MINDEF revealed that they are led to believe the attacks were “not the work of casual hackers or criminal gangs”.
With the worrying news of the looming threat posed by Cloudbleed, the latest bug to hit the internet, our very own MINDEF also fell victim to a system breach. Our defence ministry’s Internet system was breached early last February which led to approximately 850 of its servicemen and employees personal details to be stolen.
The stolen personal data includes NRIC, telephone numbers and dates of birth that are stored on the I-net system.
MINDEF’s I-net system provides Internet access to the national servicemen as well employees at MINDEF and SAF. At the press briefing yesterday, MINDEF revealed that they are led to believe the attacks were “not the work of casual hackers or criminal gangs”.
“The attack on I-net appeared to be targeted and carefully planned. The real purpose may have been to gain access to official secrets, but this was prevented by the physical separation of I-net from our internal systems.”
Saved In The Nick Of Time
MINDEF immediately disconnected the affected server from the I-net once the breach was detected and carried out detailed forensic investigations – and thankfully, our ministry’s multi layered approach to cyber defence prevented the attackers from intruding further into the system containing classified military information.
On Why They Kept The News From The Public
When questioned at the press briefing on why the breach was not announced earlier, MINDEF said it needed time to conduct investigations and maintain its operational security. They also pointed out that the press briefing was arranged soon after the extent and severity of the breach were made clear.
What’s Next
In the meantime, the affected personnel will be contacted within a week and advised to change their passwords for other systems that may use their stolen personal information. MINDEF has also specially set up a helpdesk to provide assistance if needed. The attack was also reported to the Cyber Security Agency (CSA) and the Government Technology Agency of Singapore.
Industry and security experts also gave their two cents worth on the attacks, and the general consensus is that MINDEF’s quick detection and subsequent corrective actions has mitigated the situation. There were also speculations that that the breach indicates a new era of “trust attacks” which aims to erode our faith in our nation’s cyber security.
