Cyber Attack on the Defense Ministry of Singapore Stole Personal Data of Staff and Servicemen

Media Division | February 28, 2017

Within our contemporary technological society, there can be large amounts of important data and information that is stored on computer systems.  And unfortunately, these large collections of data can tend to be major targets for cyber attackers.  The motivations behind cyber attacks can vary, whether it be theft, corruption, or nation-state related. A recent cyber attack in Singapore upon the Ministry of Defense (Mindef) was able to steal the personal details of 850 staff and servicemen.

The attack was discovered in early February.  It had targeted Mindef’s I-net system, which is provided to servicemen and employees to be able to surf the internet and access their personal communications through dedicated computer terminals in Mindef and Singapore Armed Services (SAF) premises and camps.  Fortunately, no classified information is stored in this system, but the attackers were able to get away with personnel’s telephone numbers, National Registration Identity Card (NRIC) numbers, and birthdays.  This is the first time that Mindef has been breached, and the attack was launched remotely over the internet.  As soon as the attack was discovered, Mindef disconnected the breached server from I-net and began investigations on the whole system to discover the extent of it.  And even though no breach had been detected elsewhere, all other computer systems within Mindef and SAF are being investigated as well.

The Suspected Motivation Behind the Attack

The attack has been described as “targeted and carefully planned.”  In a media briefing on Feb 28th, Mindef stated, “The real purpose may have been to gain access to official secrets, but this was prevented by the physical separation of I-net from our internal systems.” Security experts have mentioned that the breach may have been state-sponsored.  According to Mindef’s deputy secretary of technology, David Koh, “The attack did not come from camps or internal systems. Neither was it the work of casual hackers or criminal gangs.”  It has been stated by an official that Mindef’s policy of separate networks for classified and unclassified information helped to limit the impact of the breach.  The attackers were only able to breach the outer layer of their security but were not able to go any further.

Mindef was questioned as to why they did not announce the breach earlier, to which they responded that they needed to conduct an investigation before they went public with the attack.  They stated that while the results of the investigation are still pending, they will be contacting all personnel that was affected by the breach within the week, and will be advising them to change their passwords and report any unusual activity linked to their personal information.  Mindef had contacted the Government Technology Agency of Singapore, as well as Singapore’s Cyber Security Agency to inform them to investigate other government systems as well.  Mindef stated that no other breaches have been detected at this point.

Preventing Cyber Attacks from Affecting Your Organization

When it comes to the cyber realm, there can be many entrance points that attackers will attempt to exploit.  This is why it is so critical to have comprehensive cyber security to be able to prevent cyber attacks.  A single hole in security can provide the access that cyber criminals need to be able to get in and steal information or money, or damage systems.  Cyber criminals can launch their attacks at any point, often when organizations are unexpecting, which is why security needs to be properly in place at all times.  Massive Alliance’s wide variety of cyber security services can help to prevent cyber attacks from breaching an organization.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.