Singapore’s Ministry of Defence (MINDEF) announced that their cyber security network, I-net, was breached earlier in this month in February, and that personal details of 850 National Servicemen were leaked. The government covered up the breach until today (Feb 28) but remains still unable to recover the leaked data or catch the culprit.
NRIC numbers, telephone numbers and birth dates were leaked but MINDEF is quick to clarify that no classified military information is stored in I-net. The ministry said that the hacking was done over the internet.
Although MINDEF remains clueless on the perpetrators, they claimed that it is not the “work of casual hackers” or “criminal gangs”:
“The real purpose may have been to gain access to official secrets, but this was prevented by the physical separation of I-net from our internal systems. The attack did not come from camps or internal systems. Neither was it the work of causal hackers or criminal gangs. The hacker exploited vulnerabilities in the server and the vulnerabilities have been plugged. Mindef adopts a multilayer approach to security. The attacker only breached the outer layer but did not go deeper into classified systems.”Classified and military data, and internal e-mail applications reside in a different system that is not connected to the Internet.”
When questioned why did the government covered up the hacking without informing the victims, MINDEF claimed that they needed time to conduct investigations. However the investigations were fruitless.