leadership contest over the summer, causing Truss sleepless nights as she worried it may impact her chances of winning.
However, then-Prime Minister Boris Johnson and cabinet secretary Simon Case are said to have imposed a total news blackout on the incident.
“It is not a great look for the intelligence services if the foreign secretary’s phone can be so easily plundered for embarrassing personal messages by agents presumed to be working for Vladimir Putin’s Russia,” a security source told the paper.
No evidence was given linking the breach to the Kremlin, although it’s believed that a year’s worth of messages were downloaded from Truss’s device by an unauthorized intruder.
These apparently included “highly sensitive” conversations with other countries’ foreign ministers about the war in Ukraine, including detailed discussions about arms shipments.
The use by ministers of personal devices and consumer-grade services for government business is creating unacceptable national security risks, according to security experts.
Home secretary Suella Braverman was recently forced to resign after it was revealed that she used her personal email to send a confidential government document on immigration policy to a Tory backbencher. She was subsequently reappointed by incoming PM Rishi Sunak.
ESET global cybersecurity advisor, Jake Moore, pointed to notorious phone-snooping malware Pegasus as a potential culprit for the Truss attack.
“Its quiet, under-the-radar delivery method enables it to monitor the vast majority of a device and those targeted will have no idea of its residence,” he argued.
“High-profile people such as politicians are often targeted, so it is extremely important they keep their personal phone number private and to change it immediately if ever leaked. It is also imperative that they keep their phones up to date and patched with the latest security updates to reduce the chance of such attacks.”
Achi Lewis, area VP EMEA for Absolute Software, added that everyone in an organization is a potential target.
“From the Prime Minister to a new joiner, every potential employee and endpoint is at risk of a cyber-attack,” he said.
“All members of staff and electronic devices contain sensitive data in some form which makes them vulnerable to threat actors and requires that they not only have sufficient cyber-training to identify the dangers but also effective cybersecurity technologies to both prevent and react when – not if – an attack occurs.”