The Singapore Ministry of Defence’s servers were hacked in February with personal data of 850 national servicemen and employees stolen, it announced yesterday.
The breach was detected in the Ministry’s I-net system which is used by employees to access the internet at dedicated terminals at military camps and defence premises. The stolen data includes employees’ national identity numbers, telephone numbers, and dates of birth, which are stored on the internet-connected I-net system.
“The attacks were targeted and well-planned,” David Koh, MINDEF’s Deputy Secretary for Technology, told Channel NewsAsia. “Based on our investigations, they are not the work of casual hackers or criminal gangs,” added Koh, who also heads the Cyber Security Agency.
The main aim of the attack may have been to gain access to official secrets, but “this was prevented by the physical separation of I-net from our internal systems,” the ministry said in a press release. Classified information is stored on a different computer system which is not connected to the internet and has stricter security features, it added.
Singapore last year began cutting off internet access on public servants’ work computers to prevent leaks of government data. Officials would have to request for a separate device for internet browsing. But this device is not meant to be connected to internal email systems and citizen databases.
“It’s no secret that Government agencies, including MINDEF, are prime targets, and we are under constant cyberattack,” Koh added. “Because of this, we need to continually be vigilant and improve our cyber defences so that we remain resilient against cyberattacks.”
The ministry disconnected the hacked server once the breach was detected. It informed the Cyber Security Agency and Government Technology Agency to investigate other government systems too. No other hacks have been detected so far, it says. Other defence and army systems are also being investigated.