NATO Secrets Found For Sale On The Dark Web

Portugal’s Armed Forces Ministry has suffered a cyber attack that allegedly allowed the theft of classified NATO documents, which are now being  sold on the Dark Web. The extent of the damage is still being investigated by the National Security Office, but suspicions are that a security breach facilitated the exfiltration of secret NATO documents from supposedly secure military computers.

According to sources, insecure channels were used to receive and forward the documents when the official Integrated System of Military Communications (SICOM) should have been used.

US intelligence agencies noticed the sale of stolen documents and alerted the US embassy in Lisbon, which in turn warned the Portuguese government about the data breach. “The exchange of information between allies in terms of information security is permanent at the bilateral and multilateral levels,” said a spokesperson for the Prime Minister.  “Whenever there is a suspicion of compromise of cyber security of information system networks, the situation is extensively analysed and all procedures aimed at enhancing cyber security awareness and the correct handling of information to deal with new types of threat are implemented...  Disciplinary and/or criminal law automatically determines the adoption of appropriate procedures."

The data leak comes after NATO claimed in late August that the bloc was investigating a hacking of missile firm MBDA by unknown malicious actors. According to media reports, the hackers had put blueprints of weapons used by Ukraine in its conflict with Russia on sale on the Dark Web. 

This incident is not the first time that Portugal was involved in a security breach related to NATO documents. In 2018, Portuguese intelligence officer Frederico Carvalhao Gil was convicted for spying for Russia after he was found selling classified NATO and EU documents to a Russian agent.

Diario de Noticias:    ITPro:    Bleeping Computer:     AA.com:    FarsNews:     Babel:       Portugal Resident

You Might Also Read: 

NATO & Ukraine Agree Deeper Cyber Co-operation:

 

« Securing Hybrid Identity
Five Cloud Security Mistakes Your Business Should Avoid »

Quartz Conference
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Perimeter 81 / Zero Trust Network Access Guide

Perimeter 81 / Zero Trust Network Access Guide

Curious how you can Implement a Zero Trust roadmap with insights from Gartner? Download this free report for a limited time only.

Tripwire

Tripwire

Tripwire are a leading provider of risk-based security, compliance and vulnerability management solutions.

Bloombase

Bloombase

Bloombase is the leading innovator in Next-Generation Data Security solutions for Global 2000-scale organizations

Cellebrite

Cellebrite

Cellebrite delivers comprehensive solutions for mobile data forensics and mobile lifecycle management.

Citicus

Citicus

Citicus provides world-class security, risk and compliance management software, plus supporting services.

SAI Global

SAI Global

SAI Global provide products and services for enterprise risk management including Governance, Risk & Compliance and Digital Risk solutions.

Escrypt

Escrypt

Escrypt - Embedded Security is a pioneer and one of today’s leading solution providers for embedded IT security.

Segment

Segment

Segment provides a range of services and solutions for all companies which have a need for data protection and IT security.

GulfTalent

GulfTalent

GulfTalent is the leading job site for professionals in the Middle East and Gulf region covering all sectors and job categories, including cybersecurity.

Blockchains LLC

Blockchains LLC

Blockchains is committed to changing the world for the better. Using blockchain and other innovative technologies, we’ll build new systems, new security, and new interactions.

Kiuwan

Kiuwan

Kiuwan provide software security solutions with SAST and SCA source-code analysis that fit into your DevOps process.

Britive

Britive

The Britive Platform is a cloud-native security solution built for the most demanding cloud-forward enterprises.

EVOKE

EVOKE

EVOKE is an award-winning Digital Transformation company that partners with its clients to build digital workplace solutions for organizational challenges.

Dynatrace

Dynatrace

Dynatrace provides software intelligence to simplify cloud complexity and accelerate digital transformation.

Globant

Globant

Globant is an It and software development company. We leverage the latest technologies and methodologies to help organizations transform in every aspect, including software security.

WhizHack Technologies

WhizHack Technologies

WhizHack's mission is to not only create a pipeline of cyber security products but also to empower people to sustainable innovation in securing digital assets of tomorrow.

SRG Security Resource Group

SRG Security Resource Group

SRG Security Resource Group is a Canadian company dedicated to providing world-class Physical and Cyber Security services.

Certo Software

Certo Software

Certo are trusted experts in mobile security. At Certo, mobile security is not an afterthought, it’s what we do.