Singapore's Ministry of Defence (MINDEF) has reported data theft of 850 national servicemen and employees in a recent security breach, which has been tipped as the first such cyber attack on MINDEF. Other similar breaches include the attack on the Istana and Prime Minister's Office websites in 2013 and the hacking of Foreign Affairs Ministry's IT system in 2014.
The ministry has clarified that there is no breach on its classified military information as it is stored on a separate system and not connected to the I-net system, which offers communication and Internet surfing access to national servicemen and employees of Mindef. Some of these dedicated terminals are also accessible within Singapore Armed Forces (SAF) camps and premises.
In what is said to be the first major breach of MINDEF's I-net system, around 850 personnel's NRIC numbers, telephone numbers and birth dates have been compromised. However, no passwords of affected accounts were stolen, according to the ministry.
MINDEF added that the perpetrators may have been trying to gain secret access to confidential military assets, but the attempt was thwarted as the affected server was disconnected from I-net soon after the breach.
After detailed forensic investigations, MINDEF's Deputy Secretary for Technology David Koh has concluded that it's "not the work of casual hackers or criminal gangs."
However, there is no denying the possibility of a state sponsored attack as the breach did not originate from camps or internal systems.
"It is common for states to sponsor such attacks to access other countries' infrastructure, and build a portfolio of information that can be used to their advantage," said Mr Aloysius Cheang, executive vice-president of global computing security association Cloud Security Alliance.
Although the outcome of the breach is still pending, the ministry has set up various helpdesk services for the affected personnel asking them to change their passwords and report any suspicious activity on their compromised account or personal info.
Meanwhile, MINDEF is actively working with Singapore's Cyber Security Agency and Government Technology Agency in Singapore to investigate other government systems. No breaches have been reported so far.
National servicemen and employees of MINDEF can continue accessing internet, as the ministry has toughened its cyber-defence security measures in anticipation of any future attacks, without shutting down its I-net system.