MoD Email Blunder Leaks Secret NATO Report

Uploaded on 2016-04-27 in NEWS-Cybersecurity News, GOVERNMENT-Defence, FREE TO VIEW

The British Ministry of Defence (MoD) has been embarrassed after it emerged that an administrative error led to the accidental leak of a secret NATO document detailing ongoing military exercises.

The document, marked “NATO restricted” on every one of its 192 pages, was emailed to fishing and ferry operators at the end of March, according to the Herald.

It apparently contains long lists of email addresses, phone numbers and the location of military facilities as well as technical details related to the exercises including aircraft target areas, code decryption tables, authentication protocols and radio jamming information.

Also listed in the doc are dozens of code words, call signs and map co-ordinates, according to the report. The exercises in question are Griffin Strike 16, taking place in the South-West of England and Wales, and Joint Warrior 161 in Scotland.

The latter is a major bi-annual event currently running from 11-23 April and comprises “a program of exercises conducted by land forces, warships, submarines and aircraft across the UK,” according to the MoD.
The ministry admitted the error, which occurred when it was meant to send a missive on how fishing vessels and ferries may be affected by the live drills. However, a spokesman sought to play down the potential impact of the accidental leak.

“A communications issue around the Joint Warrior and Griffin Strike exercises was identified and appropriate measures have been taken. There is no impact to the public, military personnel or units participating in the exercise,” he told the Glasgow paper.

Mimecast director of security product management, Steven Malone, argued that even the most security-sensitive organisations can easily fall victim to a data leak thanks to end user error. “Employees rarely share confidential or secret information on purpose but need more help to avoid potentially damaging mistakes,” he told Infosecurity.

“Data loss prevention technology is mature and absolutely vital for highly sensitive data, but it must be considered a last resort backup. Employee awareness and understanding of security is the most critical control.”

This isn’t the first time the MoD has been found wanting when it comes to cybersecurity. Over a four-year period leading up to 2009, the ministry reported the theft of over 650 laptops, including on one occasion the key used to encrypt data on the machine.

Then in 2012 a database containing employee emails and passwords was hacked and dumped online by hacktivists NullCrew, after they managed to exploit a basic SQL injection vulnerability.

Infosecurityhttp://bit.ly/1U8F478

« GCHQ Approved: Ten Cyber Degree Courses
Self-Defence In A Connected World »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

SCADAhacker

SCADAhacker

SCADAhacker provides mission critical information relating to industrial security of SCADA, DCS and other Industrial Control Systems.

Cyber Defense Media Group (CDMG)

Cyber Defense Media Group (CDMG)

CDMG is the leading global media group for all things cyber defense.

CDNetworks

CDNetworks

CDNetworks is a global content delivery network with a fully integrated cloud security solution, offering unparalleled speed, security and reliability for the almost instant delivery of web content.

INCIBE-CERT

INCIBE-CERT

INCIBE-CERT is the reference security incident response center for citizens and private law entities in Spain

MSG Systems

MSG Systems

MSG are committed to intelligent IT and industry solutions and offer independent consulting on all aspects of information security.

Cybertech

Cybertech

Cybertech Conference & Exhibition presents commercial problem solving strategies and solutions for the global cyber threat that meet the diverse challenges for a wide range of sectors.

Avatao

Avatao

Avatao is an online training platform for building secure software, offering a rich library of hands-on IT security exercises for software engineers to teach secure programming.

State e-Government Agency (SEGA) - Bulgaria

State e-Government Agency (SEGA) - Bulgaria

The State e-Government Agency (SEGA) is responsible for matters relating to electronic governance in Bulgaria.

Tech-Recycle

Tech-Recycle

Tech-Recycle was formed to help companies and individuals securely, ethically and easily recycle their IT and office equipment. We destroy all data passed to us safely and securely.

Converge Technology Solutions

Converge Technology Solutions

Converge Technology Solutions Corp. is a North American IT solution provider delivering advanced analytics, cloud, cybersecurity, and managed services solutions.

Bytes Technology Group

Bytes Technology Group

Bytes is a leading provider of world-class IT solutions. Our growing portfolio of services includes cloud, security, licensing, SAM, storage, virtualisation and managed services.

BalkanID

BalkanID

BalkanID is an Identity governance solution that leverages data science to provide visibility into your SaaS & public cloud entitlement sprawl.

Iris Powered by Generali

Iris Powered by Generali

Iris Powered by Generali is an identity theft resolution provider. Our offering combines expert assistance and support with user-friendly identity protection technology.

International Association of Financial Crimes Investigators (IAFCI)

International Association of Financial Crimes Investigators (IAFCI)

International Association of Financial Crimes Investigators provides services and information about financial fraud, fraud investigation and fraud prevention.

Cork

Cork

Cork is a purpose-built cyber warranty company for managed service providers (MSPs) serving small businesses (SMBs) and the software solutions they manage.

Bestman Solutions

Bestman Solutions

As a specialist cyber security practice, we believe that people are an organisation’s most valuable asset. Success depends on hiring the right people, and this is where we come in.