The Ultimate Guide to Non-Human Identities Report Now Available

Poland's Military Breach

NHI Mgmt Group

Overview

In May 2023, a significant cybersecurity incident exposed sensitive Polish military data through a forgotten, outdated password. The issue began when login credentials to a mapping database (ArcGIS) were shared in a 2020 email by a Polish employee of ESRI, a company specializing in geospatial systems. This breach highlights how lapses in basic cybersecurity practices can cause severe risks to national security.

How Sensitive Military Data Went Public?

The breach stemmed from an email sent in 2020 by an employee at ESRI’s Polish branch, a global leader in GIS technology. This email contained login credentials to an ArcGIS database housing critical geospatial intelligence, including:

  • Maps of the military port of Gdynia.

  • Emergency evacuation plans for Warsaw.

  • Sensitive military logistics and troop deployment data.

The leaked email had been exposed on Telegram by the group "Poufna Rozmowa," suspected of ties to UNC1151, a hacking entity linked to Belarus and Russian intelligence operations. Investigations revealed the credentials were still valid at the time of the leak, indicating a major gap in security practices.

How Could This Happen?

  1. Human Mistake - An ESRI employee unintentionally included credentials in an email.

  1. Outdated Password - The outdated password was not rotated for 3 years, highlighting a serious flaw in basic cybersecurity practices.

  1. Multi-Factor Authentication (MFA) - The lack of MFA allowed attackers to bypass additional verification steps.

Why This Matters

  • National Security Risks - The database included detailed military information that adversaries could use for planning attacks or sabotaging Poland’s operations.

Recommendations

  1. Adopt Multi-Factor Authentication (MFA) - MFA adds an additional layer of protection, requiring a second form of verification. Even if a password is compromised, MFA can stop unauthorized access.

  2. Conduct Regular Security Audits - Routine audits can uncover vulnerabilities like outdated passwords or unpatched software. Penetration testers should also be employed to simulate potential attacks.

  3. Restrict Access to Critical Systems - Adopt a least privilege model, where users only have access to the data and tools they need to perform their job. Sensitive systems should be isolated and tightly controlled.

  4. Data Classification and Encryption - Classify sensitive data and apply strong encryption methods both at rest and in transit.

  5. Training and Awareness - Ensure all staff involved with critical systems receive training on cybersecurity best practices and Simulated cyberattack scenarios to improve incident response readiness.

Conclusion

The exposure of sensitive military data in Poland due to an outdated password in an ArcGIS system serves as a crucial lesson in cybersecurity. It highlights the need for strict password policies, multi-factor authentication, and regular system audits to protect critical infrastructure.

The incident shows how lapses in basic security practices can lead to severe consequences, emphasizing the importance of a proactive approach in securing sensitive data in all sectors, particularly in national defence.

About Contact Glossary

Terms & Conditions Privacy policy

Non-Human Identity Mgmt Group

The Non-Human Identity Management Group is the #1 Authority for research and education on Non-Human Identity risks. We provide Independent guidance and expert advice to organizations, helping them understand, manage and secure these huge risks effectively.

Subscribe to our Newsletter

Subscribe

© 2024