Cyber EspionageIntelligenceNews

Portuguese NATO documents discovered for sale online

Staff
768

The National Security Office is still determining the extent of the damage, but EMGFA, secret military, and MDN computers are suspected of being involved in the security lapse that made it possible for secret NATO documents to be exfiltrated.

In order to receive and send classified documents, the General Staff of the Armed Forces has secure connections called the Integrated System of Military Communications (SICOM), but non-secure lines will have been used.

Admiral Silva Ribeiro, the Chief of Staff of the Armed Forces, oversaw the General Staff of the Armed Forces (EMGFA), which was the target of a “prolonged and unprecedented cyberattack” that led to the exfiltration of top-secret NATO documents.

Communication that would have been sent directly to Prime Minister António Costa in August was instead relayed to the Portuguese government by the US Information Services via the US embassy in Lisbon.

It was US intelligence cyberspies who discovered “hundreds of documents sent by NATO to Portugal, classified as Secret and Confidential, for sale on the dark web,” according to sources who are monitoring the case, which is regarded as having “extreme gravity.”

The official spokesperson for the US embassy in Lisbon simply states, “We do not comment on intelligence matters,” in response to this information rather than denying it.

Costa’s office has been in charge of managing this cyber-crisis, but a number of security-related organisations, including the Gabinete Nacional de Segurança (GNS) and the Secretas Externas (Serviço de Informações Estratégicas de Defesa) and Internal ( Serviço de Informações de Segurança ).

The Polícia Judiciária (PJ), despite having reserved powers in the investigation of cybercrime, had not been involved—at least not as of yesterday afternoon—and when the DN questioned him about it, he declined to comment.

Next week, on behalf of António Costa, they should travel to NATO headquarters in Brussels for a high-level meeting at the NATO Office of Security with Secretary of State for Digitization and Administrative Modernization Mário Campolargo, who is in charge of the GNS, and Vice Admiral Gameiro Marques, who is in charge of the security of classified information. NATO will have demanded justifications and guarantees from the Portuguese government.

EMGFA is suspected
In response to the alert, experts from the GNS and the National Cybersecurity Center joined the military from the Centro Nacional de Ciberdefesa, located at the EMGFA, and conducted a thorough screening of the entire Defense internal communications system, according to several defense sources heard by the DN.

Through this initial investigation, computers that were used to exfiltrate the documents were identified, primarily in the EMGFA, the secretas militares (CISMIL), and the General Directorate of National Defense Resources. It was also discovered that the security protocols for transmitting classified documents had been violated.

This is due to the fact that these organizations have non-secure lines but have secure connections through the Integrated System of Military Communications (SICOM) to receive and send classified documents.

One of these sources stated, “It was an extended period of time and undetectable cyberattack using bots programmed to detect this type of documents, which were then removed in stages.

Costa assures “the credibility of Portugal”
When questioned about the crisis and the steps being taken to maintain NATO’s confidence, a government source in S. Bento responded, “The government can guarantee that the MDN and the Armed Forces work every day to ensure that Portugal’s credibility, as a founding member of the Atlantic Alliance, remains intact.”

The same António Costa spokeswoman emphasizes that “information sharing between allies regarding information security is ongoing at the bilateral and multilateral levels. Every time there is a suspicion that the security of Information System networks has been compromised, the situation is thoroughly examined, and all measures intended to increase cybersecurity awareness and the proper handling of information to deal with new types of threat are put into place. The adoption of appropriate procedures is automatically determined by disciplinary and/or criminal law.

For its part, the Ministério da Defesa Nacional emphasizes that “The organizations in Portugal that are in charge of cybersecurity closely coordinate to address any cyberattacks on any public entity. All signs of attempted intrusion or potential security breaches are looked into, and if an incident occurs, the relevant authorities are alerted and the proper steps are taken.”

The GNS, for its part, sent the Prime Minister’s office the response to its action.

It is unknown if an internal investigation was launched to identify roles in the entities where it is assumed that there was a security breach because the PJ was not called to launch the natural criminal investigation.

Counter-information and surveillance
In fact, the GNS is tasked with ensuring “the protection and safeguarding of classified information emanating from international organizations of which Portugal is a member.”

Every time there is a reasonable suspicion of a compromise, breach, or violation of security, as per its organic law, it is in charge of deciding when to launch an investigation into that security breach, conducting that investigation, bringing charges against those responsible, and cooperating with the appropriate authorities as required by law.

Portugal has been involved in a breach of the confidentiality of NATO documents before.

Security flaws were found in the secret during the processing of these documents, which also occurred as part of the case against former SIS spy Carvalho Gil, who was found guilty of espionage in 2018 and worked for Russia. The aforementioned NATO Office for Security conducted an inspection of Portugal.

“This case, once again, demonstrates three essential pillars in the fight against hostile activities in the cyber domain,” says Victor Madeira, National Security Specialist and Associate Researcher at the Center for Information Resilience in the United Kingdom. and situational awareness, which is both continuously updated through training and cutting-edge tools for qualified experts in this field.

Second, any truly sovereign state must have strong counterintelligence capabilities, both in the more conventional field of human espionage and in the field of cyber espionage. Without this crucial base, all other state operations eventually fail, and eventually sovereignty itself. The continued significance of National Security and Defense alliances and partnerships serves as the third pillar. The threat environment posed by adversarial actors would be significantly worse in the absence of ongoing cooperation between allied security and information services. Particularly in the digital world, where every second counts.

A directive issued on August 5th and signed by Helena Carreiras, Minister of Defense, strengthens adherence to the Military Programming Law in terms of Cyberdefense, whose budget execution was around 30% in 2021.

From 2022 to 2030, 11.5 million euros will be spent on “training and consulting services specialized in cyber defense and in the conduct of military operations in, and through, cyberspace,” according to Helena Carreiras’ order.

You May Also Like

Windows-PowerShell

Huawei dev team, buggy HKSP patch with backdoor and Linux Foundation

Staff
alexa

Alexa AI Attempts to murder a child

Staff
MITRE-ATTCK

MITRE ATT&CK version 13

Staff

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.