Hacking probes show Singapore must be on its guard

SINGAPORE - On Nov 2, when multiple government websites went down for several hours, some Singaporeans wondered if it was the beginning of a new sort of havoc in Singapore.

Four days before, hackers had threatened to hit out at government websites if it did not revoke its licensing regime for online news sites.

A masked man identifying himself as a part of cyber activism group Anonymous delivered an ominous message in a YouTube video threatening to "unleash" a "legion" of hackers on the island's infrastructure.

People wondered what the might of this new digital legion might be.

Could they disrupt essential financial services like ATM withdrawals?

Would they be able to steal personal information like NRIC or credit card numbers from government and retailer sites?

Organised crime groups have been known to do this.

Although the trial has yet to begin, IT experts have already noted that the alleged hackers were not sophisticated operators capable of such deeds.

Several SG government websites down since 1pm; IDA says it's planned maintenance

They have been characterised as low-level troublemakers who used fairly rudimentary methods to gain attention, rather than cause deep and direct damage to people's lifestyles and property.

In the case of the Prime Minister's Office (PMO) and Istana webpages, the hackers exploited a vulnerability known as "cross-site scripting", created when the Google search bar was not installed properly on each of the two government websites.

Mr Aloysius Cheang, Asia-Pacific managing director of Cloud Security Alliance, said it is an "elementary" hacking tool that can be automated by a simple code.

"Even their digital tracks were not covered properly, leading to their quick arrest," said lawyer Bryan Tan, a partner in Pinsent Masons MPillay.

Mr Alvin Tan, director of anti- virus software firm McAfee Singapore and Philippines, said the most dangerous attacks are those that stay unnoticed for a long time "for reasons of espionage or creating higher-level damage".

The outcome of investigations and ensuing trials may indeed confirm these assertions, but the incidents are instructive.

They show that even simple website defacements can rattle some nerves and be embarrassing because of their high visibility.

Yet, their actions have also drawn ire, rather than admiration, which is as it should be.

Several SG government websites down since 1pm; IDA says it's planned maintenance

So far, there is no evidence that James Raj and the others in the PMO and Istana incidents are linked to hackers capable of more serious attacks that can bring about real disruption to daily life.

But there is nothing to prevent the latter group from becoming emboldened by what has happened and more must be done to secure Singapore's IT infrastructure against them.

One hint of this danger is the attacks on government websites three days later on Nov 5, which came from many places overseas and are still being investigated.

Many government websites - including those that process important transactions - encountered unusual "spikes" in traffic throughout Tuesday last week as hackers sought to bring them down through Distributed Denial of Service (DDoS) attacks.

In DDoS attacks, the attacker creates a network using thousands of infected computers worldwide, which are then made to overwhelm a targeted site with a huge spike in traffic.

In some instances, DDoS is combined with malware infiltration into networks and systems to steal personal information.

While the attempts here did not result in any identity thefts, they serve as good reminders that IT security is a rigour that can only be raised, not lowered.

itham@sph.com.sg

Get a copy of The Straits Times or go to straitstimes.com for more stories.

Several SG government websites down since 1pm; IDA says it's planned maintenance