In H1 2018, state secret incidents accounted for 5.3% of all registered data leaks. This is a digest of state secret leaks, prepared by InfoWatch Analytical Center.
Most incidents related to state secret compromising are due to external attacks. Such an information is a honey pie for professional hackers who are usually politically motivated. A group called Thrip, which is allegedly connected with China, has infiltrated satellite communications, telecoms, geospatial imaging, and defense organizations in the United States and Southeast Asia. The group’s likely motives included not only cyber espionage, but also subversive actions.
In September, the Anonymous hackers attacked the server of the Brazilian Defense Ministry and compromised sensitive information about military officers, including Eduardo Villas Boas, a commander of ground forces, and Hamilton Mourao, a retired general and candidate for Brazil Presidency.
Some 40% of state secret leaks were caused from inside, either accidentally or intentionally. The General Directorate for Internal Security (GDIS) in France found leaked data on the dark web. The agent abused their position within the GDIS to pilfer sensitive documents, which were then sold on the dark web in exchange for Bitcoin. It turned out that the agent had been working with organized crime groups who were keen to get see the government information. Every member of personnel within the GDIS has an individual code which tracks their computer activity. By using this code, the investigation was able to identify the perpetrator responsible for the data leaks.
Two Danish servicemen, a current and a former employee at the Danish embassy in Abu Dhabi, have been charged with gross negligence in a case involving the leaking of classified information. According to the charges, the two military servicemen treated classified Danish defense documents in a manner that made it possible for a locally-based employee to steal them and deliver them to a “hostile power”. The two servicemen faced a fine, though both men have pleaded not guilty to the charges.
An embarrassing breach took place in the United States. The Department of Homeland Security documents critiquing the response to a simulated anthrax attack on Super Bowl Sunday were left in the seat-back pocket of a commercial plane.
“Over the recent years, the share of state secret leaks in the total amount of data breaches has grown several times due to increased political tensions worldwide, escalating conflicts between certain countries, and more fierce competition in international markets. Combating data breach calls for a comprehensive approach. In addition to effective tools against external attackers and accidental leaks by insiders, it makes sense for government organizations to look at User and Entity Behavior Analytics (UEBA) solutions that detect abnormal employee behavior and accurately identify potential violators,” said Andrey Arsentiev, Analyst at InfoWatch.