MINDEF Cyber Breach on February 1, 2017
On February 1, 2017, the personal details of at least 850 members of the Ministry of Defence (MINDEF) were found to be stolen, the incident commonly known as the MINDEF cyber breach. This breach was yet another high- profile website hacking that took place in Singapore in the course of a few years and many experts believe it was deliberate and well – planned.
The breach of the MINDEF system was found out due to some irregularities in the net-I system. The MINDEF Net-I system is for to let the servicemen and the MINDEF staffs access the internet for their personal use via the computers at Mindef, and also in the Singapore Armed Police Force Camps. The hacking of the Mindef Net-I system was the first incident of such a system being hacked, and it is believed that the hackers wanted to steal the private information about the servicemen. Well, they indeed found some success being able to take some NRIC numbers, telephone numbers and date of births but were unable to do so with any classified military information. This is because such information is stored inside Mindef’s internal system, which is physically separated from the Net-I system.
For the most part, this hacking indeed wasn’t something that could be brushed off so easily. A country’s military system being hacked means it was a state of concern, for this isn’t something somebody would do to train their skills. Experts even believe that the Mindef cyberattack could be state-sponsored, and even if it has not been proved yet, the breach itself could be the reason for us to believe so. The violation wasn’t a child play, so there are more than convincing reasons for us to feel something bigger was lurking behind it.
This cyber attack could have created a lot of problems, most of which was prevented by the network structure of MINDEF, which has many layers. The MINDEF uses different systems for different purposes, which means the hackers gained access to the external layer, but they couldn’t break into the internal structure. According to the information stored and the service access, the Ministry of Defense uses these systems which are classified as:
The Internet Facing System
At most, this was the system the hackers could break into. This system is the Net-I, which is for personal internal surfing. This system is not any different from a home Wi-Fi, the internet facing system is for letting members of the armed forces and the Mindef staffs access the World Wide Web.
This system is for internal messages and the information about routine work. It exists on a different network layer and is inaccessible through the internet.
If the hackers were really after something, the information stored in this system is what they wanted. The military system contains the top military level secrets, and indeed, there is no web access to this highly secured layer.
Due to this incident, on February 22, 2018, hackers were invited to the Mindef premises to find any botches, and they found out 35 security bugs. Two of them were highly severe, and by now, all of them have been fixed. But, until the next attack occurs, we can’t sure be if the Mindef cyberattack has finally come to a close.