SINGAPORE - A businessman who was fined $8,000 yesterday for hacking into the Istana website is the first to be convicted of carrying out a cyber attack on a government website here.
Delson Moo Hiang Kng, 43, who runs an IT consultancy firm, admitted to one of three charges of unauthorised access to the server that hosted the Istana webpage in November last year.
On three occasions, starting at 12.34am on Nov 8, he caused the webpage to display a picture of an old woman pointing her middle finger, along with a string of offensive words in Hokkien. The two other charges were considered during his sentencing.
Moo had hacked into the website using a technique called cross site scripting and exploited a vulnerability in the embedded Google search bar, which helps users to search for items within the site.
The aim of Moo's cyber attack was to deface the webpage, said Deputy Public Prosecutor (DPP) Suhas Malhotra yesterday.
Attacks using cross site scripting, he said, can also be part of a wider criminal activity - for example, where such an attack is used to ''phish'' for information about a victim, which is then used to perpetrate some other crime.
Instead of entering basic text in the Istana website's Google search engine, Moo entered hypertext markup language (HTML) code that he had crafted.
As a result, the server hosting the Istana website processed the injected script, and generated a webpage incorporating the offending text and images put in by Moo.
DPP Malhotra said Moo learnt about the vulnerability on the Istana website from other Facebook users.
His act, however, did not cause any damage to the contents of the Istana Web server.
The DPP said Moo's offences took place at a time when concerns about cyber security were particularly heightened.
On Oct 31 last year, a video had been released by a person calling himself ''The Messiah'', and who claimed to be associated with a global activist hacker group called Anonymous.
In the video, Anonymous declared ''war'' on the Singapore Government through ''aggressive cyber intrusion'', and called on Singaporeans to stage a protest on Nov 5.
The alleged hacker who used ''The Messiah'' pseudonym, James Raj Arokiasamy, 35, has been charged, and his case is pending.
Similar cases against the alleged hacker of the website of the Prime Minister's Office, Mohammad Azhar Tahir, 28, and Melvin Teo 17, who is also accused of hacking into the Istana website, are still at pre-trial stages.
Pleading for leniency, Moo's lawyer, Mr Anil Balchandani, said his client was remorseful for his actions, which were made not only in a moment of folly, but also in a ''sense of adventurism''.