The BT Hacker Scandal: Revealed: how hacker penetrated the heart of Bri tish intelligence

Some of the country's most sensitive intelligence networks have been penetrated by a computer hacker who broke into British Telecom's main database in one of the most serious breaches of national security in recent years.

Telephone numbers and addresses for MI6, MI5, many secret Ministry of Defence installations and other very sensitive information were copied from the computer by the hacker without any special technical expertise. The material was then sent out on to the Internet, a global network of computers, to which any one of 35 million users would potentially have access.

The thousands of pages of highly confidential BT records were sent across the Internet to a young Scottish journalist, Steve Fleming, in July. Mr Fleming does not know the identity of his informant.

The hacker was also able to retrieve, undetected by BT, records of the top-secret government communications centre, GCHQ in Cheltenham. Other information included home addresses of senior military personnel; details of phone installations for the secret US communications station at Menwith Hill in North Yorkshire; information about the bunker in Wiltshire where the Government would go in the event of a nuclear war; and telephone installations in Downing Street and Buckingham Palace.

The data gives the location of a number of intelligence service buildings in London. Some of these are clumsily disguised on BT records. One MI5 location is described as ``shoe shops'' and another as ``textile warehouseman''. Various MI6 locations are also identified. Its training establishment - the school for spies - sits next to a pub in a nondescript building on a busy street in south London.

The Independent has been able to verify the authenticity of the information which runs to hundreds of thousands of words and numbers and appears as internal BT records taken straight off the computer.

The hacker would not have been able to alter the records, simply read them. It is thought he was able to access the material with astonishing ease. Secure passwords giving access to the system were left lying around BT computer offices. Mr Fleming verified that this was possible by working on a short-term contract for BT, through an employment agency, and gaining access to the computer.

One of Britain's leading computer security experts, Ian James, who was for 10 years a senior officer in the Fraud Squad and now gives advice to some of Britain's biggest companies, said last night: ``If you are telling me that that computer has been hacked into, it is the most serious breach of security I have ever heard of. There is no way that sort of information should get out.''

No computer that contains such sensitive information has ever been hacked in the UK on such a scale before, according to Mr James.

Tommy Helsby, managing director of Kroll Associates, an international investigations agency with expertise in computer security, said: ``It really is very difficult to believe. I am surprised most of all that the security services would not have been more prudent with their information.''

It is not known if the BT hacker sent the information he collected to anybody other than Mr Fleming. He stopped communicating with Mr Fleming in August and it is not known if he remains active.

It is also apparent that some of the numbers billed to the intelligence services are, in fact, operated by apparently private businesses. Two numbers chosen at random were answered with company names. It also emerged that MI5 phone bills are being paid not by the Home Office but by the Ministry of Defence.

Other information taken from the computer includes the location of missile bases and military command and control centres in the UK; the private line numbers of John and Norma Major at Downing Street; and private lines for Buckingham Palace and Kensington Palace.

It would be extremely difficult to tap any of the unlisted lines identified in the documents. However, telecommunications specialists have confirmed that it is possible, if the identity of a telephone exchange is known, to eavesdrop undetected on a telephone line by hacking into BT's fault detection system.

Most of the telephone numbers are classified and unlisted, even as ex-directory, in BT records.

The hacker systematically exploited lax security precautions on the BT system over several weeks to gather a wide range of information.

It is understood that he obtained access to the computer while working as a temporary employee with BT. He was given passwords by permanent members of staff, and discovered that these passwords gave them access to the full range of information on the computer. The computer database, the Customer Services System, was designed by the American company Cincinnati Bell. It is supposed to contain internal safeguards against unlawful hacking.

A BT spokesman said last night: ``We were made aware of this apparent breach of security some weeks ago and a high-level investigation is currently under way.''

(Photograph omitted)