MoD Email Blunder Leaks Secret NATO Report

Uploaded on 2016-04-27 in NEWS-Cybersecurity News, GOVERNMENT-Defence, FREE TO VIEW

The British Ministry of Defence (MoD) has been embarrassed after it emerged that an administrative error led to the accidental leak of a secret NATO document detailing ongoing military exercises.

The document, marked “NATO restricted” on every one of its 192 pages, was emailed to fishing and ferry operators at the end of March, according to the Herald.

It apparently contains long lists of email addresses, phone numbers and the location of military facilities as well as technical details related to the exercises including aircraft target areas, code decryption tables, authentication protocols and radio jamming information.

Also listed in the doc are dozens of code words, call signs and map co-ordinates, according to the report. The exercises in question are Griffin Strike 16, taking place in the South-West of England and Wales, and Joint Warrior 161 in Scotland.

The latter is a major bi-annual event currently running from 11-23 April and comprises “a program of exercises conducted by land forces, warships, submarines and aircraft across the UK,” according to the MoD.
The ministry admitted the error, which occurred when it was meant to send a missive on how fishing vessels and ferries may be affected by the live drills. However, a spokesman sought to play down the potential impact of the accidental leak.

“A communications issue around the Joint Warrior and Griffin Strike exercises was identified and appropriate measures have been taken. There is no impact to the public, military personnel or units participating in the exercise,” he told the Glasgow paper.

Mimecast director of security product management, Steven Malone, argued that even the most security-sensitive organisations can easily fall victim to a data leak thanks to end user error. “Employees rarely share confidential or secret information on purpose but need more help to avoid potentially damaging mistakes,” he told Infosecurity.

“Data loss prevention technology is mature and absolutely vital for highly sensitive data, but it must be considered a last resort backup. Employee awareness and understanding of security is the most critical control.”

This isn’t the first time the MoD has been found wanting when it comes to cybersecurity. Over a four-year period leading up to 2009, the ministry reported the theft of over 650 laptops, including on one occasion the key used to encrypt data on the machine.

Then in 2012 a database containing employee emails and passwords was hacked and dumped online by hacktivists NullCrew, after they managed to exploit a basic SQL injection vulnerability.

Infosecurityhttp://bit.ly/1U8F478

« GCHQ Approved: Ten Cyber Degree Courses
Self-Defence In A Connected World »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

NetGuardians

NetGuardians

NetGuardians is a leading Fintech company recognized for its unique approach to fraud and risk assurance solutions.

DirectDefense

DirectDefense

DirectDefense is an information security services and managed services provider.

Sysorex Government Services

Sysorex Government Services

Sysorex Government Services helps customers meet their strategic missions by providing secure, optimized IT solutions that allow them to perform more efficiently and effectively.

GreyCortex

GreyCortex

GreyCortex uses advanced artificial intelligence, machine learning, and data mining methods to help organizations make their IT operations secure and reliable.

Altaro Software

Altaro Software

Altaro provide backup solutions that are intuitive, easy to use, well-priced and backed by outstanding 24/7 support as part of the package.

Cyberport

Cyberport

Cyberport is focused on facilitating the growth of major technology trends such as FinTech and cybersecurity as well as the emerging technologies of AI, big data and blockchain.

neoEYED

neoEYED

neoEYED helps banks and fintech to detect and prevent frauds using a Behavioral AI that recognizes the users just by looking at “how” they interact with the applications.

Cyolo

Cyolo

Cyolo’s Secure Access Service Edge (SASE) platform securely connects onsite and remote users to authorized assets, in the organizational network, cloud or IoT environments and even offline networks.

ClassNK Consulting Service (NKCS)

ClassNK Consulting Service (NKCS)

ClassNK Consulting provides consulting services to the maritime industry with a focus on safety, security and compliance.

Suridata

Suridata

Suridata’s SaaS Security platform enables organizations to secure the use of SaaS applications.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Cyber Management Alliance

Cyber Management Alliance

Cyber Management Alliance is closing the divide in cyberspace by bringing together the best qualities of thought leadership and operational mastery of cyber security management.

SubCom

SubCom

How Much Do You Trust Your Endpoint? With our ‘Habituation Neural Fabric’ based endpoint security platform, you can observe and manage the Trust Score of your endpoints in real-time.

Atlas Cloud

Atlas Cloud

Atlas Cloud is a UK-wide provider of managed services based in Newcastle. Our ‘research-led’ approach to IT services helps leaders make better decisions about IT for their businesses.

CyberKinetics

CyberKinetics

CyberKinetics specializes in cloud-based services and solutions for federal agencies and commercial clients with compliance mandates.

Foresights

Foresights

Foresights is a Nordic company utilizing advanced intelligence tradecraft and extensive cyber security capabilities to deliver services and advisory tailored to our client’s critical requirements.