Personal data stolen from Singapore Ministry of Defence servicemen and staff

Cheryl Sanders
March 1, 2017

The personal details of 850 national servicemen and Ministry of Defence (Mindef) employees were stolen in a cyber attack early last month.

I-net provides Internet access to national servicemen and employees for their personal communications or Internet surfing using dedicated I-net computer terminals in MINDEF and Singapore Armed Forces (SAF) camps and premises.

No classified military information was hacked in the breach because this is stored on a separate system that is not connected to the web.

These included identity-card numbers, telephone numbers, and dates of births of around 850 servicemen and employees.

The attack "appeared to be targeted and carefully planned", said Mindef deputy secretary (technology) David Koh on Tuesday (Feb 28).

Mindef, which is still seeking the culprit, added: "The real objective may have been to gain access to official secrets, but this was prevented by the physical separation of I-net from our internal systems".

After the initial investigation, it was revealed that the attack originated online and not from an SAF camp.

MINDEF also said that the breach was not announced earlier because it needed time to understand the extent of the breach and maintain operational security while the investigations were going on.

It informed the Cyber Security Agency and Government Technology Agency to investigate other government systems too.

Once the breach was detected, Mindef disconnected the affected server from I-net and immediatly carried out detailed forensic investigations on the entire system; all other computer systems within Mindef and the SAF are also being investigated.

MINDEF said it defends itself against hundreds of thousands of cyber intrusion attempts on a daily basis, amid a global landscape where online threats and attacks are becoming more frequent and sophisticated.

Experts such as Dr Steven Wong, president of the Association of Information Security Professionals, and Mr Nick Savvides, security advocate for Symantec Asia-Pacific and Japan, said that they are not ruling out the possibility that the incident involved state-sponsored entities.

One "pressing issue" now, Dr Wong said, would be to get the affected personnel to practise "good digital hygiene", including resetting their passwords and reporting any suspicious activity related to the use of their personal information.

This is the first time that security of the MINDEF was threatened. All affected by the breach had been notified and instructed to change their passwords, including other systems if they had used the same passwords to access those services. No breaches have been detected so far. "Because of this, we'll need to continually be vigilant and improve our cyberdefences so that we remain resilient".

Other reports by iNewsToday