MoD Web Gaffe Exposes Special Forces Weapon Data

The UK’s Ministry of Defence (MoD) is once again at the centre of a security leak gaffe, that saw secret weapons data being exposed online.

At the weekend, the Mail on Sunday reported on a cut-and-paste error, when secret plans for a suite of enhanced weapons, potentially for use by Britain’s Special Forces, were posted to an unidentified Government website.

Details of research into the next generation of munitions appeared to have been safely redacted in a document marked ‘Official Sensitive’, the Mail reported. But unfortunately, a simple copy and paste of the text, reportedly revealed every blanked-out detail.

Cut-and-paste

According to the Mail on Sunday, the data leak comes after the MoD announced last week a new contract with an engineering firm that specialises in the use of explosive materials.

The Ministry of Defence reportedly said it was taking action to correct the security breach after the newspaper alerted MoD officials to the blunder.

The Mail did not disclose the website involved.

“Due to a technical issue some redacted material was readable. This has been addressed,” the MoD was quoted as saying.

Tory MP and former Army officer Tobias Ellwood, who is also chairman of the Commons Defence Committee, noted that the weapons appeared to be destined for use by UK Special Forces.

Ellwood called on Defence Secretary Ben Wallace ‘to ascertain how many other documents have been redacted and published in a similar way’.

“It is evident this contract relates to highly technical weapons systems that will be used by our Special Forces,” said Ellwood. “And when new kit is brought on line, it introduces new tactics and protocols, which again give our elite forces the edge over adversaries. That is why details are redacted.”

The MoD lapse comes after a data breach last month of email addresses of dozens of Afghan interpreters who had worked with British forces and were at risk from the Taliban.

Human error

“This is a typical error, and highlights the sort of mistakes humans can very easily make in day-to-day work,” noted Jake Moore, cybersecurity specialist at ESET.

“Blaming such errors on technical issues can aggravate the problem; it is often better for people to own up to the error of their ways,” said Moore.

“Automation can help in securing the majority of an organisation but there will always remain a certain amount of human interaction which can often not be predicted, so vigilance and awareness are key,” he concluded.

“Like with many situations, this particular mistake had not been checked with the mindset of a hacker before it was sent out, which caused the release of highly sensitive data.”

Previous leaks

The MoD has been at the centre of a number of data leaks over the years, including one involving Prince William during his days as an RAF pilot.

But what makes this latest leak even more worrisome, is the fact that the MoD has been caught out by a cut-and-paste error before.

In April 2011 the MoD briefly exposed secret information about nuclear submarines on its site, thanks to an error in blacking out parts of a document posted online.

The document, discussing nuclear reactors for future replacements for the British Trident nuclear fleet, was published following a Freedom of Information request by anti-nuclear campaigners.

Large sections dealing with the weaknesses in current submarines were blacked out – but were easily readable by a simple cut-and-paste operation.