Categories: Security

Data Stolen From Singapore Military In ‘Carefully Planned’ Cyber Attack

Singapore’s Ministry of Defence, Mindef, said basic personal information on 850 national servicemen and staff were stolen from an Internet-facing network in what it called a “targeted and carefully planned” attack.

The individuals’ national ID numbers, telephone numbers and dates of birth were stolen from a system called I-net which provides staff with Internet access for personal communications and viewing the web on thousands of dedicated terminals within Mindef’s premises, as well as armed forces camps and premises.

‘Targeted and carefully planned’

I-net holds no classified information and is not linked to the ministry’s more sensitive internal systems, which have no connection to the Internet.

The ministry said this was the first time I-net has been breached.

“The attack on I-net appeared to be targeted and carefully planned,” it said in a statement. “The real purpose may have been to gain access to official secrets, but this was prevented by the physical separation of I-net from our internal systems.”

It said the country’s Cyber Security Agency and Government Technology Agency had been ordered to probe other government systems, but had found no evidence of an intrusion there.

The attack was discovered in early February and the ministry said it delayed disclosure while the investigation was carried out.

David Koh, the ministry’s deputy secretary of technology, was cited in local media reports as suggesting the attack may have been orchestrated by a nation-state.

“The attack did not come from camps or internal systems,” he said. “Neither was it the work of casual hackers or criminal gangs.”

Infrastructure under attack

The ministry said it disconnected the affected server upon discovering the attack, but allowed I-net to continue to function. The vulnerabilities used to hack the server have been fixed, according to Koh.

Singapore last year pushed ahead with a security regime aimed at disconnecting government internal systems from the public Internet, a policy some departments, including the defence and foreign affairs ministries, had already put into place.

The Queen earlier this month formally opened the National Cyber Security Centre (NCSC), aimed at protecting the UK’s government and critical infrastructure systems from Internet-based attacks.

Ahead of the launch event NCSC head Ciaran Martin said the UK had been hit by 188 serious cyber attacks in the three months since the NCSC had begun operations, while chancellor Phillip Hammond estimated the government had blocked more than 34,000 “potential attacks” on government departments and members of the public over the previous six months.

Do you know all about security in 2017? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Apple, Google Mobile Ecosystems Should Be Investigated, CMA Told

CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation

2 days ago

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

2 days ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

2 days ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

3 days ago

Former Policy Boss At X, Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

3 days ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

3 days ago