The Singaporean military’s dedicated web access system was breached this month by hackers thought to be hunting for official secrets, the government said on Tuesday.
Investigations into the breach of the Ministry of Defence’s “I-net” system – which is detached from computers dealing with classified information – found the personal information of about 850 people had been stolen, the ministry said.
One analyst said there was a “high probability” that the hack was state sponsored.
The I-net system is air-gapped, meaning that computers linked to it do not have access to a separate system that handles the digital exchange of classified information.
“Investigations are ongoing. The attack on I-net appeared to be targeted and carefully planned. The real purpose may have been to gain access to official secrets, but this was prevented by the physical separation of I-net from our internal systems,” the ministry said.
Classified information is exchanged using “a different computer system with more stringent security features [that is] not connected to the internet,” it said.
Information stolen during the attack included national identity card information, telephone numbers and dates of birth.
The defence ministry said it had informed the city state’s Cyber Security Agency and the Government Technology Agency to investigate other government systems. “No breaches have been detected so far,” it said.
Bryce Boland, chief technology officer for Asia Pacific at the cybersecurity firm FireEye, said based on the government statement, the attack “appeared to be a relatively contained breach”. The Singapore-based cybersecurity expert lauded the government’s transparency regarding the breach.
“It is very unusual for events like breaches to be discovered, let alone thoroughly investigated. That is what’s necessary to ensure that the impact of the breach is well understood,” Boland told This Week in Asia.
The attack comes months after authorities in the Lion City announced plans to extend the air-gap system to the entire civil service. The practice had been confined to ministries dealing with sensitive information, including the defence and foreign ministries.
Officials had said the move was needed because of the rising threat of government data being stolen, but they faced public derision for what was seen as a retrograde technological move in one of Asia’s most wired societies. The move is expected to come into full force in May. Civil servants will still be able to surf the internet at work, but will have to do so on separate personal or government-issued devices. Critics have said the move will hurt productivity in the civil service, and that it will do little to boost cybersecurity.
The controversial policy was “what the government should be doing”, said Boland.
“They should be protecting the information of their citizens, and the steps they are taking are commensurate with the threat. It’s the right thing for them to do.”
John Ellis, a cyber security expert, said his initial assessment based on the government statement was that “there is a high probability that this attack was state sponsored given the current geopolitical climate”.
FireEye said in a 2015 report that claimant states in the South China Sea territorial dispute faced the risk of the disagreement spilling into “cyber operations”.
Sophisticated attacks called “advanced persistent threats” (APTs) were being used by rival governments to “conduct cyberespionage to obtain valuable political or military intelligence,” the report said.
“We routinely observe APT groups stealing information that deals with the South China Sea disputes and their economic effects from the networks of governments and companies involved,” it said.
Singapore is not a party to the territorial disputes, which involves China, Malaysia, Vietnam, the Philippines, Taiwan and Brunei.