Singapore ‘among sites used by hacker group’

Singapore ‘among sites used by hacker group’
Workers remove a poster- banner for "The Interview" from a billboard in Hollywood, California, December 18, 2014 a day after Sony announced was cancelling the movie's Christmas release due to a terrorist threat. Sony defended itself Thursday against a flood of criticism for canceling the movie which angered North Korea and triggered a massive cyber-attack, as the crisis took a wider diplomatic turn.

A hacker group that leaked confidential e-mails and recent movies belonging to Sony Pictures Entertainment last month reportedly used Singapore as one of its sites to launch its cyber attacks, according to a recent New York Times report.

Responding to The Straits Times' queries, the Singapore Computer Emergency Response Team (SingCert) said the attacks on the Hollywood movie studio may have been routed from command-and-control centres across the world, including a server owned by a private company in Singapore.

"As a precautionary measure, SingCert has taken immediate steps to notify the company through its (Internet) service provider to take necessary measures to enhance the cyber security of its systems," said a SingCert spokesman.

American government officials claim that the hacker group, Guardians of Peace, is linked to the North Korean authorities. Earlier this week, Sony succumbed to their threats and cancelled the release of The Interview - a comedy about the fictional assassination of North Korean leader Kim Jong Un.

Even if the attacks appear to have been started in Singapore, experts say that it is not conclusive.

Cyber-security expert Aloysius Cheang said it is common for hackers to have infected an entire army of computers - called a botnet - with malware, and left them dormant until they are ready to initiate a major attack. Typically, owners of the infected computers are unaware that their machines have been compromised.

"In fact, if the hackers did activate the Singapore computers, it was likely done in order to mask their true location," added Mr Cheang, who is the Asia-Pacific managing director of global computing security association Cloud Security Alliance.

"In my opinion, it is more likely that the attack originated out of Singapore," he added.

It is very hard to trace the source of the attack. The true master controller could be anywhere, but may have routed the attacks through botnets from Singapore to China and to Russia and other locations, said Mr Cheang.

This article was first published on December 20, 2014.
Get a copy of The Straits Times or go to for more stories.

More about

Purchase this article for republication.
Your daily good stuff - AsiaOne stories delivered straight to your inbox
By signing up, you agree to our Privacy policy and Terms and Conditions.