Parliament: Breach of Defence Ministry's Internet system was 'consistent with a covert attack'

In February, the Ministry of Defence said hackers had stolen NRIC numbers, telephone numbers and birth dates of 854 personnel, through a breach of its I-Net system.
In February, the Ministry of Defence said hackers had stolen NRIC numbers, telephone numbers and birth dates of 854 personnel, through a breach of its I-Net system.PHOTO: BLOOMBERG

SINGAPORE - The cyber breach on the Defence Ministry's I-net system was "consistent with a covert attack, with means used to mask the perpetrator's actions and intent", Second Minister for Defence Ong Ye Kung said on Monday (April 3).

Investigations into the attack, which was discovered on Feb 1 and revealed on Feb 28, are ongoing, but "findings will be kept confidential for security reasons", he added.

Mr Ong was giving an update of the incident in Parliament, in response to questions from MPs Lim Wee Kiak and Vikram Nair, both from Sembawang GRC, and Non-Constituency MP Dennis Tan.

Asked by Mr Tan if the culprit had been identified, Mr Ong said he was unable to comment because it concerned a "security issue".

But the minister added that the information loss is basic and that no passwords were lost.

"I do not think that, with this information, they can conduct further hacking," he added.

The Ministry of Defence (Mindef) said on Feb 28 that the hackers had stolen NRIC numbers, telephone numbers and birth dates of 854 personnel, through a breach of its I-Net system.

The system provides Internet access on thousands of dedicated terminals to national servicemen and other staff working in Mindef's offices and Singapore Armed Forces (SAF) premises.

Mindef had also said it ruled out casual hackers, criminal gangs and an inside job, leading experts to believe that foreign governments could be behind the attack.

The affected server was taken offline after the discovery of the attack. Affected personnel were asked to change passwords and report any unusual activities relating to the use of their personal data.

Mr Ong said on Monday that Mindef's IT systems are "no different" from others, and like them, experience "hundreds of thousands" of cyber intrusion attempts, ranging from simple probes to cyber-espionage efforts.

But he said the I-Net system contains no classified information, and that networks which contain sensitive military information are physically separated from the Internet, and protected with encryption and access controls.

This separation is critical, said Mr Ong, adding the perpetrators in this breach "went through the window but couldn't access the house, because the house is separate".

But Mr Ong said the weakest link is often the human factor, and more education is needed.

"We can have the most sophisticated anti cyber defence system but you don't have the discipline and you plug an external device into your office network, and it can be infected," he added.

He also revealed that the breach occurred "weeks before detection" as he cited how the time taken before a breach is detected in other IT systems tends to be longer.

Referring to industry reports, Mr Ong said it takes an average of about 150 days, or five months, before a breach is discovered.

He listed examples such as the attack on the email servers of the US Democratic National Committee in mid-2015, and which was detected in April 2016, by which time all emails and chats had been stolen.

Mr Ong said Mindef and SAF will develop better assessment tools, data analytics and content scanning engines to fend off cyber-attacks.

"We will also review the storage of personal data on our Internet systems to minimise risks of cyber theft," he told the House.