Sensitive British defence data has been exposed in multiple breaches in 2017, heavily redacted incident reports show
Sensitive data belonging to the Ministry of Defence (MoD) has been compromised on multiple occasions by outside forces.
This is the finding after Sky News managed to obtain heavily redacted reports which revealed that the MoD and its partners failed to protect military and defence data in 37 incidents in 2017.
Last month the government confirmed it was planning to expand the UK’s offensive cyber-war capabilities by approximately fourfold with a new cyber warfare unit, amidst increased threats from the likes of Russia, North Korea and Iran.
According to Sky News, warnings issued by the MoD and National Cyber Security Centre mentioned a Chinese espionage group known as APT10, which was hacking IT suppliers in order to obtain military and intelligence information.
The reports of breaches of British military information were apparently redacted to conceal the outcome of the security incidents, including whether they resulted in damaging information being obtained by hostile nations.
Sky News reported that the MoD feels that publicly confirming details of the breaches beyond their existence would “provide potential adversaries with valuable intelligence on MoD’s and our industry partners’ ability to identify incidents and react to trends.”
“Disclosure of the information would be likely to increase the risk of a cyber attack against IT capability, computer networks and communication devices,” the ministry reportedly added.
So what type of data breaches is happening?
Well it seems that Sky News uncovered incidents where defence information was left unprotected, as well as foreign states’ surveillance of internet traffic.
Other breaches saw data with a ‘SECRET’ classification left at risk to physical operations in which spies could have accessed restricted offices, cabinets, and protected computer hardware.
Sky News said that 10 of the reports had the incident title redacted, alongside the standard redactions, which suggested the breaches were so severe the Ministry of Defence would regard even admitting that they happened as harming national security.
In other breaches, computer peripherals hadn’t been checked for espionage malware and this kit was connected to classified systems, and devices, documents. And incredibly, rooms were left exposed to unauthorised parties on multiple occasions.
Two incidents saw mobile phones and a laptop being taken overseas.
The fact that hackers managed to pilfer military data is a major cause for concern.
“The theft of any secret information is a serious threat to a business but when the stolen data includes military secrets it quickly ramps up to become a serious threat to national security,” explained Jake Moore, cyber security expert at ESET UK.
“Disclosure of such sensitive information to enemy eyes naturally increases the risk of a potential cyber-attack on their IT infrastructure and networks,” said Moore. “Lessons will hopefully be learnt from this particular attack, as in some cases the report suggests computers were not even checked for malware.”
“Ultimately, with such force it is difficult to defend from a constant flow of attacks but in simple terms this sort of breach should not be occurring in these numbers on secret documents in 2018,” he said.
“Human error still occurs and this report simply echoes that you can have endless computing power and other unmanned mitigation techniques in place, yet the human firewall can still easily be a target and let these attacks in,” Moore warned. “Such prevention techniques as robust and effective staff training will no doubt reduce the number of reported attacks on the MoD.”
But it is a fact that there is a cyber war ongoing behind the scenes. Earlier this month the Netherlands accused Russia of attempting to hack into the systems of the international chemical weapons watchdog.
Meanwhile the UK unveiled a list of hacks it said were carried out by Russia’s spy agency, the GRU.
The US also indicted seven Russian intelligence officers for conspiring to hack computers in an attempt to delegitimise international anti-doping organisations.
The British are not taking this lying down and are planning a massive expansion of its own cyber-offensive capability.
The exact nature of the UK’s offensive cyber weaponry is a closely guarded secret, but in a submission to a report last December by parliament’s intelligence and security committee, GCHQ said the capabilities of its cyber unit extended to “the high end of counter state offensive cyber capabilities”.
“We actually over-achieved and delivered (almost double the number of) capabilities (we were aiming for),” GCHQ said in the report.
In April the government said it had carried out a cyber-attack on the ISIL or Islamic State militant group.
How much do you know about hackers? Take our quiz!