French submarines spring a security leak

Investigations underway to find out how secret details of operating capabilities were leaked

More than 22,000 pages of secret operating documents for Indian submarines have been leaked, prompting concerns over the security of the vessels and questions about how such a massive data breach could have happened.

The French Scorpene submarines are being built in a state-run shipyard in Mumbai for the Indian navy, with the first vessel expected to be in service by the end of this year, according to Reuters. However, it is thought the 22,400 documents involved were in fact stolen in 2011.

In a statement to the press, Indian defence minister Manohar Parrikar said: "I understand there has been a case of hacking ... we will find out what happened."

In an additional statement, the Indian Defence Ministry said: "The available information is being examined ... and an analysis is being carried out by the concerned specialists. It appears the source of the leak is from overseas and not in India."

Advertisement
Advertisement - Article continues below

A spokeswoman for DCNS, which is building the six submarines and 35% owned by technology and engineering giant Thales, said that "for now [DCNS doesn't] know if the information is correct".

Reuters added that the level of detail in the documents "creates a major strategic problem for India, Malaysia and Chile", which, according to a source, operate the same model of submarine.

"It's a huge deal ... it allows them to understand everything about the submarines. What speeds it can do; how noisy it is; what speeds the mast can be raised at ... all of that is just devastating," the source told Reuters.

Speaking to IT Pro, Bola Rotibi, research director at analyst house Creative Intellect, said: "That this happened in 2011 goes to show how insecure things were at that time. It's only in the last three or four years that people have really started to double down on security."

The incident, Rotibi said, could be the result of "good old fashioned spying" by a nation-state, but equally it could be "more Machiavellian" industrial espionage-cum-sabotage, particularly as the details of the documents were released. Indeed, this is an allegation hinted at by DCNS.

"The competition is more and more hard and all means can be used in thei context," the company's spokeswoman told Reuters.

"There is [this breach news from] India, [so] Australia and other countries could raise legitimate questions over DCNS. It's part of the tools in economic war," she added.

For Rotibi, however, apportioning blame is less important than preparing for and dealing with breaches.

"Breaches can happen at any level, whether governmental or business," she said. "This case just reinforces two things we have seen over and again in our own research: the need for thorough screening of employees and contractors, to protect against insider threats, and for organisations to have processes in place to prevent, detect and remediate breaches."

Main image credit: Tunku Abdul Rahman, cc license 3

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Recommended

Visit/security/ddos/28039/how-to-protect-against-a-ddos-attack
Security

How to protect against a DDoS attack

25 Oct 2019
Visit/data-breaches/29418/equifax-data-breach-cost-14-billion-so-far/page/0/1
data breaches

Ex-Equifax CIO to serve four months for insider trading

2 Jul 2019
Visit/data-breaches/29418/equifax-data-breach-cost-14-billion-so-far
data breaches

Ex-Equifax CIO to serve four months for insider trading

2 Jul 2019
Visit/data-breaches/29418/equifax-data-breach-cost-14-billion-so-far/page/0/2
data breaches

Ex-Equifax CIO to serve four months for insider trading

2 Jul 2019

Most Popular

Visit/security/identity-and-access-management-iam/354289/44-million-microsoft-customers-found-using
identity and access management (IAM)

44 million Microsoft customers found using compromised passwords

6 Dec 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/operating-systems/microsoft-windows/354297/this-exploit-could-give-users-free-windows-7-updates
Microsoft Windows

This exploit could give users free Windows 7 updates beyond 2020

9 Dec 2019