Source of Scorpene leaks revealed, whistleblower to hand over data on Monday
Secret data on India’s Scorpene submarines was accessed by an unknown number of people working for a private company in a Southeast Asian country and even placed on an internet server where it was vulnerable to hacking and interception.
The leaked data, which has forced the Indian Navy to assess the vulnerability of Scorpene submarines ordered from French shipbuilder DCNS under a $3.5 billion deal, is believed to have been “removed” from the firm in Paris in 2011 by a former French Navy officer, The Australian reported on Friday.
The officer, who worked as a subcontractor for DCNS, and a French colleague took the data to a Southeast Asian country where they were employed by a private company run by a Western businessman. After the two Frenchmen were sacked by the firm, the secret data was sent to the company’s head office in Singapore.
The data was also placed on a server on April 18, 2013, and it was “dangerously vulnerable to hacking or interception by a foreign intelligence service”, the daily reported. “It is not known whether the data stayed on this server for a few days or for a year,” it added.
The data was also sent by the firm on a disk by regular post to a man in Sydney in April 2013. This man, who was experienced in defence issues, was “stunned” when he opened the file on his computer and saw the documents detailing the secret capabilities of the Indian submarines, the report said.
The latest revelations by The Australian are expected to add to concerns in the India’s security establishment about the leak of 22,400 pages of documents detailing the combat capabilities of the Scorpene submarines.
The first of six Scorpenes being built at the state-run Mazagon Docks in Mumbai began sea trials in May. The Scorpenes are expected to become the mainstay of India’s submarine fleet, replacing the ageing Russian-origin Kilo-class vessels and German-designed HDW submarines.
The Australian reported that the French subcontractor who removed the data on the Scorpenes was a former French Navy officer who quit the service in the early 1970s and worked for French defence companies for more than three decades. It added that he “broke the law” by taking the data to a Southeast Asian country and “may face prosecution”.
“The speculation is that the data on the Scorpene was removed to serve as a reference guide for the former naval officer’s new job, but it is unclear why anyone would risk breaking the law by taking classified data for such a purpose,” the report said.
After the French subcontractor and his colleague fell out with the private company in the Southeast Asian country, the firm held on to the data but did not possibly know the significance of the cache of documents.
When the data was sent by disk to the man in Sydney, it was not even encrypted. The man in Sydney transferred it to an encrypted disk and “wiped the old disk with special software, grabbed a hammer and smashed it to pieces in his backyard”.
The man, who was not identified by The Australian, “placed the new encrypted disk in a locked filing cabinet in his office and there it remained for more than two years”.
The newspaper described the story behind the leak as “more incompetence than espionage — more Austin Powers than James Bond”. It added that the man in Sydney, whom it described as a whistleblower, had decided to show the data to The Australian because it amounted to a “matter of national security significance to Australia”, especially in light of its decision to order 12 submarines from DCSN under a $38-billion contract.
The whistleblower, who plans to surrender the disk to the Australian government on Monday, was quoted as saying: “In the wake of the recent future submarine decision (in Australia) this matter went from one of a very serious breach for both France and India to a matter of national security significance to Australia and the US.”
The man wants Australia to know that France has “already lost control of secret data on India’s new submarines” and hopes this will spur the Australian government and DCNS to step up security to ensure Australia’s “submarine project does not suffer the same fate”.