‘We could hack the Queen’s medical records if we wanted’

Graham Cluley
Graham Cluley
@[email protected]

'We could hack the Queen's medical records if we wanted'

It’s a story which has the potential to make the scandal over the hacking of celebrities’ mobile phone voicemails seem like small potatoes.

BBC Radio 4 has broadcast a documentary claiming that computer hackers were used by the British press to spy on politicians and the military.

According to the programme, the illicit mining of confidential information was said to be rife at one detective agency, which allegedly bragged of their ability to gain access to private medical records, tax records, pension information and so forth.

“They boasted ‘we could get the Queen’s medical records if we needed it'”.

Undercover investigations

In “The Report”, BBC reporter Jane Dodge spoke to a man who had unusual visibility on the inner workings of a private investigations agency used by national newspapers.

The report

For 10 years, former police officer Joe Poulton (not his real name) went undercover as a ‘chis’ (covert human intelligence source) at a firm called Southern Investigations. His job was to gather information for the police about the firm, and its owner Jonathan Rees.

Jonathan reesPoulton wasn’t there to gather evidence about computer hacking – but instead gathering intelligence regarding a possible connection between Rees and the murder of Daniel Morgan in 1987. Rees was charged with the murder but the case against him collapsed in March 2011.

What’s of interest to us, of course, are the unrelated claims of computer hacking. Because Joe Poulton told the BBC about the lengths the detective agency were prepared to go to get a story.

Rather than doing background checks for newspapers investigating stories, the firm is said to have discovered that there were rich pickings to be made from taking a story to a newspaper instead.

In Poulton’s opinion, such a relationship works well for newspapers as it allows them to distance themselves themselves from the (possibly illegal) way in which information has been gathered.

Spyware Trojan horses

Sign up to our free newsletter.
Security news, advice, and tips.

Poulton told the BBC documentary that Southern Investigations commissioned computer hackers in their thirst for information they might be able to sell to newspapers. Some of the hackers were said to have learnt the tricks of the trade while working for army intelligence.

A typical attack would involve a Trojan horse (dubbed an “eblaster trojan attack”) that could capture keystrokes and allow a remote hacker to see what was happening on a compromised computer. In this way, all emails and attached documents could be easily read.

The Northern Ireland connection

The documentary spoke to some possible victims of just such a Trojan attack: Ian Hurst, a former British army intelligence officer who handled IRA informers in Northern Ireland, and Jane Winter of British-Irish Rights Watch.

Hurst believes that Jonathan Rees hired a hacker to spy on his computer in 2006. According to the former army officer, journalists wanted to discover the new address of a man using the codename “Stakeknife”, an IRA informant who had fled after his name was made public.

British Intelligence Officer's Computer Hacked *HOT*

Meanwhile, Jane Winter believes that sensitive information accessed on her hacked computer could have potentially put people’s lives at risk.

Peter hainThese alleged hacks took place in 2006 – a tense political time for Northern Ireland.

Recently it has emerged that email accounts belonging to the then government minister for Northern Ireland may also have been hacked.

Peter Hain, who served as Secretary of State for Northern Ireland between 2005-2007, has been told by Scotland Yard’s “Operation Tuleta” team that computers belonging to him, containing sensitive intelligence material, may have been compromised.

Although all of the victims uncovered by the BBC investigation have a Northern Ireland connection, it is easy to imagine that the scale of the problem was actually much wider.

Hacking computers – but for who?

The obvious question has to be, if the claims that Southern Investigations hired hackers are true, who was the information being gathered for?

News of the WorldOn the BBC documentary, Joe Poulton names former News of the World executive Alex Marunchak as one of the firm’s regular customers.

Marunchak has denied any wrongdoing, saying he had never instructed any third party to gather private information through illegal means.

In addition, Jonathan Rees, the owner of Southern Investigations owner, denies ever selling or providing information obtained through illegal methods.

Ironically, Joe Poulton also believes his own computer was hacked and his communications spied upon – an incident that resulted in him blowing his cover in 2006, and forced him to abandon his role gathering information for the police.

Poulton claims that hackers would have been able to remove intelligence documents from his computer – including debriefs with his handlers.

Did the police know about all this hacking?

According to the BBC, the police have known about the problem of rogue private investigations firms hacking into computers for some time. A confidential report, seen by the BBC, was sent to the Home Office by the Serious Organised Crime Agency (SOCA) in 2008, detailing the criminal activities of such firms and the need for proper regulation of the industry.

The report describes the “eblaster Trojan attack” and even gives a price list for hacking different types of device:

Hacking phones/voicemail £7000 per month
Hacking computers £7000 per month

Of course, if the authorities have known about these activities for some years – why has it taken so long for a proper investigation of the hacking allegations to begin?

Operation Tuleta has an important job to do – not only in uncovering the truth about computer hacking, but also improving the reputation of a Metropolitan Police shaken by the repercussions of the phone hacking scandal.

For more information, listen to the BBC Radio Four programme: “The Report: Computer hacking”.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.