‘Top secret files shared via public emails’: Russian Defense Ministry in hacking scandal

© Dado Ruvic
A hacking group has sent an open letter to the head of military counterintelligence at the Russia’s Federal Security Service (FSB) to complain about Defense Ministry staff allegedly sidestepping the corporate email system to share top secret information, using public services instead.

The members of the Shaltay Boltay hacking group claim that they have accessed emails and mobile devices belonging to Ksenia Bolshakova, an assistant to Roman Filimonov, who is a former head of the construction department at the Defense Ministry. 

“After careful examination of the array, it is with great regret that we found out about the absolute incompetence of staffers at some of the departments of the Defense Ministry when it comes to information security; to be more specific, we’re dealing with criminal negligence,” a letter addressed to FSB Colonel-General Aleksandr Bezverkhny said.

READ MORE: Lithuania army website hack hoax reveals 'NATO plans to annex Russia's Kaliningrad’

According to the hackers, the ministry’s employees were sending unencrypted official documents, containing sensitive data about Russia's defense capabilities, through free email services such as Yandex, Mail.ru and Gmail, RBC reported. The emails span a period between 2011 and 2015.

The unsecured e-mail channels were used to "transmit reports and information on the issues discussed at the meetings with the Minister of Defense and his deputies," the hackers said. Emails also allegedly included information on the units hosting the Iskander ballistic missile systems and the positioning of Russia’s 4th gen nuclear submarines.

Filimonov’s staff also relied on Apple devices, the letter claimed, adding that they found passwords to Defense Ministry mail servers among the correspondence. 

The building of the Russian Defense Ministry, Moscow. © Maksim Blinov

"If this information has been available to us, it’s likely that it could have been made available to a number of intelligence services of some interested countries as the gross negligence by the employees of the Defense Ministry construction department provided ample opportunity to do that in 2012-2014,” the Shaltay Boltay group noted.

The hackers have put the stolen Defense Ministry data on sale, but said that military counterintelligence can buy the data back with a 50 percent discount.

READ MORE: Hackers hacked: Malware firm's data leaked, ties with regimes exposed

Russian presidential press-secretary, Dmitry Peskov, has condemned the negligence of Defense Ministry staff regarding their attitudes towards information security.

"Using free email services for business purposes in the current environment isn’t such a good solution,” Peskov said, adding that it is “beyond madness and absolutely unacceptable” when such insecure channels are employed to transmit secret data.

The security services will verify the validity of the information on the positioning of Iskander systems and nuclear subs provided by the hackers, the press-secretary added.