News
News Categories

Personal data of 850 national servicemen and Mindef staff stolen in targeted cyber attack

By Team HardwareZone - on 28 Feb 2017, 2:30pm

Personal data of 850 national servicemen and Mindef staff stolen in targeted cyber attack

The personal details of 850 national servicemen and staff at the Ministry of Defence (Mindef) were stolen in what Mindef has described as a"targeted and carefully planned" cyber attack. (Image source: The Straits Times)

This article is contributed by Irene Tham and first appeared in The Straits Times, an SPH publication, on 28 February 2017, Tuesday.

The personal details of 850 national servicemen and staff at the Ministry of Defence (Mindef) were stolen in what Mindef has described as a"targeted and carefully planned" cyber attack. The breach of Mindef's I-net system was discovered in early February. The I-net systemprovides Internet access to national servicemen and employees for their personal communications and Internet surfing via thousands of dedicated computer terminals in Mindef, as well as Singapore Armed Forces (SAF) camps and premises.

Mindef said this was the first time that the I-net system was breached, resulting in the loss of the 850 personnel's NRIC numbers, telephone numbers and birth dates. The attack was executed remotely over the Internet. Mindef said in a media briefing on Tuesday (Feb 28): "The real purpose may have been to gain access to official secrets, but this was prevented by the physical separation of I-net from our internal systems."

Mr David Koh, Mindef's deputy secretary of technology, said: "The attack did not come from camps or internal systems. Neither was it the work of causal hackers or criminal gangs." Security experts said the attack could have been state sponsored.

Mr Aloysius Cheang, executive vice-president of global computing security association Cloud Security Alliance, said: "It is common for states to sponsor such attacks to access other countries' infrastructure, and build a portfolio of information that can be used to their advantage." Upon detecting the attack, Mindef disconnected the affected server from I-net. Mr Koh said the hacker exploited vulnerabilities in the server and the security hole has since been plugged.

He added: "Mindef adopts a multilayer approach to security. The attacker only breached the outer layer but did not go deeper into classified systems."No classified military information is stored on I-net. Classified and military data, and internal e-mail applications reside in a different system that is not connected to the Internet.

Mindef said it conducted detailed forensic investigations into the entire I-net system to determine the extent of the breach. All other systems within Mindef and SAF are also being investigated. While the outcome of the investigations is pending, Mindef said it will contact all affected personnel within the week. They will be advised to change their passwords and report any unusual activity related to the use of their personal information.

Mindef has also informed Singapore's Cyber Security Agency and the Government Technology Agency of Singapore to investigate other government systems. No breaches have been detected so far, Mindef said. PwC Singapore's Asia-Pacific cyber and financial crime leader Vincent Loy said that Mindef's policy to have separate networks for classified and non-classified information limited the impact of the attack.

(Source: The Straits Times)

Join HWZ's Telegram channel here and catch all the latest tech news!
Our articles may contain affiliate links. If you buy through these links, we may earn a small commission.