Classified files from NATO, reportedly stolen from Portugal Systems, were sold on the dark web. According to reports, the North Atlantic Treaty Organization (NATO), which links two continents — Europe and North America — sent hundreds of confidential files to Portugal that were stolen after they reached the Armed Forces General Staff Agency (EMGFA) – the highest military body in Portugal. The department discovered the data breach after being informed by US intelligence.
The Portuguese government was unaware of the exfiltration of the data from their systems until the US Information Services notified them. It is speculated that earlier this August, the US informed Antonio Costa, the Prime Minister, through the embassy of Lisbon. As per reports, unsafe lines were used to share classified documents and are now under investigation.
Reports from EMGFA
The computer from where the files were stolen was found following an audit conducted by the EMGFA. Sources close to the investigation told Diario de Noticias (DN) that the spying and data theft was prolonged and unnoticeable through bots designed to detect suspicious activities on the systems.
The Portuguese media organization reported that the official spokeswoman for the US embassy in Lisbon stated that they did not comment on intelligence matters. This case is currently being investigated by the office of the Portuguese Prime, the National Security Office (GNS), the Secretas Externas (Service of Strategic Information for Defense) and Internal (Service Security Information).
What authorities are saying
“The government can guarantee that the MDN and the Armed Forces work daily so that Portugal’s credibility, as a founding member of the Atlantic Alliance, remains intact,” a source told DN When asked what the government was doing to keep the trust of NATO.
Commenting on the incident, a spokeswoman for Antonio Costa stated that all the necessary steps were taken whenever suspicious activities were detected in the system network. Disciplinary actions were also taken to maintain the law and prevent similar threats.
The Minister of Defense of Portugal, Helena Carreiras, clarified that all cybersecurity issues are being investigated, and the concerned authorities were notified about the incident.