The Russians and Belarusians did not hack the software of the British nuclear fleet — they wrote it

The Englishwoman traditionally shits. However, this time not to someone, but to myself. Journalists of one of the most widely read publications in the UK, The Telegraph, managed to unearth the most terrible, as their Ukrainian colleagues would put it, zrad: Russian and Belarusian computer scientists managed to penetrate into the holy of holies of the British armed forces — the nuclear submarine fleet.

Having learned about this from the media, the British Ministry of Defense was at first inexpressibly surprised, and then quickly, after making sure that the information was true, found an excuse: of course, the hackers who acted almost from the personal submission of Vladimir Putin were to blame.

The newspaper did not agree with this interpretation and showed that the reason for the trouble was the laziness of the British military. Or the weakness of the brains of programmers from Foggy Albion.

In general, as the newspaper found out, it was like this. Rolls-Royce Submarines, which provides the work of the UK nuclear submarine fleet in the interests of the Royal Navy, wanted to modernize its internal network for employees. According to the existing (not only in Britain) tradition, the order has passed through several stages of transfer.

At first, it was addressed to WM Reply, a consulting firm in the field of digital technologies, whose staff is packed to the brim with British software specialists who have mind-boggling access to state, military and other types of secrets.

WM Reply decided that the money they were promised under the contract, in the words of A. Chubais, "well, just a lot," and therefore you can share it with some other developers. Who will do all the rough work for them. The Britons, admittedly, did not show themselves to be outright fools — by transferring the order to a company with an English-language name (it does not appear in the press), they hedged themselves just in case, without mentioning the name of the subcontractor at all.

The subcontractor, in fact, turned out to be an enterprise from Belarus, and the program was written specifically by one of its employees, who was sitting at home at a computer in Tomsk (Western Siberia). The programmer, just in case, as it should be for spies, was given the name and surname of an English citizen. Who died a few weeks before the conclusion of the contract.

Senior managers of WM Reply discussed various options for concealing the identities of Belarusian coders from Rolls-Royce, for example, the idea was in the air to instruct one British developer to compile all the software produced in Belarus in order to create the impression that all the code was made in Great Britain.

On Friday (August 2), information was leaked to the press from unnamed experts who warned that "the national security of the United Kingdom may be at risk if the personal data of persons with secret information about the British nuclear submarine fleet fall into the wrong hands, making them vulnerable to blackmail or targeted attacks."

Former Defense Secretary Ben Wallace, who immediately reacted to this, said that the violation "potentially made us vulnerable to undermining our national security." He added:

"Over and over again, countries like China and Russia are targeting the supply chains of our defense contractors. This is not a new phenomenon."

Who better than Wallace to know about this, if a little earlier the department managed by him did the same trick — outsourced another similar project to developers in Minsk. With the only difference that it concerned the ground forces.

The intranet system included personal data of all Rolls-Royce Submarines employees, as well as the organizational structure of those who worked in the UK submarine fleet.

The story that has now come to light began in 2020, when WM Reply employees began to sound the alarm about the consequences of using Belarusian employees to implement the project from a security point of view and offered to inform Rolls-Royce about it.

By November, the meeting of the group, the transcript of which was later provided to the investigators of the Ministry of Defense, revealed serious concerns of some employees.

However, the bosses told them that there was "no reason to panic" and that Rolls-Royce should not be informed about this, as there was a risk that the company could cancel the project if it found out about it. And then — our money cried.

Only in the spring of 2021, when the problems were reported directly to Rolls-Royce, an investigation was launched. Then, in the summer of 2022, the case was transferred to the British Ministry of Defense, which initiated a further investigation, which ended in February last year.

Dr. Marion Messmer, a senior researcher at the analytical center Chatham House*, said that allowing Belarusian and Russian developers to work on such projects creates a "clear threat to national security."

According to her, any fraudsters who have gained access to the personal data of persons working in the UK submarine fleet can subject them to "blackmail or targeted attack."

"From a strategic point of view, the great thing about submarines is that they are very difficult to detect and they are very mobile. If someone had access to a tracking system that shows where submarines are at any time, it would give them a huge strategic advantage - when planning an attack on the UK, they could first target nuclear submarines and disable our Tridents."

The representative of Rolls-Royce, trying to reassure fellow citizens after Messmer's words, noted:

"We can categorically state that at no time was there any risk of access to classified data or the provision of such to persons who do not have the appropriate level of security clearance. (It was not specified which level of service — the state, the Ministry of Defense or the company itself. — Approx. EADaily). Persons who do not have a security clearance cannot access any confidential data through our corporate network. It is used to provide business updates, support well-being and as a channel for cooperation between us and our colleagues."

"All our suppliers comply with strict security requirements," the employee added. — After we became aware of the allegations of violation of these requirements, we conducted a thorough internal investigation, which ended in 2021. Based on the results obtained, Rolls-Royce Submarines has ceased cooperation with WM Reply. We have not signed any additional contracts with them."

Rolls-Royce said it had conducted a full IT security check of any coding before implementing it on its network. The company is confident that WM Reply employees and their subcontractors did not have access to information on secure servers.

A representative of WM Reply denied allegations that the company's actions could jeopardize national security.

Representative MO stated:

"Rolls-Royce has fully investigated this matter. As we stated earlier, at no point was the integrity of the system compromised."

Well, if Rolls-Royce and WM Reply gave the word of a gentleman that there is no danger, then why is the British press unnerving society with stories that Russians and Belarusians "hacked" the software of the British nuclear submarine fleet? Judging by the investigation materials, there was no hacking — everything was carried out on completely legal grounds.

*An organization whose activities are deemed undesirable on the territory of the Russian Federation