When you talk about the various cyber attacks that have been committed recently, there’s always one thing in common—attackers gain access to a system or documents via one loophole, which then compromises the security of an overall system. Major companies such as Garmin have been targeted in recent times, but it appears that such attacks aren’t confined to the private, commercial space—the Royal Malaysian Navy is the latest party to fall victim.
The Singapore Strait Times reports that military-related information from the Nigerian Navy, U.S. Army and Air Force, and private contractors were also affected, with over 70 “sensitive documents” from the Royal Malaysian Navy also ending up on the dark web. Information contained within the documents includes Malaysian Navy officers who have been charged with corruption, drugs, and going AWOL, along with Malaysian naval requirements and the number of troops at individual bases.
The documents were obtained after hackers reportedly hacked into the email accounts of military personnel, with private defence contractors across multiple continents affected. Other notable documents that were stolen include a U.S. diplomatic letter regarding an American Navy ship, along with hacked files from the Nigerian Navy and private defence contractors.
The dark web, for some context, is a network that isn’t indexed by search engines. As such, the dark web is notorious for providing a platform for illicit activity—guns, drugs, and even assassinations are available for purchase. As such, military documents such as the aforementioned are often uploaded onto specific markets, according to Cyber Intelligence House CEO Mikko Niemela, with potential “customers” paying for the stolen info via bitcoin transactions.
At the moment however, it isn’t clear if the perpetrators plan to sell the Malaysian Navy documents yet. It’s worth noting that information obtained by cybercriminals can sometimes be shared for free, or be held for a large ransom—just like Garmin reportedly was. Muhammad Faizal Abdul Rahman, a research fellow at the S. Rajaratnam School of International Studies, explained to ST:
“To understand a ‘hack and leak’ cyber attack, it is essential to assess the intention of the possible attackers, who may be either state-sponsored or patriotic hackers.”
“The way the data is weaponised could undercut national defence by revealing military strengths and weaknesses, serve as compromising information that an adversary could use to recruit military officers as spies, and undermine the people’s confidence in their political leadership.”
For now, the Malaysian Navy has yet to issue an official response. What this goes to show is, along with the incredible advancements that technology has brought us, there is also an increased risk to outside attackers. Remember to avoid downloading/opening attachments from unknown sources, and to verify sources before proceeding further.