Support 100 years of independent journalism.

  1. Spotlight
  2. Cybersecurity
31 October 2022

After Liz Truss’s smartphone “hack”, will ministers finally take cybersecurity seriously?

Using personal devices for official business should be a breach of the ministerial code, says a security expert.

By Harry Clarke-Ezzidio

National security concerns have been raised following reports that Liz Truss had her personal phone hacked by a foreign entity, which many have presumed to be Russia, while she was foreign secretary. Over a year’s worth of conversations, including sensitive messages and exchanges with international foreign ministers about the war in Ukraine, are believed to have been accessed by the hackers.

It wasn’t until the Tory leadership campaign this summer that security services noticed that Truss’s phone had been compromised, the Mail on Sunday reports. Boris Johnson, the prime minister at the time, and Simon Case, the cabinet secretary and head of the civil service, imposed a “news blackout” on the hack, the paper alleges. 

Truss’s device is reported to be so heavily compromised that it has been placed in a locked safe in “a secure government location”. There have been calls for a full investigation.

The government is yet to confirm whether Truss, who was foreign secretary from September 2021 until her short-lived tenure as prime minister, indeed had her device compromised. Michael Gove, the Levelling Up Secretary, told Sky News that the government took these matters “incredibly seriously” but he did not know the full details “of what security breach, if any, took place”. A government spokesperson said that they “do not comment on individuals’ security arrangements” and added that the government “has robust systems in place to protect against cyber-threats”, which includes “regular security briefings for ministers”.

This month Suella Braverman, the Home Secretary, initially resigned after sending confidential policy documents to an adviser outside of government, and was later rehired to her post by Rishi Sunak when he became Prime Minister. Is there a need for official rules setting out how government officials conduct business and handle sensitive documents? And if the reports are true and Truss’s phone was hacked by Russia, what does it mean for national security?

Select and enter your email address Quick and essential guide to domestic and global politics from the New Statesman's politics team. A weekly newsletter helping you fit together the pieces of the global economic slowdown. The New Statesman’s global affairs newsletter, every Monday and Friday. The New Statesman’s weekly environment email on the politics, business and culture of the climate and nature crises - in your inbox every Thursday. Our weekly culture newsletter – from books and art to pop culture and memes – sent every Friday. A weekly round-up of some of the best articles featured in the most recent issue of the New Statesman, sent each Saturday. A newsletter showcasing the finest writing from the ideas section and the NS archive, covering political ideas, philosophy, criticism and intellectual history - sent every Wednesday. Sign up to receive information regarding NS events, subscription offers & product updates.
  • Administration / Office
  • Arts and Culture
  • Board Member
  • Business / Corporate Services
  • Client / Customer Services
  • Communications
  • Construction, Works, Engineering
  • Education, Curriculum and Teaching
  • Environment, Conservation and NRM
  • Facility / Grounds Management and Maintenance
  • Finance Management
  • Health - Medical and Nursing Management
  • HR, Training and Organisational Development
  • Information and Communications Technology
  • Information Services, Statistics, Records, Archives
  • Infrastructure Management - Transport, Utilities
  • Legal Officers and Practitioners
  • Librarians and Library Management
  • Management
  • Marketing
  • OH&S, Risk Management
  • Operations Management
  • Planning, Policy, Strategy
  • Printing, Design, Publishing, Web
  • Projects, Programs and Advisors
  • Property, Assets and Fleet Management
  • Public Relations and Media
  • Purchasing and Procurement
  • Quality Management
  • Science and Technical Research and Development
  • Security and Law Enforcement
  • Service Delivery
  • Sport and Recreation
  • Travel, Accommodation, Tourism
  • Wellbeing, Community / Social Services
Visit our privacy Policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications.
THANK YOU

“It’s a very big deal,” Alan Woodward, a forensic computing expert at the University of Surrey, told Spotlight. “Imagine being able to walk into the room and listen to the conversations, read the messages of a foreign secretary when you’re a foreign power. It’s what every intelligence service wants to know: what the person on the other side of the table is thinking, what their intentions are; who are they allying themselves to.”

Content from our partners
Cybercrime is becoming more like a standard business
What are the green skills of the future?
A global hub for content producers, gaming and entertainment companies in Abu Dhabi

[See also: The Policy Ask with Mark Girolami: “Computer science should be compulsory at GCSE level”]

The most likely way in which Truss’s phone could have been compromised is by sophisticated spyware technology being installed onto it, Woodward said. In theory there are two ways that could be carried out: either by exploiting vulnerabilities in some of the software used on the phone, or by foul play, with someone getting “physical access to your phone, and being able to plug something in, and uploading [spyware] to your device”.

MPs are known to frequently use messaging services such as WhatsApp, where messages are protected by end-to-end encryption, but hackers could still access those messages if they had installed spyware, Woodward warned. “If it’s the right type of spyware, and it’s able to access enough on the phone, then anything on the phone – which includes messages from encrypted messaging services, emails, and potentially microphones, cameras and GPS – could be accessed.”

Officials have what Woodward referred to as a “BYOD” (bring your own device) problem: ministers often prefer to conduct official business on their personal phones, as opposed to more secure government devices, for the sake of convenience. “If someone’s using their own device [things] can get very porous. It’s almost inevitable that someone’s going to find a weak spot and target that device. When you’re a high-value target like Liz Truss, you’ve got to expect that you’re going to be targeted.”

Today’s sensitive geopolitics make the possibility of a hack on Truss’s phone even worse, Woodward said. “I wouldn’t be surprised if foreign agencies haven’t been trying to do it to many politicians. Unfortunately, this is in a period where she appears to be having some very sensitive conversations on non-government channels. It’s terribly convenient, but you shouldn’t be having those conversations on your own [personal] device.”

Politicians are given “a lot” of advice on protecting their correspondence, which includes not using personal phones for official business, from the National Cyber Security Centre and other government agencies, said Woodward, “but whether they’re sticking to it or not, I have my doubts – simply because of the convenience.”

“They’re told endlessly not to do it, but I’m afraid they do, as seen with Suella Braverman,” he continued. The Home Secretary has admitted sending government documents to her personal email address, and sending a sensitive document to a colleague from her private phone. “That’s just a no-no – you may as well send a postcard, email is just that insecure.” To protect politicians, and by extension national security, Woodward suggested that a ban on conducting official business on personal phones should be written into the ministerial code, and that those in the highest ranks of government should have their devices checked regularly for abnormalities.

While calls for an investigation into the alleged hack persist, concerns about hostile foreign agencies targeting politicians will only continue, Woodward said. “It’s not just a sign of things to come, but where we already are,” he said. “Mobile devices are very desirable. It’s Christmas if you can get into it and control it.”

[See also: NHS Digital’s Mike Fell: “Cybersecurity can sound bizarre, but getting it wrong puts patients at risk”]