Amusing.... Singapore to Hunt ‘Anonymous’ hackers

Discuss about any latest news or current affairs in Singapore or globally. Please DO NOT copy and paste news articles from other sources without written permission.
Post Reply
User avatar
JR8
Immortal
Immortal
Posts: 16522
Joined: Wed, 24 Mar 2010 12:43 pm
Location: K. Puki Manis

Post by JR8 » Fri, 08 Nov 2013 6:45 pm

x9200 wrote:Nothing mentioned above should ever happened. It is just security basics to keep such services apart from the Internet.
Yah oso security basics to keep government offices, and the Prime Ministers Office more secure than so it can't be brought down ('for routine maintenance' of course) by a teenager. Now... what about someone/thing with some real mal-intent and the expertise behind it... what havoc could they wreak? To me, that is the wider point of note, that of course will be swept under the carpet.

x9200
Moderator
Moderator
Posts: 9916
Joined: Mon, 07 Sep 2009 4:06 pm
Location: Singapore

Post by x9200 » Fri, 08 Nov 2013 6:47 pm

Yep, I believe you but we are talking about national power grid and the main country airport and air traffic control. If any of these was vulnerable to any form of Internet attack this would be IMHO a very good reason for the whole government to resign. I believe they are more than intelligent to take care of it.

x9200
Moderator
Moderator
Posts: 9916
Joined: Mon, 07 Sep 2009 4:06 pm
Location: Singapore

Post by x9200 » Fri, 08 Nov 2013 7:02 pm

JR8 wrote:Yah oso security basics to keep government offices, and the Prime Ministers Office more secure than so it can't be brought down ('for routine maintenance' of course) by a teenager. Now... what about someone/thing with some real mal-intent and the expertise behind it... what havoc could they wreak? To me, that is the wider point of note, that of course will be swept under the carpet.
It's a completely different security level. If a teenager hacks a web page it is just within the category of loosing face. There are no other consequences of it so a commonly available software is used. It may have holes and bugs as any software and it can be exploited because it's available.

For anything more critical there has to be right balance between accessibility and security and this includes this basic point: is there any reason why it should be hooked up to the Internet? If there is a need of remote communication I would rather expect a separate (physically) network to be built.

User avatar
JR8
Immortal
Immortal
Posts: 16522
Joined: Wed, 24 Mar 2010 12:43 pm
Location: K. Puki Manis

Post by JR8 » Fri, 08 Nov 2013 7:04 pm

The worse the crisis they have facilitated, the more vital it is that they (not be sacked) but they use their unique knowledge to remedy the situation. After all (the theory goes, I think), only they can know how full of holes the system they created actually is.

However perverse, this is not an unusual argument.

p.s. What if Mossad, play at being a bunch of teenagers?

User avatar
zzm9980
Governor
Governor
Posts: 6869
Joined: Wed, 06 Jul 2011 1:35 pm
Location: Once more unto the breach

Post by zzm9980 » Fri, 08 Nov 2013 9:41 pm

x9200 wrote:Yep, I believe you but we are talking about national power grid and the main country airport and air traffic control. If any of these was vulnerable to any form of Internet attack this would be IMHO a very good reason for the whole government to resign. I believe they are more than intelligent to take care of it.
Are we talking Singapore specifically or infrastructure in general? If the former, then yes I suspect they're at least adequately air-gapped from the internet and are beyond the reach of script kiddies. If the latter, then no don't be so confident. You're much too logical of a person and are applying that logic to IT, where people sadly aren't always logical. When it comes to SCADA, too many under-qualified managers have made the security vs availability calculation on their own and decided that it must be on the Internet so it can be reached remotely NO MATTER WHAT DAMNIT in case there is a problem and it needs to be fixed.

User avatar
PNGMK
Moderator
Moderator
Posts: 8782
Joined: Thu, 21 Mar 2013 9:06 pm
Answers: 2
Location: Sinkapore

Post by PNGMK » Fri, 08 Nov 2013 10:43 pm

This will be controversial but I came to believe today that the whole thing about PM Lee's website being hacked by 'anon' is a false flag attack. The Gahmen has been trying to raise support (unsuccessfully) amoungst the populace for it's new internet policies and I think some sycophant cooked this up.

User avatar
PNGMK
Moderator
Moderator
Posts: 8782
Joined: Thu, 21 Mar 2013 9:06 pm
Answers: 2
Location: Sinkapore

Post by PNGMK » Fri, 08 Nov 2013 10:44 pm

zzm9980 wrote:
x9200 wrote:Yep, I believe you but we are talking about national power grid and the main country airport and air traffic control. If any of these was vulnerable to any form of Internet attack this would be IMHO a very good reason for the whole government to resign. I believe they are more than intelligent to take care of it.
Are we talking Singapore specifically or infrastructure in general? If the former, then yes I suspect they're at least adequately air-gapped from the internet and are beyond the reach of script kiddies. If the latter, then no don't be so confident. You're much too logical of a person and are applying that logic to IT, where people sadly aren't always logical. When it comes to SCADA, too many under-qualified managers have made the security vs availability calculation on their own and decided that it must be on the Internet so it can be reached remotely NO MATTER WHAT DAMNIT in case there is a problem and it needs to be fixed.
SCADA should never be on a shared network. However you're right... too many people link it in. The other that pisses me off is idiots thinking they need to run a browser on the internet AND their production plant mimic on the same PC.

User avatar
ecureilx
Immortal
Immortal
Posts: 9817
Joined: Fri, 20 Aug 2010 5:18 pm

Post by ecureilx » Sat, 09 Nov 2013 9:46 am

zzm9980 wrote:Are we talking Singapore specifically or infrastructure in general? If the former, then yes I suspect they're at least adequately air-gapped from the internet and are beyond the reach of script kiddies. If the latter, then no don't be so confident. ..
Years ago, when I was supporting Firewalls, one of the minor govt agencies engaged our product for some solutions.

They had it so tight, when one of the Hard disk failed, they refused to return the failed HDD even though we needed it for RMA and investigation ..

And for another product, when one of the rules couldn't be supported, the Agency simply paid the vendor the full amount and just junked the stuff in the corner, than 'accomodate' the change, which would have not complied with requirements ...

And that was a very minor minor agency .. and that was more than 9 years ago ..

I am sure they have tightened up stuff much more in the 9 years since ...

to those who believe that on 5th November SG Govt domains was downed .. personally I don't think so ..

If they were quick to admit part of PMO's website being hacked, .. why hide the larger story then ? just sayin ,..

User avatar
JR8
Immortal
Immortal
Posts: 16522
Joined: Wed, 24 Mar 2010 12:43 pm
Location: K. Puki Manis

Post by JR8 » Sat, 09 Nov 2013 10:21 am

ecureilx wrote:
to those who believe that on 5th November SG Govt domains was downed .. personally I don't think so ..

If they were quick to admit part of PMO's website being hacked, .. why hide the larger story then ? just sayin ,..
Seems rather a coincidence. The hackers left a 'You've been hacked' message on the PMO website. So that cannot be denied. I see no mention of them also doing so on the other sites that went down at the same time.

Unannounced 'routine maintenance' across several government sites, during working hours on a weekday, at the same time as the PMO is hacked? That seems unorthodox, and one heck of a coincidence, don't you think?

User avatar
sundaymorningstaple
Moderator
Moderator
Posts: 39773
Joined: Thu, 11 Nov 2004 1:26 pm
Answers: 10
Location: Retired on the Little Red Dot

Post by sundaymorningstaple » Sat, 09 Nov 2013 1:10 pm

I don't think, in view of the threats, that it was coincidental at all. I would have shut 'em down for maintenance as well. This would have had a two-fold reason, one, to take down the target that the Anon would have been looking for and two, make sure they have hardened their defenses as best as they can under the circumstances. Makes sense to me. I'd have done the same thing.
SOME PEOPLE TRY TO TURN BACK THEIR ODOMETERS. NOT ME. I WANT PEOPLE TO KNOW WHY I LOOK THIS WAY. I'VE TRAVELED A LONG WAY, AND SOME OF THE ROADS WEREN'T PAVED. ~ Will Rogers

User avatar
JR8
Immortal
Immortal
Posts: 16522
Joined: Wed, 24 Mar 2010 12:43 pm
Location: K. Puki Manis

Post by JR8 » Sat, 09 Nov 2013 2:02 pm

Maybe this gives a broad overview, of a developing picture... ?
http://en.wikipedia.org/wiki/October_20 ... berattacks

Looks like they got into the Istana site and AMK Town Council.

'Disruptions had occurred Saturday on more than a dozen of Singapore’s government-run websites, resulting in loss of accessibility for several hours. Authorities blamed the incident on technical difficulties that occurred during maintenance, though a self-proclaimed Anonymous member—in an email to U.S. Internet firm Yahoo Inc.'s Singapore news arm—has claimed responsibility for the disruptions.'
http://blogs.wsj.com/searealtime/2013/1 ... ster-says/

I think it was a government assertion (reported elsewhere in the media) that all these sites were down for 'routine maintenance'*, that caught my attention.

I wonder if all agencies that had their site taken down, share the same IT infrastructure. What ever happened to trigger this problem, that would seem like a significant risk/vulnerability.


Edit to add:
* http://www.euronews.com/newswires/21927 ... er-threat/
and
http://singaporedesk.blogspot.sg/2013/1 ... truth.html
Last edited by JR8 on Sat, 09 Nov 2013 3:30 pm, edited 1 time in total.

User avatar
zzm9980
Governor
Governor
Posts: 6869
Joined: Wed, 06 Jul 2011 1:35 pm
Location: Once more unto the breach

Post by zzm9980 » Sat, 09 Nov 2013 2:20 pm

ecureilx wrote: They had it so tight, when one of the Hard disk failed, they refused to return the failed HDD even though we needed it for RMA and investigation ..

And for another product, when one of the rules couldn't be supported, the Agency simply paid the vendor the full amount and just junked the stuff in the corner, than 'accomodate' the change, which would have not complied with requirements ...

And that was a very minor minor agency .. and that was more than 9 years ago ..
Those types of requirements are relatively common in IT Policies, and aren't really indicative that they have their shit together or not. It just means that someone wrote a rule, and they weren't going to budge from. Maybe the risk vs cost calculation supported that decision, or maybe no one thought to dare deviate from the written rules and make that calculation. The latter scenario is quite common in Singapore and Asia, I'm sure most of you would agree.

User avatar
zzm9980
Governor
Governor
Posts: 6869
Joined: Wed, 06 Jul 2011 1:35 pm
Location: Once more unto the breach

Post by zzm9980 » Sat, 09 Nov 2013 2:22 pm

JR8 wrote:Maybe this gives a broad overview, of a developing picture... ?
http://en.wikipedia.org/wiki/October_20 ... berattacks
Gahmen want to unmask some of the perpetrators? Just modify the article to sound slightly condescending towards the attackers, or change facts to diminish what they accomplished. Come back in a few hours and see who edited it to change back.

SG Government if you're reading, I'm available for part-time consulting at a low hourly rate. PM for details. :cool:

User avatar
Max Headroom
Reporter
Reporter
Posts: 911
Joined: Wed, 08 May 2013 11:31 am
Location: Singapore
Contact:

Post by Max Headroom » Tue, 12 Nov 2013 11:17 am

Well, they got their man.

User avatar
Barnsley
Manager
Manager
Posts: 2319
Joined: Tue, 10 Jun 2008 5:22 pm
Location: Pasir Ris
Contact:

Post by Barnsley » Tue, 12 Nov 2013 11:30 am

Max Headroom wrote:Well, they got their man.
:D
Life is short, paddle harder!!

Post Reply
  • Similar Topics
    Replies
    Views
    Last post

Return to “Latest News & Current Affairs”

Who is online

Users browsing this forum: No registered users and 4 guests