Cyber attack on Singaporean defence ministry occurred weeks before being detected
By Alfred Chua
A cyber attack in Singapore which resulted in the theft of the personal data of about 850 national servicemen and Ministry of Defence (Mindef) employees occurred weeks before it was detected on February 1, Second Defence Minister Ong Ye Kung told the country’s parliament.
Responding to questions from Members of Parliament (MPs) on the breach of the I-net system, which provides Internet access to national servicemen as well as employees from Mindef and the Singapore Armed Forces, Mr Ong said investigations are still ongoing.
But findings will be “kept confidential for security reasons”, he added, noting that the hackers’ “modus operandi was consistent with a covert attack”.
Mindef had previously said that classified military information was not compromised, as that was stored on a separate and more secure system which is not connected to the World Wide Web. However, the personal data of I-net account holders comprising NRIC numbers, telephone numbers, and dates of births were stolen.
Asked whether the stolen data could be exploited for future cyber attacks, Mr Ong said those information were “basic” and could not be used to conduct further hacking attempts.
He also told the House that on a daily basis, Mindef and the SAF experienced “hundreds of thousands of cyber intrusion attempts ranging from simple probes to sophisticated cyber-espionage efforts”.
Mindef, the minister added, adopts a “multi-layered, risk-based approach to cyber defence which balances between connectivity and speed on one hand, and security on the other”, with systems that contain sensitive military information physically separated from the internet, and protected by access controls and encryption.
Going ahead, Mr Ong said that both Mindef and the SAF will enhance its defence against cyber attacks by developing “better assessment tools, data analytics and content scanning engines”. The storage of personal data on its Internet systems will also be reviewed to minimise risks of cyber theft, he added.