MoD Email Blunder Leaks Secret NATO Report

Uploaded on 2016-04-27 in NEWS-Cybersecurity News, GOVERNMENT-Defence, FREE TO VIEW

The British Ministry of Defence (MoD) has been embarrassed after it emerged that an administrative error led to the accidental leak of a secret NATO document detailing ongoing military exercises.

The document, marked “NATO restricted” on every one of its 192 pages, was emailed to fishing and ferry operators at the end of March, according to the Herald.

It apparently contains long lists of email addresses, phone numbers and the location of military facilities as well as technical details related to the exercises including aircraft target areas, code decryption tables, authentication protocols and radio jamming information.

Also listed in the doc are dozens of code words, call signs and map co-ordinates, according to the report. The exercises in question are Griffin Strike 16, taking place in the South-West of England and Wales, and Joint Warrior 161 in Scotland.

The latter is a major bi-annual event currently running from 11-23 April and comprises “a program of exercises conducted by land forces, warships, submarines and aircraft across the UK,” according to the MoD.
The ministry admitted the error, which occurred when it was meant to send a missive on how fishing vessels and ferries may be affected by the live drills. However, a spokesman sought to play down the potential impact of the accidental leak.

“A communications issue around the Joint Warrior and Griffin Strike exercises was identified and appropriate measures have been taken. There is no impact to the public, military personnel or units participating in the exercise,” he told the Glasgow paper.

Mimecast director of security product management, Steven Malone, argued that even the most security-sensitive organisations can easily fall victim to a data leak thanks to end user error. “Employees rarely share confidential or secret information on purpose but need more help to avoid potentially damaging mistakes,” he told Infosecurity.

“Data loss prevention technology is mature and absolutely vital for highly sensitive data, but it must be considered a last resort backup. Employee awareness and understanding of security is the most critical control.”

This isn’t the first time the MoD has been found wanting when it comes to cybersecurity. Over a four-year period leading up to 2009, the ministry reported the theft of over 650 laptops, including on one occasion the key used to encrypt data on the machine.

Then in 2012 a database containing employee emails and passwords was hacked and dumped online by hacktivists NullCrew, after they managed to exploit a basic SQL injection vulnerability.

Infosecurityhttp://bit.ly/1U8F478

« GCHQ Approved: Ten Cyber Degree Courses
Self-Defence In A Connected World »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

RedTeam Security

RedTeam Security

RedTeam Security is a provider of Penetration Testing, Social Engineering, Red Teaming and Red Team Training services.

Black Hat Briefings

Black Hat Briefings

The Black Hat Briefings are a series of highly technical information security conferences that bring together thought leaders from all facets of the infosec world.

Radiant Logic

Radiant Logic

Radiant Logic is a market-leading provider of federated identity solutions based on virtualization, and delivers simple, logical, and standards-based access to all identities within an organization.

Internet Storm Center (ISC)

Internet Storm Center (ISC)

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with ISPs to fight back against the most malicious attackers.

Pindrop Security

Pindrop Security

Pindrop solutions are leading the way to the future of voice by establishing the standard for security, identity, and trust for every voice interaction.

LSEC

LSEC

LSEC is a global innovator and facilitator for the Cybersecurity industry. It is a non-profit membership organisation supporting further maturing the industry through its end users.

Visium Technologies

Visium Technologies

Visium Analytics provides innovative data visualization, cybersecurity technologies and solutions to businesses to protect and secure their data assets.

Kinnami Software

Kinnami Software

Kinnami is a data security company that equips organizations with the tools they need to secure and protect highly confidential documents and data.

Russell Reynolds Associates

Russell Reynolds Associates

Russell Reynolds Associates is a global leadership advisory and search firm with functional expertise in Digital Leadership, Data & Analytics, and Compliance.

Eureka Technology Partners

Eureka Technology Partners

Eureka Technology Partners are committed to helping you focus on your business by taking care of your IT infrastructure and data security needs.

SilverSky

SilverSky

SilverSky offers a comprehensive suite of products and services that deliver unprecedented simplicity and expertise for compliance and cybersecurity programs.

Lattice Semiconductor

Lattice Semiconductor

Lattice Semiconductor solves customer problems across the network, from the Edge to the Cloud, in the growing communications, computing, industrial, automotive and consumer markets.

Air IT

Air IT

Air IT are a responsive, client-focused and award-winning Managed Service Provider, helping clients achieve success and transformation through their IT and communications.

Radiant Security

Radiant Security

Radiant Security offers an AI-powered security co-pilot for Security Operations Centers (SOCs). Reinforce your SOC with an AI assistant.

Vultara

Vultara

Vultara provides web-based product security risk management tools for electronics manufacturers.

ACDS (Advanced Cyber Defence Systems)

ACDS (Advanced Cyber Defence Systems)

ACDS was founded in the belief that cyber security can be done better. We’re combining emerging technologies and proven methods to bring a new approach to tackling the growing threat landscape.