Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

8/24/2016
05:00 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

French Submarine Firm Claims Economic Warfare After Massive Data Leak

The Australian publishes over 22,000 documents on six DCNS Scorpene subs that are being built in India

French submarine maker DCNS this week claimed it was the victim of economic warfare after an Australian newspaper published more than 22,000 pages of highly detailed information on its Scorpene submarines being built in India.

In comments to Reuters Wednesday, a DCNS spokeswoman described the leak as potential corporate espionage that could affect the company’s contracts with other governments.

"Competition is getting tougher and tougher, and all means can be used in this context," Reuters quoted the spokeswoman as saying.

The Australian newspaper earlier this week published some 22,400 documents containing sensitive information on the technical capabilities of six Scorpene submarines that are being built at a shipyard in Mumbai, India.

According to the newspaper, the documents reveal the intelligence-gathering capabilities of the submarines, their stealth abilities and information pertaining to weapons, combat systems, diving, sensors, navigation, communication and sonar capabilities. The documents are so detailed they contain information like the conditions under which the periscope can be used and the noise levels created by the propeller.

The Australian said that in total it had reviewed over 4,450 pages on the Scorpene’s underwater sensors, another 4,200 or so pages of data on above-water sensors and over 4,300 pages on its combat systems.

In addition, the leaked documents include hitherto secret information on sea trials that the Malaysian Navy is conducting with its fleet of Scorpene submarines, The Australian said. Also leaked were 12 documents pertaining to DCNS radar systems in some Chilean frigates and deals with the Russian government pertaining to amphibious assault vessels.

In a brief statement, the DCNS said it is aware of the leak on the Indian Scorpenes and noted that the appropriate French authorities are currently investigating the breach. “This investigation will determine the exact nature of the leaked documents, the potential damages to DCNS customers as well as the responsibilities for this leakage.”

The Australian has not said how, where, or from whom it received the documents. But it has said the incident raises serious questions about the security of a $38 billion submarine project that the DCNS is currently negotiating with the Australian government.

DCNS itself has apparently hinted that the leak happened in India rather than in France. But information made available to The Australian suggests that a former French naval officer may have removed the data from a system in that country back in 2011 and made it available to a navy in southeast Asia, the paper said.

The DCNS leak is the second one in recent days involving the exposure of highly sensitive material. Last week, a group calling itself ShadowBrokers released a data tranche containing details of top-secret cyberweapons apparently developed by the US National Security Agency for use against adversaries.

Among the dozens of tools publicly released were several that targeted zero-day flaws in firewalls from companies like Cisco and Juniper.

Shadow Brokers also put up for auction a second, fully encrypted document that it says contains even more NSA cyberweapons. The group has said it will release the decryption keys to the highest bidder or make the key publicly available if the auction raises around $550 million.

Related stories:

 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
Preventing PTSD and Burnout for Cybersecurity Professionals
Craig Hinkley, CEO, WhiteHat Security,  9/16/2019
NetCAT Vulnerability Is Out of the Bag
Dark Reading Staff 9/12/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16413
PUBLISHED: 2019-09-19
An issue was discovered in the Linux kernel before 5.0.4. The 9p filesystem did not protect i_size_write() properly, which causes an i_size_read() infinite loop and denial of service on SMP systems.
CVE-2019-3738
PUBLISHED: 2019-09-18
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Improper Verification of Cryptographic Signature vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key.
CVE-2019-3739
PUBLISHED: 2019-09-18
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys.
CVE-2019-3740
PUBLISHED: 2019-09-18
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys.
CVE-2019-3756
PUBLISHED: 2019-09-18
RSA Archer, versions prior to 6.6 P3 (6.6.0.3), contain an information disclosure vulnerability. Information relating to the backend database gets disclosed to low-privileged RSA Archer users' UI under certain error conditions.