Pakistan and China express interest in going after leaked Scorpene submarine documents
Employees stand in front of the Indian Navy's first Scorpene submarine before being undocked from Mazagon Docks Ltd in Mumbai [File photo] Reuters

India's national security took a major hit earlier this week after classified documents regarding the country's latest fleet of advanced stealth submarines called Scorpene, which is designed by French firm DCNS, got leaked. Adding more trouble to the development additional data have been made public and now Pakistan and China spy agencies have reportedly expressed their interest in accessing the Scorpene documents.

According to a report by The Hindu, two retired Generals from Pakistan told The Australian that the Pakistani and Chinese spy agencies would be doing all they could to get their hands on leaked documents which reveal the capabilities of India's new submarine fleet if they did not already have the documents.

The Australian, which was first to report the data leak on 24 August, had previously published 9 pages as part of an extract of the over 22,000 classified files which were published online as part of the leak.

An unnamed French government source told the Indian Express that the data was allegedly stolen in 2011 from DCNS by a former employee, who had been fired while providing training on the use of the submarines in India.

"It is not a leak, it is theft," the source said. "We have not found any DCNS negligence, but we have identified some dishonesty by an individual." The source also added that the documents stolen at the time were not classified and focused only on Scorpene's operational elements.

Commodore Uday Bhaskar (retd.), Director of Society of Policy Studies, said that the newly released documents appeared to be akin to an instruction manual and did not add any significant information to what had already been leaked, the Hindu reported.

The Navy said in the statement that "the documents that have been posted on the website by an Australian news agency have been examined and do not pose any security compromise as the vital parameters have been blacked out."

However, The Australian reporter Cameron Stewart said the Indian Navy's claim was "completely laughable".

He added, "We blacked those documents out ourselves because we knew we couldn't put classified info on the web. The documents themselves - all 22,400 of them - are completely unredacted and have all the sensitive data in them. We explained that in our original story. They are either incredibly stupid or are deliberately misleading the Indian people in order to play down the damage to India's national security."

The Scorpene submarines' manufacturer in India MDL ( Mazgaon Dock Limited) denied the leak having originated at their end claiming that their 'cybersecurity is very good' and that "all procedures are followed."

Cybersecurity strength of governments

ESET security researcher Stephen Cobb told IBTimes UK, "Cyberespionage has been a constant threat ever since companies started using the Internet. And even before that there were plenty of efforts to penetrate government networks. Too often the level of cybersecurity at government agencies and contractors who handle sensitive data fails to keep pace with the technology that these entities employ in the course of their operations. Historically there has been a tendency to underestimate the determination and capabilities of those who seek to circumvent the protections in place."

AppRiver security manager Troy Gill said, "You must certainly consider the possibility that a breach such as this may have indeed been state-sponsored. However, the fact that the documents were dumped online gives me the impression that this may be the work of a hacktivist individual/group."

Investigation continues

"The Indian Navy has taken up the matter with the Director General of Armament of the French Government, expressing concern over this incident, and has requested the French Government to investigate this incident with urgency and share their findings with the Indian side," the Navy said in a statement.

There is still uncertainity surrounding the leaks. It is yet to be ascertained if the data leak originated from France or India and whether they were the result of a targeted cyberattack. Although reports have hinted at cyber and corporate espionage, the Indian government and DCNS are yet to release a detailed report on the specifics of the Scorpene leaks.