MoD Email Blunder Leaks Secret NATO Report

Uploaded on 2016-04-27 in NEWS-Cybersecurity News, GOVERNMENT-Defence, FREE TO VIEW

The British Ministry of Defence (MoD) has been embarrassed after it emerged that an administrative error led to the accidental leak of a secret NATO document detailing ongoing military exercises.

The document, marked “NATO restricted” on every one of its 192 pages, was emailed to fishing and ferry operators at the end of March, according to the Herald.

It apparently contains long lists of email addresses, phone numbers and the location of military facilities as well as technical details related to the exercises including aircraft target areas, code decryption tables, authentication protocols and radio jamming information.

Also listed in the doc are dozens of code words, call signs and map co-ordinates, according to the report. The exercises in question are Griffin Strike 16, taking place in the South-West of England and Wales, and Joint Warrior 161 in Scotland.

The latter is a major bi-annual event currently running from 11-23 April and comprises “a program of exercises conducted by land forces, warships, submarines and aircraft across the UK,” according to the MoD.
The ministry admitted the error, which occurred when it was meant to send a missive on how fishing vessels and ferries may be affected by the live drills. However, a spokesman sought to play down the potential impact of the accidental leak.

“A communications issue around the Joint Warrior and Griffin Strike exercises was identified and appropriate measures have been taken. There is no impact to the public, military personnel or units participating in the exercise,” he told the Glasgow paper.

Mimecast director of security product management, Steven Malone, argued that even the most security-sensitive organisations can easily fall victim to a data leak thanks to end user error. “Employees rarely share confidential or secret information on purpose but need more help to avoid potentially damaging mistakes,” he told Infosecurity.

“Data loss prevention technology is mature and absolutely vital for highly sensitive data, but it must be considered a last resort backup. Employee awareness and understanding of security is the most critical control.”

This isn’t the first time the MoD has been found wanting when it comes to cybersecurity. Over a four-year period leading up to 2009, the ministry reported the theft of over 650 laptops, including on one occasion the key used to encrypt data on the machine.

Then in 2012 a database containing employee emails and passwords was hacked and dumped online by hacktivists NullCrew, after they managed to exploit a basic SQL injection vulnerability.

Infosecurityhttp://bit.ly/1U8F478

« GCHQ Approved: Ten Cyber Degree Courses
Self-Defence In A Connected World »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

HDI

HDI

HDI is the worldwide professional association and certification body for the technical service and support industry.

Logpoint

Logpoint

Logpoint is a creator of innovative security platforms to empower security teams in accelerating threat detection, investigation and response with a consolidated tech stack.

Dataguise

Dataguise

Dataguise provides a data-centric security solution to detect, protect, and monitor sensitive data in real time across all data repositories, both on premises and in the cloud.

NATO Communications and Information Agency (NCIA)

NATO Communications and Information Agency (NCIA)

The NCIA Cyber Security Service Line is responsible for planning and executing all life cycle management activities for cyber security.

Armadillo Sec

Armadillo Sec

Armadillo provide penetration testing and vulnerability assessment services.

SecuPi

SecuPi

SecuPi delivers data-centric security with data-flow discovery, real-time monitoring, behavior analytics, and protection across web and enterprise applications and big data environments.

Thridwayv

Thridwayv

Thirdwayv helps your enterprise realize the full potential of loT connectivity. All while neutralizing security threats that can run ruin the customer experience - and your reputation.

Networks Unlimited

Networks Unlimited

Networks Unlimited is a leading value-added distributor in Africa, providing technology solutions with a focus on security, networking, enterprise systems management and cloud technologies.

Cyber Security for Europe (CyberSec4Europe)

Cyber Security for Europe (CyberSec4Europe)

CyberSec4Europe is designing, testing and demonstrating potential governance structures for a European Cybersecurity Competence Network.

JFrog

JFrog

JFrog is on a mission to enable continuous updates through Liquid Software, empowering developers to code high-quality applications that securely flow to end-users with zero downtime.

CSIOS Corp.

CSIOS Corp.

At CSIOS we help our customers achieve and sustain information and cyberspace superiority through a full range of defensive and offensive cyberspace operations and cybersecurity consulting services.

Finesse Global

Finesse Global

Finesse is a global system integration and digital business transformation company.

Dynamic Networks

Dynamic Networks

Dynamic Networks provide Managed Cloud Services; Unified Communications; Security & Compliance Services and Network & Infrastructure Services for both Public Sector and Private sector businesses.

Zeus Cloud

Zeus Cloud

Zeus Cloud provide clients with world-class web hosting services to businesses both big and small.

Bell Canada

Bell Canada

Bell is the leading provider of network and communications services for Canadian businesses and the partner for delivering network, IoT, cloud, voice, collaboration and security solutions.

Prefactor

Prefactor

Prefactor was built because the problem of authenticating and authorizing users continues to be a battle engineers face globally.