Personal details of 850 members of Singapore’s Ministry of Defence (MINDEF) were stolen after a breach of its Internet systems. The I-net system, which was hacked in February, provides servicemen and employees with Internet access in MINDEF and Singapore Armed Forces (SAF) camps and premises.
The ministry released an official statement on 28 February saying that no classified military material was lost. It claimed that classified material is held on a different computer system “with more stringent security features and [which is] not connected to the Internet.”
‘Carefully planned’ attack
Although MINDEF was adamant that no sensitive information was compromised, it called the attack “targeted and carefully planned”. An investigation into the incident concluded that only “basic personal data” was lost: NRIC (National Registration Identity Card) numbers, telephone numbers and dates of birth.
The statement theorised that the attack’s purpose may have been to “gain access to official secrets”, a goal that would have been prevented by the “physical separation of I-net from [the ministry’s] internal systems”.
It added that, though no sensitive data was stolen, all other computer systems within MINDEF/SAF are also being investigated. It also stated: “We will continue to strengthen our cyber defences as the level of targeted attacks is expected to continue and rise.”
The attack is the first to happen to Singapore’s Ministry of Defence, and the ministry’s words recall the recent series of high-profile attacks against governments. There was the attack on the US Democratic Party during the 2016 presidential election, the claims from UK government officials that parliamentary organisations had been targeted, and last month’s attacks on the foreign ministries of Italy and the Czech Republic.
The growing number of attacks on governments show just how indiscriminate cyber criminals are. Their goal is not always financial, but they could be targeting something just as valuable: information. Where there’s a weakness that could expose information, criminals will aim to exploit it.
Organisations should be aware of the cyber threats they face and how they can mitigate the risks of being penetrated. Those looking to learn more should read IT Governance’s green paper, ‘Assured Security: Getting cyber secure with penetration testing’.