MoD Email Blunder Leaks Secret NATO Report

The British Ministry of Defence (MoD) has been embarrassed after it emerged that an administrative error led to the accidental leak of a secret NATO document detailing ongoing military exercises.

The document, marked “NATO restricted” on every one of its 192 pages, was emailed to fishing and ferry operators at the end of March, according to the Herald.

It apparently contains long lists of email addresses, phone numbers and the location of military facilities as well as technical details related to the exercises including aircraft target areas, code decryption tables, authentication protocols and radio jamming information.

Also listed in the doc are dozens of code words, call signs and map co-ordinates, according to the report. The exercises in question are Griffin Strike 16, taking place in the South-West of England and Wales, and Joint Warrior 161 in Scotland.

The latter is a major bi-annual event currently running from 11-23 April and comprises “a program of exercises conducted by land forces, warships, submarines and aircraft across the UK,” according to the MoD.
The ministry admitted the error, which occurred when it was meant to send a missive on how fishing vessels and ferries may be affected by the live drills. However, a spokesman sought to play down the potential impact of the accidental leak.

“A communications issue around the Joint Warrior and Griffin Strike exercises was identified and appropriate measures have been taken. There is no impact to the public, military personnel or units participating in the exercise,” he told the Glasgow paper.

Mimecast director of security product management, Steven Malone, argued that even the most security-sensitive organisations can easily fall victim to a data leak thanks to end user error. “Employees rarely share confidential or secret information on purpose but need more help to avoid potentially damaging mistakes,” he told Infosecurity.

“Data loss prevention technology is mature and absolutely vital for highly sensitive data, but it must be considered a last resort backup. Employee awareness and understanding of security is the most critical control.”

This isn’t the first time the MoD has been found wanting when it comes to cybersecurity. Over a four-year period leading up to 2009, the ministry reported the theft of over 650 laptops, including on one occasion the key used to encrypt data on the machine.

Then in 2012 a database containing employee emails and passwords was hacked and dumped online by hacktivists NullCrew, after they managed to exploit a basic SQL injection vulnerability.

Infosecurityhttp://bit.ly/1U8F478

« GCHQ Approved: Ten Cyber Degree Courses
Self-Defence In A Connected World »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CyberDef

CyberDef

CyberDef is a consulting company specialising in cyber defence services for small and medium enterprises.

CyberOwl

CyberOwl

CyberOwl builds on cutting-edge research and combines decades of experience in developing, securing and operating large distributed systems.

Onspring

Onspring

Onspring is the cloud-based platform of choice for governance, risk and compliance (GRC) teams and business operations experts across multiple industries.

Repulsa

Repulsa

Repulsa provides state-of-the-art, patented, fast filtering with over 700 million malicious IP addresses and over 30 million categorized site listings updated daily.

Cybersecurity Tech Accord

Cybersecurity Tech Accord

The Cybersecurity Tech Accord promotes a safer online world by fostering collaboration among global technology companies.

Computer Network Defence (CND)

Computer Network Defence (CND)

Computer Network Defence (CND) are a Broad-Spectrum Cyber Security Consultancy and Recruitment Agency.

Cyber Smart Defense

Cyber Smart Defense

Cyber Smart Defense is a specialist provider of penetration testing services and IT security audits.

Palantir

Palantir

Palantir software empowers entire organizations to answer complex questions quickly by bringing the right data to the people who need it.

Octiga

Octiga

Octiga is an office 365 cloud security provider. It offers Office 365 monitoring, incident response and recovery tools.

Digital Pathways

Digital Pathways

Digital Pathways is an award-winning data security provider that helps businesses protect their digital assets.

Airtel Secure

Airtel Secure

Airtel Secure’s multi-layered, full service cybersecurity offerings are designed to safeguard enterprises against threats of various kinds and origins.

Certihash

Certihash

Certihash have developed the world’s first blockchain empowered suite of information security tools based on the NIST cybersecurity framework.

Illustria

Illustria

Illustria is your agent-less “watchdog” for all open source libraries. Our mission is becoming a dev-velocity company, enabled via cyber security.

WillCo Tech

WillCo Tech

WillCo Tech works to enhance national security and force readiness for military and commercial enterprises with a suite of software capabilities surrounding the human element of cybersecurity.

SOCRadar

SOCRadar

SOCRadar is an Extended Threat Intelligence (XTI) SaaS platform that combines External Attack Surface Management (EASM), Digital Risk Protection Services (DRPS), and Cyber Threat Intelligence (CTI).

Hopper Security

Hopper Security

The Future of Open-Source Risk Management Starts Here. We built Hopper to make sure you can harness the power of Open-Source safely and effectively.