Stolen data found in Futurescot’s exclusive investigation serves as wake-up call for Scottish public sector organisations

Hidden secrets of the dark web


Tens of thousands of email accounts belonging to public sector officials have been found on the dark web following a Futurescot investigation. More than 42,000 “leaked

credentials” and “compromised ac- counts” are listed on underground hacker forums, raising fears about potentially crippling cyberattacks. According to our probe, the

dark web holds a vast cache of data stolen via third party website breaches, which are used as source material by hackers. Te investigation – conducted

with Israeli dark net threat intel- ligence firm Kela – uncovered the trove of data from illicit “dump sources”, which contains data previously exposed as part of other breaches. Our sweep looked at more than

50 Scottish public sector organisa- tions including the NHS, councils and central government, to see whether they may have employees or service users whose details from past breaches – including email ad- dresses and often passwords – have ended up on dark web sites.

We are not specifying the

breakdown of data among those organisations in order not to attract potential hackers to mount attacks. However, the leaked data was de-

scribed as a “wake-up call” follow- ing a string of recent ransomware at- tacks which have caused significant disruption across the public sector. On Christmas Eve, the Conti

cybercrime group locked 1,200 staff from the Scottish Environment Protection Agency (Sepa) out of its network following a ransomware attack. Sepa refused to pay the ransom

and had its internal, sensitive data released on the attackers’ dark web blog site as punishment. And the Glasgow homeless and social care provider, Aspire, was also hit by the same gang in April. Scottish Conservative chief whip

Stephen Kerr said: “Te public will be alarmed to see that so much leaked email data across Scotland’s public sector bodies is so easily ac- cessible for hackers. “Tis data must be a wake-up

call to ensure that the Scottish Government, local authorities and health boards have the most robust


The NHS – where fears are heightened around ransomware – has appeared among the list of Scottish public sector organisations with leaked credentials on the dark web

measures in place to avoid being at- tacked by hackers across the world. “Tere can be absolutely no room

for complacency when it comes to keeping vital information safe from being leaked, especially when we know that hackers are using more and more creative methods to try and access data.”

Some of the credentials in the leak sources appeared in multiple breaches. For example, 24 emails were leaked at least 100 times in various breaches. It is important to stress, though, that much of the public sector relies on its own monitoring services for dark web

exposure and vulnerabilities, and many will have been aware of – and performed a clean-up operation – on dump sources identified by Kela’s RaDark monitoring tools. Te third-party breaches where

thousands of the credentials be- longing to the 32 local authorities, 14 health boards and the Scottish Government appeared were also historic. Tat does not mean there is no risk to public sector services, just that many organisations will have had an opportunity to prevent any further loss. One of the largest breach

“compilations” where much of the data appeared was in the so-called

Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36