NATO Secrets Found For Sale On The Dark Web

Portugal’s Armed Forces Ministry has suffered a cyber attack that allegedly allowed the theft of classified NATO documents, which are now being  sold on the Dark Web. The extent of the damage is still being investigated by the National Security Office, but suspicions are that a security breach facilitated the exfiltration of secret NATO documents from supposedly secure military computers.

According to sources, insecure channels were used to receive and forward the documents when the official Integrated System of Military Communications (SICOM) should have been used.

US intelligence agencies noticed the sale of stolen documents and alerted the US embassy in Lisbon, which in turn warned the Portuguese government about the data breach. “The exchange of information between allies in terms of information security is permanent at the bilateral and multilateral levels,” said a spokesperson for the Prime Minister.  “Whenever there is a suspicion of compromise of cyber security of information system networks, the situation is extensively analysed and all procedures aimed at enhancing cyber security awareness and the correct handling of information to deal with new types of threat are implemented...  Disciplinary and/or criminal law automatically determines the adoption of appropriate procedures."

The data leak comes after NATO claimed in late August that the bloc was investigating a hacking of missile firm MBDA by unknown malicious actors. According to media reports, the hackers had put blueprints of weapons used by Ukraine in its conflict with Russia on sale on the Dark Web. 

This incident is not the first time that Portugal was involved in a security breach related to NATO documents. In 2018, Portuguese intelligence officer Frederico Carvalhao Gil was convicted for spying for Russia after he was found selling classified NATO and EU documents to a Russian agent.

Diario de Noticias:    ITPro:    Bleeping Computer:     AA.com:    FarsNews:     Babel:       Portugal Resident

You Might Also Read: 

NATO & Ukraine Agree Deeper Cyber Co-operation:

 

« Securing Hybrid Identity
Five Cloud Security Mistakes Your Business Should Avoid »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Pondurance

Pondurance

Pondurance is an IT Security and Compliance company providing services in Cyber Security, Continuity, Compliance and Threat Management.

Nmap Project

Nmap Project

Nmap Project is a Free and open source tool for network discovery, administration, and security auditing.

Mitchell Sandham

Mitchell Sandham

Mitchell Sandham is an, independent insurance and financial services brokerage. Business products include Cyber/Privacy Liability insurance.

NRI Secure Technologies

NRI Secure Technologies

NRI SecureTechnologies is a Cybersecurity group company of the Nomura Research Institute (NRI) and a global provider of next-generation Managed Security Services and Security Consulting.

Saudi Federation for Cyber Security and Programming (SAFCSP)

Saudi Federation for Cyber Security and Programming (SAFCSP)

SAFCSP is a national institution under the umbrella of the Saudi Arabian Olympic Committee, which seeks to build national and professional capabilities in the fields of cyber security and programming.

Department of Energy - Cybersecurity, Energy Security, and Emergency Response (CESER)

Department of Energy - Cybersecurity, Energy Security, and Emergency Response (CESER)

The Office of Cybersecurity, Energy Security, and Emergency Response (CESER) addresses the emerging threats of tomorrow while protecting the reliable flow of energy to Americans today.

Securepoint

Securepoint

Securepoint is the market leader in the development of professional “Unified Threat Management” solutions in Germany.

Rippleshot

Rippleshot

Rippleshot is a fraud analytics firm that detects mass card compromises faster, allowing issuers to execute more proactive fraud detection strategies.

CyberProof

CyberProof

CyberProof aims to give clarity and confidence to businesses worldwide using a new risk-based approach to cyber security services.

Beosin

Beosin

Beosin is a blockchain security company providing cybersecurity services including security audits, on-chain asset investigation, threat intelligence and wallet security.

VirtualArmour

VirtualArmour

VirtualArmour is a managed security services provider with global reach and local attitude.

Oregon Systems

Oregon Systems

Oregon Systems is a Regional Leader & Distributor with value added services for OT, IoT, IIoT & IT Cybersecurity products, Solutions & professional services throughout the middle-east region.

Xeol

Xeol

Software free of vulnerabilities, built and distributed by trusted entities. Our mission is to help customers secure their software from code to deploy.

View

View

View is the leader in smart building technologies including OT cybersecurity to securely connect buildings to the cloud and manage building networks and OT devices.

Emantra

Emantra

Emantra specialises in the enablement of Secure Cloud services through it’s comprehensive Sovereign Cloud Hosting, Secure Access Service Edge, and managed services.

Lyvoc

Lyvoc

Lyvoc is a premier cybersecurity integration partner renowned for its expertise in supporting its clients to accelerate and secure their digital transformation.