Hackers Breach Non-Classified System at Singapore’s Ministry of Defence (SecurityWeek)

Singapore’s Ministry of Defence (MINDEF) on Tuesday said that it hackers managed to breach a military system that handles non-classified information and access personal data, including NRIC numbers, telephone numbers, and dates of birth of roughly 850 servicemen and employees.

The data was stolen from the Ministry’s I-net system (I-net), which provides Internet access to national servicemen and employees for their personal use and those using dedicated I-net computer terminals in MINDEF and Singapore Armed Forces (SAF) camps and premises.

No classified military information is stored on I-net, the Ministry said, noting that classified matters in MINDEF/SAF use a different computer system with “more stringent security features” that are not connected to the Internet. 

In June 2016, Singapore said it would cut off Internet access for government work stations within a year for security reasons, a move that surprised many.

After discovering the incident, MINDEF said the affected server was disconnected from I-net.

“Immediate and detailed forensic investigations were conducted on the entire I-net to determine the extent of the breach,” the Ministry said. “As a precaution even though no breach had been detected, all other computer systems within MINDEF/SAF are also being investigated.” 

“The real purpose may have been to gain access to official secrets, but this was prevented by the physical separation of I-net from our internal systems,” a statement added.

MINDEF said the Cyber Security Agency and the Government Technology Agency of Singapore have been notified.

In August 2014, Singapore officials announced new measures to strengthen cyber security following attacks on a section of the prime minister’s website, as well the website of the presidential residence. 

Singapore is the home city for SecurityWeek’s 2017 Singapore ICS Cyber Security Conference, an event dedicated to serving critical infrastructure and industrial internet stakeholders in the APAC region. With organizational support from Singapore’s Cyber Security Agency, the event will take place April 25-27, 2017 at the Fairmont Singapore. 

For more than 10 years, Mike Lennon has been closely monitoring and analyzing trends in the enterprise IT security space and the threat landscape. In his role at SecurityWeek he oversees the editorial direction of the publication and manages several leading security conferences.

Previous Columns by Mike Lennon:


Source: SANS ISC SecNewsFeed @ February 28, 2017 at 09:30PM