French Submarines Spring A Leak In Indian Data Breach

Top secret documents regarding the construction of French Scorpene-class submarines being built in an Indian shipyard have been leaked in an apparent case of hacking, according to The Australian newspaper.

The leak contains more than 22,000 pages of details about the submarines, which are being built for the Indian Navy by French builder DCNS.

The Indian defence ministry admitted on Wednesday that there had been a breach, according to Reuters, and that the documents outline the combat capabilities of the six submarines.

Hacking

“I understand there has been a case of hacking,” Indian Defence Minister Manohar Parrikar told reporters. “We will find out what has happened.”

The six submarines are currently under construction in a Naval shipyard in Mumbai, with the first set to go into service by the end of 2016.

The leak of the 22,400 pages will likely have impact on other countries that operate or have ordered the Scorpene submarines, including Malaysia, Chile and Brazil.

It is not yet clear who obtained the documents which were subsequently publicised by the Australian media.

DCNS also won an Australian contract this year to build submarines for the Royal Australian Navy, but secret documents about those submarines were not in the leak. Australian defence industry minister Christpher Ptne said in a statement that the leak will have “no bearing on the Australian government’s future submarine programme”.

A DCNS spokesperson said that French authorities will be launching a full investigation.

“The matters in connection to India have no bearing on the Australian submarine programme, which operates under the Australian government’s arrangements for the protection of sensitive data,” a statement said.

India paid almost £3 billion for the six Scorpene submarines in a deal signed in 2005.

“Multiple and independent controls exist within DCNS to prevent unauthorised access to data and all data movements are encrypted and recorded. In the case of India, where a DCNS design is built by a local company, DCNS is the provider and not the controller of technical data,” DCNS was quoted as saying by The Australian.

“In the case of Australia, and unlike India, DCNS is both the provider and in-country controller of technical data for the full chain of transmission and usage over the life of the submarines.”

Subcontractor

The Australian further learned that the documents on the Scorpene submarines was produced in France for the Indian programme in 2011, and is likely to have been removed from France in that same year by a DCNS subcontractor. That data then ended up in Southeast Asia.

“It was subsequently passed by a third party to a second company in the region before being sent on a data disk by regular mail to a company in Australia. It is unclear how widely the data has been shared in Asia or whether it has been obtained by foreign intelligence agencies,” The Australian said.

Take our cybersecurity in 2016 quiz here!

Main image © Mak Hon Keong – Own work, CC BY-SA 3.0