French Submarine Builder Admits Data-Warfare Breach

French submarine maker DCNS recently claimed it was the victim of economic warfare after an Australian newspaper published more than 22,000 pages of highly detailed information on its Scorpene submarines being built in India.

A DCNS spokeswoman described the leak as potential corporate espionage that could affect the company’s contracts with other governments.

"Competition is getting tougher and tougher, and all means can be used in this context," Reuters quoted the spokeswoman as saying.

The Australian newspaper  published some 22,400 documents containing sensitive information on the technical capabilities of six Scorpene submarines that are being built at a shipyard in Mumbai, India.

According to the newspaper, the documents reveal the intelligence-gathering capabilities of the submarines, their stealth abilities and information pertaining to weapons, combat systems, diving, sensors, navigation, communication and sonar capabilities. The documents are so detailed they contain information like the conditions under which the periscope can be used and the noise levels created by the propeller.

The Australian said that in total it had reviewed over 4,450 pages on the Scorpene’s underwater sensors, another 4,200 or so pages of data on above-water sensors and over 4,300 pages on its combat systems.

In addition, the leaked documents include hitherto secret information on sea trials that the Malaysian Navy is conducting with its fleet of Scorpene submarines, The Australian said. Also leaked were 12 documents pertaining to DCNS radar systems in some Chilean frigates and deals with the Russian government pertaining to amphibious assault vessels.

In a brief statement, the DCNS said it is aware of the leak on the Indian Scorpenes and noted that the appropriate French authorities are currently investigating the breach. “This investigation will determine the exact nature of the leaked documents, the potential damages to DCNS customers as well as the responsibilities for this leakage.”

The Australian has not said how, where, or from whom it received the documents. But it has said the incident raises serious questions about the security of a $38 billion submarine project that the DCNS is currently negotiating with the Australian government.

DCNS itself has apparently hinted that the leak happened in India rather than in France. But information made available to The Australian suggests that a former French naval officer may have removed the data from a system in that country back in 2011 and made it available to a navy in southeast Asia, the paper said.

The DCNS leak is the second one in recent days involving the exposure of highly sensitive material. Earlier, a group calling itself ShadowBrokers released a data tranche containing details of top-secret cyber-weapons apparently developed by the US National Security Agency for use against adversaries.

Among the dozens of tools publicly released were several that targeted zero-day flaws in firewalls from companies like Cisco and Juniper.

Shadow Brokers also put up for auction a second, fully encrypted document that it says contains even more NSA cyber-weapons. The group has said it will release the decryption keys to the highest bidder or make the key publicly available if the auction raises around $550 million.

DarkReading:

 

« For Russian journalists fighting hacks is part of the job
Hedge Fund Robot Outsmarts Master »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

National Crime Agency (NCA) - United Kingdom

National Crime Agency (NCA) - United Kingdom

The NCA's Cyber Crime Unit focuses on critical cyber incidents in the UK as well as longer-term activity against the criminals and the services on which they depend.

Security Brokers

Security Brokers

Security Brokers focus services and solutions with a focus on strategic ICT Security and Cyber Defense issues.

Lynx

Lynx

Lynx provides high added value services in the area of information systems security and ICT infrastructure building.

BTblock

BTblock

Blockchain and cybersecurity is a vital combination for Enterprise success. BTblock is a Force Multiplier for its clients.

Soffid

Soffid

Soffid provides full Single-Sign-On experience and full Identity and Access Management features by policy-based centralised orchestration of user identities.

Spohn Solutions

Spohn Solutions

Spohn combines highly-experienced staff with a vendor neutral approach to deliver optimal solutions for IT Security and Compliance.

Swiss It Security Group

Swiss It Security Group

Swiss It Security Group offers clients complete IT security concepts based on innovative solutions and technology, with a focus on protection, detection and defence.

PacketViper

PacketViper

PacketViper’s Deception360 actively defends networks with deception-based threat detection and automated response to both external and internal cyber threats.

RankedRight

RankedRight

RankedRight empowers security teams to take immediate action on their most critical risks.

Performance Technologies

Performance Technologies

As a leading IT Solutions Provider in Greece, Performance Technologies delivers reliable, long life solutions, ensuring continuous availability of business-critical services and information.

Rhymetec

Rhymetec

Rhymetec are an industry leader in cloud security, providing innovative cybersecurity and data privacy services to the modern-day SaaS business.

Entech

Entech

Entech is a managed IT service provider. We work behind the scenes on your network to ensure data security and integrity.

Sec3

Sec3

Sec3 is a security and research firm providing bespoke audits and cutting edge tools to Web3 projects.

Black Belt Secure

Black Belt Secure

We provide critical cybersecurity services such as managed security, ransomware mitigation, penetration testing, system auditing and compliance services to your organization.

Replica

Replica

Replica creates authentic virtual environments that ensure identities and assets are always protected no matter where or what work needs to get done.