MoD admits 16 security breaches were via social media sites

Under the Freedom of Information Act, Lewis PR asked the Ministry of Defence how many incidents there have been of confidential information or records being leaked via social media sites and the internet in the last 18 months.

The MoD said 16. It was more slippery when Lewis PR asked what disciplinary actions had been taken against employees for misuse of social media, and how many have been disciplined.

This was the MoD’s reply:

“Service personnel are dealt with under Warnings and Sanctions or Service Law. The number of Service personnel who have been disciplined in the last 18 months is 10 (this figure has been rounded).

“Civilian personnel in the Ministry of Defence could receive informal or formal disciplinary action. The level of detail you requested, disciplinary action for the misuse of social media, is not held centrally.

“The Freedom of Information Act does not require us to change any system or process used by the Ministry of Defence or the Armed Forces to fully respond to requests for information, therefore we are unable to meet this part of your request.”

When asked whether its computer networks have been compromised as a result of staff using social media, the MoD again decided, in answering, that there’s safety in vagueness

“Information is exempt under section 31(1)(a), as its disclosure would be likely to prejudice the prevention or detection of crime, namely electronic attacks on the MOD’s databases or ICT systems via a number of means,” said the MoD.

Security expert Mikko Hypponen, of software security company F-Secure, said: “It’s amazing how many people drop their guard when they use social networking sites like Facebook and Twitter”.

“They might think they are confiding in friends or family when they go on Facebook. However, the recent changes in Facebook’s privacy settings might make them disclose information to the world. This is a potential security risk.”

The MoD was more forthcoming in explaining its policy on access to social networking sites.

“TheMinistry Of Defence’s (MOD’s) main networks do not permit access toInternet-based social networking sites, (including Facebook andTwitter), and this block has been in place for some years. 
“Withinthe MOD there are a (proportionally very small) number of computersdedicated for business use, outside our major networks, that connectdirectly to the Internet.  These may allow access to Social Networkingsites (as they do not go through the same filter), and some of thesemachines may have occasionally been used to access social networkingsites, but no central records are held of the amount of time that eachof these machines access particular websites.  

“There are, insome military bases, Internet Cafés or similar facilities which enablepersonnel to access the Internet when off duty, including as part ofthe welfare package for personnel in remote or deployed locations whocannot access the internet any other way, and some of these will allowaccess to Facebook, Twitter etc.”

There are no rules banning MoD staff from joining online social networks in their personal lives or posting blogs and comments. But the department’s guidelines say,

“Remember you are a member of HM Forces / MOD civil servant.  Observe the same high standard of conduct and behaviour online as would be expected of you in your professional or personal life.”


MoD laptop stolen – Spyblog

Former CIA boss in security breach is appointed by Obama administration – Washington Examiner

Top-ten weakest passwords – embedded hardware and software news

Information Commissioner takes action against MoD and HMRC after data security breaches – ICO website