Singapore's Defence Ministry hit with first cyber attack

The I-net system provides Internet access on thousands of dedicated terminals to national servicemen and other employees working in Mindef's offices and Singapore Armed Forces premises, such as army camps and naval bases.

I-net holds no classified information and is not linked to the ministry's more sensitive internal systems, which have no connection to the Internet.

Stolen information includes NRIC numbers, telephone numbers and date of birth information.

David Koh, Mindef's deputy secretary for technology who also heads up the nation's Cyber Security Agency, told ChannelNewsAsia: "The attacks were targeted and well-planned".

Mindef said at a media briefing: "The real goal may have been to gain access to official secrets, but this was prevented by the physical separation of I-net from our internal systems".

Immediate and detailed forensic investigations were conducted on the entire I-net system to determine the extent of the breach, Mindef said.

The ministry said it would continue to provide internet kiosks as its employees and national servicemen required online access.

While the attack is unnerving, the government decided not to turn off the I-net system, only disconnecting the affected server. But it was prevented from doing so by the physical separation of the hacked system from Mindef's other internal systems.

"These hackers fail. [They] want to hack military secrets, didn't manage to, then try to steal personal data, only succeeded in 850 people", another said, sarcastically.

The Cyber Security Agency (CSA) and the Government Technology Agency of Singapore (GovTech) have also already been informed of the breach, and are investigating other government systems. The attacker only breached the outer layer but did not go deeper into classified systems.

Experts such as Dr Steven Wong, president of the Association of Information Security Professionals, and Mr Nick Savvides, security advocate for Symantec Asia-Pacific and Japan, said that they are not ruling out the possibility that the incident involved state-sponsored entities.

The Mindef breach was not the first time that the Singapore government has been on the receiving end of a successful cybersecurity attack.

One "pressing issue" now, Dr Wong said, would be to get the affected personnel to practise "good digital hygiene", including resetting their passwords and reporting any suspicious activity related to the use of their personal information.

Honeypots are computer security mechanisms that help detect and deflect or counteract attempts at security breaches. "Because of this we need to continually be vigilant and improve our cyber defences so that we remain resilient against cyberattacks", said Mr Koh.

  • Leroy Wright