Lab studying Covid-19 vaccine suffers increasing number of hacks to steal research data
One of the world’s top biology labs has been hacked. Its renowned professors have been working on how to deal with the Communist pneumonia (Wuhan pneumonia, Covid-19) pandemic.
The University of Oxford confirmed on February 25 that its structural biology department (known as “Strubi”) discovered and isolated a hack after Forbes revealed that Hackers had flaunted access to multiple systems. The systems included machines used to prepare biochemical samples, though the university said it could not comment further on the scale of the breach. It has contacted the National Cyber Security Centre (NCSC), a branch of the British intelligence agency, Government Communications Headquarters (GCHQ), which will now investigate the attack.
An Oxford spokesperson said, “We have identified and contained the problem and are now investigating it further. There has been no impact on any clinical research as this (the hack) was not carried out in the affected area. As is standard for such incidents, we have notified the National Cyber Security Centre and are working with them.” The U.K. Information Commissioner’s Office has also been notified, according to a spokesperson, who added that the affected systems do not contain any patient data and have no impact on patient confidentiality.
A spokesperson for the National Cyber Security Centre said, “We are aware of an incident affecting Oxford University and are working to fully understand its impact.”
Forbes, alerted by Hold Security Chief Technology Officer Alex Holden, who provided screenshots of the hack into Oxford’s systems. They show what appear to be interfaces to what may be lab equipment, capable of controlling pumps and pressures. The Windows-based controls also have the Time and date on them. They cover Feb. 13 and Feb. 14, 2021, indicating that the breach continued until recently.
An Oxford University spokesperson confirmed that the hacked machines were used to purify and prepare biochemical samples, such as proteins, which were made in the lab and used for basic research on them. The spokesperson confirmed that such samples have been used in the lab for coronavirus research.
An intrusion into the lab could put research data at risk of theft, including research on coronaviruses. There is also the threat of disrupting research if hackers are able to tinker with the flow of fluids or other aspects of the purification technology. Holden said he is particularly concerned about the breach because of the hacker’s apparent ability to disable the pressure alarm on the interface. He said, “With news breaking of cybercriminals tampering with water purity controls and other attacks against energy companies, this type of data is causing a lot of concern in the hands of cybercriminals.”
Professor Alan Woodward, a cybersecurity expert at the University of Surrey, added: “Given the current interest in the molecular structure in the Covid-19 study, one might speculate that this is someone searching for data about viruses or vaccines. It’s hard to understand why they would want to disrupt the research.”
“Since the attackers are selling access, this suggests that it may not be a country, but a group that thinks certain countries or those working on valuable intellectual property might pay.”
While not directly involved in the development of the Oxford-AstraZeneca vaccine, which is the domain of the Oxford Vaccine Group and the Jenner Institute, Strubi scientists have been heavily involved in studying how Covid-19 cells work and how to stop them from causing harm. This includes research on potential future vaccine candidates, and Strubi is also Home to the Particle Imaging Center, a “biosafety containment facility” for studying viruses in human and animal pathogens, whose researchers have recently published research on HIV.
Among its distinguished scientists working on Covid-19 is Sir David Stuart, a professor who was knighted late last year for “innovative approaches to vaccine development and structural biology. He is also a member of the Jenner Institute, which is behind the Covid-19 vaccine.
Interpol warned last year that organized crime groups were likely to target those involved in Covid-19 research and vaccine development. The attack on Oxford University is likely to be the first major example of such an attack.
Who hacked Oxford University?
Previously, Russian and North Korean hackers, have been blamed for attacks targeting Covid-19 researchers. But while some of the attacks against organizations working on Covid-19 have been linked to international espionage, the attacks on Oxford appear to be the work of financially motivated criminals, although these criminals are alleged to have ties to government hackers.
Holden said the group is very sophisticated and has been privately selling some of the victims’ stolen data, and has previously sold data to “advanced persistent threat” groups, a term for state-sponsored hackers. He noted that the hackers speak Portuguese. Holden added that some of the group’s other victims include universities in Brazil, and that they have used ransomware to extort some victims.
Holden also provided evidence that the business analytics firm, Dun & Bradstreet Malaysia, was recently hacked, and also provided screenshots of that attack, which included apparent access to internal email systems and Oracle databases. They also included a spreadsheet of the Oracle database passwords. At the time of publication, the company’s website was offline.
A Dun & Bradstreet spokesperson said the Malaysian office is an authorized business and is not connected to the systems of the authorized company. The possibility that Dun & Bradstreet Malaysia’s database may have been compromised could raise serious concerns about the company’s own intellectual property: it promises to have “an extensive and up-to-date database of more than 240 million companies worldwide. At press time, the Malaysian office had not responded to a request for comment.
Regardless of who hacked Oxford, the list of notable, high-value targets for these hacks is getting longer. And some governments may be buying their loot.