US Defense Contractors Stole Images From UK Secret Surveillance Station

Uploaded on 2017-12-22 in NEWS-Cybersecurity News, INTELLIGENCE--International, GOVERNMENT-Defence, FREE TO VIEW

Croughton is home to the USAF 501st Combat Support Wing (pictured).

In 2013, RAF Croughton was implicated in routing back to Washington the NSA phone tap on German chancellor Angela Merkel. 

In March 2016, a major upgrade to RAF Croughton's Satellite Communications (SATCOM) was revealed when the UK Defence Infrastructure Organisation (DIO) and prime contractors Mott MacDonald and HLM Architects submitted a very detailed planning application to South Northamptonshire Council.

The plans show a new windowless mission building "PL1" (Priority Level 1) and an antenna field comprising six new "golf ball" radomes, to provide the next generation of US DoD command and control data and voice lines to military operations.
This is known collectively as the Joint Intelligence Analysis Complex (JIAC).

In a major embarrassment to US and UK military authorities, Mott MacDonald and HLM Architects decided it would be a good idea to lift from this website an exclusive copyright protected aerial image of the existing antenna radomes at RAF Croughton, without prior permission, payment or even any accreditation (pictured).

It is used in Section 2.3, "Site Analysis" of the application's Design and Access Statement document, complete with protective watermarking. 

Alan Turnbull, a security researcher who operates the website Secret-Bases.co.uk, approached senior management at each company for comment in early December 2017. They refused to respond to emails and calls for almost a week, until finally being prompted by an approach by technology news outlet The Register, eager to run a story. It made it to infamous rogue US secrecy-busting website Cryptome, with the headline "RAF Croughton spies caught"!

Imagine the newspaper headlines dropping on someone's desk in Whitehall: "US Department of Defense contractors steal from UK Secret Bases website". So much for the "special relationship".  

More seriously, it is concerning that major defence contractors with such lucrative projects have such a poor grasp of corporate governance and due diligence procedures. 

Summary and Conclusions. Serial offenders, it seems, and US DoD / UK MoD seem quite happy to deal with contractors who don't bother with time consuming concepts like "due diligence".

Secret Bases:

You Might Also Read: 

Pentagon ‘Misleads’ Over Location of UK Intelligence Centre:

"Torus" Reveals an Expansion in 5 Eyes Surveillance:

Israeli Drone Hacked By Five Eyes Intelligence:
 

« Ethiopian Cyber Spies Left Clues Behind
Very Few Women Are CISOs »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CERTuy

CERTuy

CERTuy is the national Computer Emergency Response Team for Uruguay.

Electric Imp

Electric Imp

Electric Imp offers an innovative and powerful Internet of Things platform that securely connects devices with advanced cloud computing resources.

NetLib Security

NetLib Security

NetLib Security’s powerful, patented data security platform helps companies control data loss prevention (DLP) by managing what data can be transferred outside of their network.

Wolfpack Information Risk

Wolfpack Information Risk

Wolfpack specialise in information and cyber threat management covering the full spectrum of prevention, detection, incident response and business resilience capabilities.

Center for Applied Cybersecurity Research (CACR) - University of Indiana

Center for Applied Cybersecurity Research (CACR) - University of Indiana

CACR serves Indiana and the nation by tackling cyber risk in research and other unusual environments through agile, holistic, principle-based cybersecurity.

6point6

6point6

6point6 is a technology consultancy with strong expertise in digital transformation, emerging technology and cyber security.

Specops Software

Specops Software

Specops Software is a leading password management and authentication solution vendor.

Thrive

Thrive

Thrive delivers the experience, resources, and expertise needed to create a comprehensive cyber security plan that covers your vital data, SaaS applications, end users, and critical infrastructure.

Netizen

Netizen

Netizen is an award-winning company that develops and leverages innovative solutions to enable a more secure cyberspace for clients in government and commercial markets.

Axiata Digital Labs

Axiata Digital Labs

Axiata Digital Labs is the technology hub of Axiata Group Berhad Malaysia which is one of the leading groups in telecommunication in Asia.

Cybertech Nepal

Cybertech Nepal

Cybertech Nepal is committed to provide high-quality cyber security solutions, including server assessment and hardening, forensics and malware analysis, end-point threat analysis, and VAPT.

Readynez

Readynez

Readynez is the digital skills concierge service that helps you ensure your workforce has the tech skills and resources needed to stay ahead of the digital curve.

inSOC

inSOC

inSOC is an enterprise-grade AI-driven SOCaaS solution detecting breaches 24/7 with vulnerability management built-in. Designed for MSPs and MSSPs.

TrustMe

TrustMe

TrustMe’s integrated platform for business trust and resilience keeps organizations safe, secure, and trustworthy.

Control D

Control D

Control D is a modern and customizable DNS service that blocks threats, unwanted content and ads - on all devices.

Virtual IT Group (VITG)

Virtual IT Group (VITG)

VITG is a cyber security-focused Managed Service Provider (MSP).