All 13 school websites fixed after hacking

SINGAPORE - All 13 school websites which were hacked into on Wednesday have been fixed, even as the authorities hunt for the culprits.

"As at 6pm, all the affected sites have been restored," said a Ministry of Education (MOE) spokesman yesterday, adding that a police report has been lodged. "No privileged information was compromised."

Checks by The Straits Times revealed that at least several of the affected websites, including those belonging to Woodlands Ring Primary and Greendale Primary, were hosted by information technology provider ACP.

When contacted, the firm's founder Alan Poh said his company is working with MOE and the police after what he termed an "injection" attack, which involves exploiting a software vulnerability.

Little is known about the individual or group operating as "Jack Riderr", the moniker used to sign off on the defaced school websites. Online checks show that it is linked to online groups going by names such as "Black Ops", "Hacker-Hacker Malaysia Bersatu", "Johor Hacking Crew" and "Malaysia Black Hat Community".

"Black hat" refers to hackers who violate computer security for malicious reasons or personal gain.

While logos of a smiling white mask and a man without a head - both associated with the Anonymous hacktivist group - also surfaced during online checks into Jack Riderr, the latest attacks do not appear to be connected to the intrusions into the Istana and Prime Minister's Office websites earlier this month. Five men are being investigated for these incidents.

On Wednesday, the Singapore Art Museum released a statement saying that e-mail addresses and phone numbers of 4,000 individuals who had participated in the museum's activities in 2011 and this year had been uploaded onto a server in New Zealand.

The school hackings also came after James Raj Arokiasamy, 35, was charged in court last week for allegedly defacing the Ang Mo Kio Town Council website last month, using the name "The Messiah".

Computer experts said that organisations, including schools, should harden their IT infrastructure against cyber attacks, and regularly test their online defences to locate potential holes.

"You don't need to be a corporation or a bank to be vulnerable," said Ms Shirley Wong, co-chairman of the Cyber Security Awareness Alliance.

She advised that tests should not just be conducted on websites accessible to the public, but also internally, "as your own employees are often the weakest link within your own intranet".

The Government has taken a strong stance against the recent spate of hacking incidents.

On Thursday, Defence Minister Ng Eng Hen urged society to send a clear message that cyber-vandalism was no different from vandalism in the real world.

"It is important that all of us are clear in this and we set out in one voice that this is not something that we tolerate," he said at a Singapore Armed Forces event.

At a dialogue with students on Wednesday, Law Minister K. Shanmugam also said cyber intrusions were "nothing short of terrorism" if they endangered lives, such as when air-traffic controls are compromised.

yanliang@sph.com.sg

rachelay@sph.com.sg

Get a copy of The Straits Times or go to straitstimes.com for more stories.