A group of hackers is selling classified military documents on the Internet, which include, among other things, data on modern weapon systems of NATO countries and, presumably, the mission of the alliance armed forces in the Baltic states. The North Atlantic Alliance is assessing the scale of the leak and its consequences.

Hackers managed to gain access to data related to a major European arms manufacturer, MBDA Missile Systems, a European company headquartered in France. MBDA acknowledged that the package offered for sale contained documents belonging to it, but the firm assures that there was nothing secret in the stolen files, reports the BBC Russian Service.

The company claims that the information was stolen from a hacked external hard drive, adding that it is cooperating with authorities in Italy, where the leak occurred.

The investigation is reportedly focused on one of MBDA’s suppliers.

A NATO spokesman said, “We are assessing the situation with the data allegedly stolen from the MBDA. We see no indication that the integrity of any NATO networks has been compromised.”

The stolen data is sold on Russian and English forums. The volume of information is 80 GB and the price is 15 bitcoins (about $321,000). The hackers claim to have already sold a collection of documents to at least one unnamed buyer.

In an advertisement for the stolen data, the hackers claimed to possess “classified information on employees of companies involved in developing classified military projects,” as well as “design documents, drawings, presentations, video and photographic material, contracts and correspondence with other companies.”

The 50 MB free data sample, which the BBC was able to view, includes documents marked “NATO Confidential”, “For NATO Limited Use” and “Unclassified Controlled Information”.

In addition to the sample, the perpetrators emailed additional documents, including two marked “NATO Confidential.”

The classified NATO documents are classified as follows:

  • COSMIC COMPLETELY SECRET: Unauthorized disclosure would cause exceptionally serious damage to NATO (the acronym COSMIC has nothing to do with space, it’s short for “Control of Classified Material in International Command”);
  • NATO SECRET: Unauthorized disclosure would severely damage NATO;
  • CONFIDENTIAL NATO: Unauthorized disclosure would be detrimental to NATO’s interests;
  • NATO LIMITED: Unauthorized disclosure would be detrimental to NATO’s interests; NATO CONFIDENTIAL: Unauthorized disclosure would be detrimental to NATO’s interests.

Unclassified controlled information is the U.S. label for information created or owned by the government; information that requires protection or distribution controls under laws, regulations, and government policy.

The hackers have not confirmed how many sources they obtained the material from.

The files, which the BBC has not been able to verify independently, detail a “communications intelligence” mission conducted by an American air squadron in late 2020 in Estonia over the Baltics. There’s a record of the conversations, the full name, phone number and GPS coordinates of the man allegedly in charge of the operation.

A former NATO official said: “There are too many classified documents in NATO, but this marking is not useless. It is put by the author of the data, and ‘NATO SECRET’ is not applied anywhere. This is really information that NATO doesn’t want to make public.

According to the former official, the likelihood that these documents have been declassified is slim – given that most of the files appear to have been created between 2017 and 2020.

The sample files also included a presentation detailing the internal structure of the Land Ceptor CAMM (Common Anti-Air Modular Missile) anti-aircraft missile, including the exact location of the electronic data storage unit. After the Russian invasion of Ukraine began, such a missile system was sent to Poland as part of the Sky Sabre air defense system – and is now deployed.

MBDA Missile Systems does not dispute that its documents were obtained by hackers, but said: “An internal audit of the company has shown that the data available on the Internet is neither classified nor confidential.” However, some of the documents known to have been stolen from MBDA are marked as “proprietary information not to be disclosed or reproduced.”

MBDA Missile Systems was created in December 2001 by a merger of missile systems companies in France, Italy and the United Kingdom. This joint venture between Airbus, BAE Systems and Leonardo employs 13,000 people.

Last year the company’s revenues amounted to 3.5 billion pounds, among the customers of its weapons systems are the UK Ministry of Defense, the US military, the European Union and NATO.

Translated with www.DeepL.com/Translator (free version)