In this post I will be looking at answers to one of the three material questions raised in the previous posts. As far as the question of who is responsible for data leak is concerned, there are different theories. Indian authorities and Australian newspaper that published the data, claim that the data is believed to have been “removed” from the firm in Paris in 2011 by a former French Navy officer. The officer, who worked as a subcontractor for DCNS, and a French colleague took the data to a Southeast Asian country where they were employed by a private company run by a Western businessman.
It is also said that after the two Frenchmen were sacked by the Southeast Asian firm, the secret data was sent to the company’s head office in Singapore and chances are that it could have been stolen then. The data was also placed on a server of the same firm on April 18, 2013, and it was “dangerously vulnerable to hacking or interception by a foreign intelligence service. Further, it is not known whether the data stayed on this server for a few days or for a year.”
Another theory suggests a possibility of data being hacked by a hacking group or perhaps a standalone activist hacker. This theory is backed the idea that government agencies, Mazagon Docks in this case, do not have a well-protected cyber defense system. Considering this fact, it is perhaps a possibility that the data could have been stolen from Indian servers.
The most recent revelations by ‘The Australian’ suggest the high probability of data leak by French company’s sub-contractors. In the re-construction of entire events leading to data leak, the Australian daily writes that the data on Scorpene was removed from the server as a reference guide for the former French naval officer’s new job in a Southeast Asian country. However, at a later stage the French naval officer fell out with the Southeast Asian private company. Despite of the fallout, Southeast Asian private firm continued to hold onto the data. Thereafter the data was sent by disk to a man in Sydney. Evidence suggests that data was not even encrypted then. The man in Sydney transferred it to an encrypted disk and “wiped the old disk with special software, grabbed a hammer and smashed it to pieces in his backyard”. The man, who was not identified by The Australian, “placed the new encrypted disk in a locked filing cabinet in his office and there it remained for more than two years”.
When corroborated with other evidence, The Australian’s latest narrative appears to be the most appealing. Rest of the three possibilities appear to be less likely considering the fact that they are mere speculations and no concrete evidence has been found to back the same. Further, The Australians stand that it looks more incompetence than espionage is also well taken. This is in light of the latest revelations with respect to the chain of events involved in the incident and corroborating set of evidence backing the same.
In the next post I will analyse next question, which is whether what will be the implications of this leak and how to prevent them? Keep reading!