Details of 850 personnel stolen in Mindef data breach
Personal information of 850 national servicemen and Mindef employees stolen in cyber attack
The personal details of 850 national servicemen and Ministry of Defence (Mindef) employees were stolen in a cyber attack early last month.
The breach was discovered in Mindef's I-net system, which provides Internet access to national servicemen and employees for their personal Internet surfing via dedicated computer terminals in Mindef.
I-net is also used on Singapore Armed Forces (SAF) premises.
Mindef said this was the first time the I-net was breached and that the attack appeared to be targeted and carefully planned.
The real purpose may have been to gain access to official secrets, but that was prevented by the physical separation of I-net from the department's internal systems.
Mindef uses a different and more stringent system for classified military information. It is not connected to the Internet.
After detecting the attack, Mindef disconnected the affected server from I-net.
At a briefing yesterday, Mindef's deputy secretary of technology David Koh apologised for the breach, The Straits Times reported.
Mr Koh said: "The attack did not come from camps or internal systems. Neither was it the work of casual hackers or criminal gangs."
Immediate and detailed forensic investigations were conducted on the entire I-net system to determine the extent of the breach, Mindef said.
As a precaution, all other computer systems within Mindef and the SAF are also being investigated.
All affected personnel will be contacted within the week.
Mindef has also informed the Cyber Security Agency and the Government Technology Agency to investigate other government systems. No other breaches have been detected so far.
Security experts said such targeted attacks require a high level of sophistication and deep level of understanding on the victim's operational processes. Mr Nick Savvides, an Australia-based security advocate of Symantec Asia-Pacific and Japan said: "Considering the high profile of the victim in this cyberbreach and the level of sophistication, (it) generally involves state-sponsored actors or highly-skilled and politically-motivated hacker groups."
He added that non-casual and non-criminal groups value personal information that can be used in further attacks or sold on the black market.
Cybersecurity firm Ixia's Asia-Pacific head of security business Phil Trainor said there is always going to be attempted breaches no matter which organisation one is from.
"Ixia maintains thousands of 'honeypots' globally, and they are under constant onslaught by global attackers."
Honeypots are computer security mechanisms that help detect and deflect or counteract attempts at security breaches.
PwC Singapore's Asia-Pacific cybercrime and financial crime leader Vincent Loy told ST that Mindef's policy to have separate networks for classified and non-classified information limited the impact of the attack.
Mr Savvides said: "As attackers continue to develop new mechanisms and discover new vulnerabilities, it is important for organisations to employ beyond protective and preventive security technologies, but also maintain constant vigilance.
"Cyber security needs to be a conscious effort by all parties and it requires good digital hygiene on the part of everyone."
Security advice for affected users
Typically, after user information has been stolen, it will be used in further attacks.
This is true for all types of data breaches where personal information is involved.
Users need to be wary of follow-up attacks that may be crafted using the information gathered - such as social engineering, phishing and identity theft.
- Use strong and unique passwords and update them on a regular basis. Never use the same password for multiple accounts.
- Don't click links in unsolicited e-mail or social media messages, particularly from unknown sources.
- Install security software on all your devices to ensure they are not being used to gain control of your interconnected devices.
- Change any security questions that may be used/linked to the data that has leaked.
SOURCE: NICK SAVVIDES, SECURITY ADVOCATE, SYMANTEC ASIA PACIFIC AND JAPAN