Alarm bells rang across Britain’s defence and national security corridors in August this year when the Royal Air Force discovered a social engineering attack via Tinder using which a hacker was trying to gain insight into the cutting-edge F-35 stealth fighter.
The fraudster was apparently trying to gain sensitive information about the cutting-edge F-35 stealth fighter, 48 of which have been purchased by Britain from the United States for £9.1 billion and a few of which are already in service. Britain will ultimately purchase as many as 138 F-35s, each costing around £92 million.
The said hacker, who hacked into an RAF airwoman’s Tinder account, then used the account to initiate a conversation with an RAF airman and allegedly tried to make him divulge details about the F-35, some of which are presently being operated by the RAF.
Fortunately, the social engineering tactic failed as not only was the airman not connected to the F-35 programme, the woman whose account was hijacked also learned about the hack and informed her superiors immediately. After investigating the campaign, the RAF issued an internal memo to all servicemen to warn them about the risk posed by social engineering attacks.
Ministry of Defence suffered major data loss in 2017
While an alert airwoman helped the RAF prevent a major breach of sensitive F-35 data, Britain’s defence industry hasn’t been so lucky as repeated cyber attacks in various forms have allowed hackers to gain information about the country’s classified defence programmes.
According to information obtained by Sky News, as many as 37 successful cyber attacks took place in 2017 that compromised sensitive military and defence data belonging to the Ministry of Defence.
The Ministry of Defence redacted the breach reports to “conceal the outcome of the security incidents”, the report claimed, adding that any public admission by the MoD could “provide potential adversaries with valuable intelligence on MoD’s and our industry partners’ ability to identify incidents and react to trends”.
The report added that these cyber incidents included attacks by nation-state hackers, foreign spies gaining access to sensitive information stored in offices, cabinets, and protected computer hardware, and hackers breaching perimeter security to infiltrate classified systems, documents, and rooms. Incident titles of ten such cyber incidents were redacted by the Ministry of Defence, thereby concealing even the nature of such breaches.
“We live in a world where it is not surprising that military departments can be breached. These organisations have a wide variety of infrastructure spanning everything including endpoints, data centres and the cloud,” said Luke Brown, VP EMEA at WinMagic.
“This means it is not an easy task to ensure deeply sensitive – and highly valuable – information doesn’t fall into the wrong hands. What is needed is an end–to–end data protection platform that works across all infrastructures. More importantly, this must encrypt the data, and ensure it stays encrypted until needed.
“For organisations operating on the frontline of national security, protecting intellectual property must be the number one priority. Should it fall into the wrong hands there could be serious consequences. In cases like this, where it is unclear exactly who has been responsible for the data breach, an encryption platform makes all the difference. If your data gets breached – and it will – the sensitive information will be unreadable to anyone who’s not authorised to read it,” he added.
Offensive cyber-force to repel attackers?
Earlier this month, The Times learned that the Ministry of Defence and GCHQ are planning to set up an “offensive-cyber force” to respond effectively to hostile states, domestic cyber gangs and terrorists.
Sources told The Times that the upcoming cyber-force, the creation of which is yet to be acknowledged by the government, will be composed of experts from the military, security services, and industry and will not only be required to respond effectively to cyber threats from Russia, but also to deter criminal gangs, paedophile rings, and people-traffickers.
According to The Times, GCHQ and the MoD are presently at loggerheads over the command structure of the offensive cyber-force. As per a Times source, while the military will want it to be a high-level war-fighting force that can do things like counter-missile programmes, politicians will want a tactical force that focuses on combating crime and domestic terror threats. The new force is expected to increase the number of available personnel in offensive cyber roles by as much as four times in the coming days.