22 October 2018

MoD Secrets Exposed In Multiple Data Breaches – Report

Tom Jowitt

Sensitive data belonging to the Ministry of Defence (MoD) has been compromised on multiple occasions by outside forces. This is the finding after Sky News managed to obtain heavily redacted reports which revealed that the MoD and its partners failed to protect military and defence data in 37 incidents in 2017. Last month the government confirmed it was planning to expand the UK’s offensive cyber-war capabilities by approximately fourfold with a new cyber warfare unit, amidst increased threats from the likes of Russia, North Korea and Iran.


HMS Artful, the third of the Royal Navy’s new Astute Class attack submarines has arrived at her Scottish base port from where she will carry out sea trials before entering service later this year.

The 7,400-tonne Artful left BAE Systems construction yard at Barrow-in-Furness in Cumbria several days ago before sailing to her new home at Her Majesty’s Naval Base (HMNB) Clyde. She will provide the Royal Navy with the most technologically advanced submarine Britain has ever sent to sea.

HMNB Clyde will become a home for the Royal Navy’s submarines and associated support by 2020, creating a submarine centre of specialisation.

The base is amongst the largest single-site employers in Scotland, with 6,700 military and civilian personnel, increasing under current UK Government plans to 8,200 by 2022.

Defence Minister, Philip Dunne, said:

“The arrival of Artful to HMNB Clyde clearly shows that the UK Government is firmly committed to the future of defence in Scotland, this is the latest addition to what will be the home of all Royal Navy submarines by 2020.

“The Astute submarine programme is a key part of our £163 billion equipment plan which has been bolstered by the commitment to increase defence spending and meet the NATO pledge of two per cent of our national income for the rest of this decade.

“The Astute Class are amongst the most advanced submarines operating in the world today and provide the Royal Navy with the capability it needs to defend UK interests at home and overseas.”

Chief of Materiel Fleet, Vice Admiral Simon Lister, said:

“I am delighted that Artful has arrived at her home port to prepare for operations as this marks a key milestone in the Astute class submarine programme.

“The build of the first two Astute Class submarines has taught us many lessons. Artful can soon begin operations as the newest submarine in the Royal Navy.”

Featuring the latest nuclear-powered technology, Artfu

Chinese hackers

According to Sky News, warnings issued by the MoD and National Cyber Security Centre mentioned a Chinese espionage group known as APT10, which was hacking IT suppliers in order to obtain military and intelligence information.

The reports of breaches of British military information were apparently redacted to conceal the outcome of the security incidents, including whether they resulted in damaging information being obtained by hostile nations.

Sky News reported that the MoD feels that publicly confirming details of the breaches beyond their existence would “provide potential adversaries with valuable intelligence on MoD’s and our industry partners’ ability to identify incidents and react to trends.”

“Disclosure of the information would be likely to increase the risk of a cyber attack against IT capability, computer networks and communication devices,” the ministry reportedly added.

So what type of data breaches is happening?

Well it seems that Sky News uncovered incidents where defence information was left unprotected, as well as foreign states’ surveillance of internet traffic.

Other breaches saw data with a ‘SECRET’ classification left at risk to physical operations in which spies could have accessed restricted offices, cabinets, and protected computer hardware.

Sky News said that 10 of the reports had the incident title redacted, alongside the standard redactions, which suggested the breaches were so severe the Ministry of Defence would regard even admitting that they happened as harming national security.

In other breaches, computer peripherals hadn’t been checked for espionage malware and this kit was connected to classified systems, and devices, documents. And incredibly, rooms were left exposed to unauthorised parties on multiple occasions.

Two incidents saw mobile phones and a laptop being taken overseas.
National security

The fact that hackers managed to pilfer military data is a major cause for concern.

“The theft of any secret information is a serious threat to a business but when the stolen data includes military secrets it quickly ramps up to become a serious threat to national security,” explained Jake Moore, cyber security expert at ESET UK.

“Disclosure of such sensitive information to enemy eyes naturally increases the risk of a potential cyber-attack on their IT infrastructure and networks,” said Moore. “Lessons will hopefully be learnt from this particular attack, as in some cases the report suggests computers were not even checked for malware.”

“Ultimately, with such force it is difficult to defend from a constant flow of attacks but in simple terms this sort of breach should not be occurring in these numbers on secret documents in 2018,” he said.

“Human error still occurs and this report simply echoes that you can have endless computing power and other unmanned mitigation techniques in place, yet the human firewall can still easily be a target and let these attacks in,” Moore warned. “Such prevention techniques as robust and effective staff training will no doubt reduce the number of reported attacks on the MoD.”
Cyber war

But it is a fact that there is a cyber war ongoing behind the scenes. Earlier this month the Netherlands accused Russia of attempting to hack into the systems of the international chemical weapons watchdog.

Meanwhile the UK unveiled a list of hacks it said were carried out by Russia’s spy agency, the GRU.

The US also indicted seven Russian intelligence officers for conspiring to hack computers in an attempt to delegitimise international anti-doping organisations.

The British are not taking this lying down and are planning a massive expansion of its own cyber-offensive capability.

The exact nature of the UK’s offensive cyber weaponry is a closely guarded secret, but in a submission to a report last December by parliament’s intelligence and security committee, GCHQ said the capabilities of its cyber unit extended to “the high end of counter state offensive cyber capabilities”.

“We actually over-achieved and delivered (almost double the number of) capabilities (we were aiming for),” GCHQ said in the report.

In April the government said it had carried out a cyber-attack on the ISIL or Islamic State militant group.

No comments: