The NBÚ suffered a "form of security failure". photo: SITA |
According to the SME daily, the unidentified hackers penetrated the NBÚ network on April 20 and copied data from the system for several days without the administrator even noticing that something was happening.
Responding to the revelation, NBÚ office director Ivan Goldschmidt admitted that the Bureau had suffered "a form of security failure", but added that no classified information had leaked.
The newspaper's sources in the hacker community, however, said that the hackers had penetrated four different NBÚ servers and entered the office's network, gaining access to various data such as the personal e-mails of NBÚ employees.
According to the sources, the hackers copied around 36,000 e-mails from the NBÚ computers.
The NBÚ also communicates with EU and NATO bodies. The Bureau insisted, however, that no harm in this direction had been done. According to Goldschmidt, NBÚ employees are forbidden to send classified data via personal e-mails as a security prevention measure.
Interior Minister Martin Pado said that he was "surprised" by the affair and that the police were communicating with the NBÚ over the matter.
Referring to information provided by the hackers, SME wrote that the NBÚ's computer security was poor, and that the degree of penetration was far greater than the Bureau had admitted. Hackers allegedly even managed to gain complete control over several NBÚ computers and were able to send e-mails in the name of NBÚ Director Aurel Ugor.
Goldschmidt, who spoke to The Slovak Spectator on April 26, insisted that "no sensitive information was leaked" in connection with the hacker action.
The general publicly accessible e-mail server was out of order on that day.
"At the moment the server is being re-configured for increased security," he said.
When asked who would be interested in attacking the NBÚ system, he said that it was "a matter of interest".
"These are publicly accessible servers, and as such they may become a target of such actions by people who want to prove that they are smarter than the people who work for the NBÚ," he said.
Despite the concern aroused by the hacking, officials reassured the public that no severe harm had been caused.
"The situation at the NBÚ is calm. Important data cannot be attacked even in theory," said Robert Kaliňák, the chairman of the parliamentary Defense and Security Committee following a meeting with NBÚ chief Ugor.
Ugor said that the hackers had only targeted the public servers, which were equipped with lower security.
The Attorney General's Office ordered a Bratislava court to launch criminal proceedings in the matter for "damage and misuse of a recording on information media", as the offense of hacking is listed in the Slovak criminal code.
IT security still a problem
The NBÚ leak is not the first of its kind in Slovakia. Several major business enterprises, including telephone network operators and insurers, have encountered similar problems in the past.
In 2003, confidential phone numbers, addresses, and ID numbers of the clients of mobile phone operator Orange were leaked. Then as well, the SME daily reported the story after receiving a CD with the copied data of nearly 900,000 Orange clients from a source.
Insurer Slovenská poisťovňa, mobile phone operator EuroTel (currently T-Mobile) and Slovak Telecom have encountered similar problems as well.
One year later it was revealed that the data of three million clients of Orange and EuroTel, including the phone numbers of politicians, judges, and businessmen, had been leaked on the Internet.
Although local companies and other entities working with IT realize the need for secure systems, they often underestimate the threat that poor security represents.
Juraj Sabaka, the president of the IT Association of Slovakia, told The Slovak Spectator recently that "according to the latest KPMG study [conducted in 2004] two thirds of respondents said that the level of information security was worse or even significantly worse in Slovakia than in advanced Western European states".
At the same time, however, IT security was important for as many as 93 percent of organizations polled.
Sabaka also said that "among the greatest barriers to the faster implementation of IT security in Slovakia are the low awareness of the importance of such security and the financial costs".
Beata Balogová contributed to this story