Singapore Expats Forum

Amusing.... Singapore to Hunt ‘Anonymous’ hackers

Discuss about any latest news or current affairs in Singapore or globally. Please DO NOT copy and paste news articles from other sources without written permission.
User avatar
JR8
Immortal
Immortal
Posts: 16514
Joined: Wed, 24 Mar 2010
Location: K. Puki Manis

Postby JR8 » Fri, 08 Nov 2013 6:45 pm

x9200 wrote:Nothing mentioned above should ever happened. It is just security basics to keep such services apart from the Internet.


Yah oso security basics to keep government offices, and the Prime Ministers Office more secure than so it can't be brought down ('for routine maintenance' of course) by a teenager. Now... what about someone/thing with some real mal-intent and the expertise behind it... what havoc could they wreak? To me, that is the wider point of note, that of course will be swept under the carpet.

User avatar
x9200
Moderator
Moderator
Posts: 9251
Joined: Mon, 07 Sep 2009
Location: Singapore

Postby x9200 » Fri, 08 Nov 2013 6:47 pm

Yep, I believe you but we are talking about national power grid and the main country airport and air traffic control. If any of these was vulnerable to any form of Internet attack this would be IMHO a very good reason for the whole government to resign. I believe they are more than intelligent to take care of it.

User avatar
x9200
Moderator
Moderator
Posts: 9251
Joined: Mon, 07 Sep 2009
Location: Singapore

Postby x9200 » Fri, 08 Nov 2013 7:02 pm

JR8 wrote:Yah oso security basics to keep government offices, and the Prime Ministers Office more secure than so it can't be brought down ('for routine maintenance' of course) by a teenager. Now... what about someone/thing with some real mal-intent and the expertise behind it... what havoc could they wreak? To me, that is the wider point of note, that of course will be swept under the carpet.

It's a completely different security level. If a teenager hacks a web page it is just within the category of loosing face. There are no other consequences of it so a commonly available software is used. It may have holes and bugs as any software and it can be exploited because it's available.

For anything more critical there has to be right balance between accessibility and security and this includes this basic point: is there any reason why it should be hooked up to the Internet? If there is a need of remote communication I would rather expect a separate (physically) network to be built.

User avatar
JR8
Immortal
Immortal
Posts: 16514
Joined: Wed, 24 Mar 2010
Location: K. Puki Manis

Postby JR8 » Fri, 08 Nov 2013 7:04 pm

The worse the crisis they have facilitated, the more vital it is that they (not be sacked) but they use their unique knowledge to remedy the situation. After all (the theory goes, I think), only they can know how full of holes the system they created actually is.

However perverse, this is not an unusual argument.

p.s. What if Mossad, play at being a bunch of teenagers?

User avatar
zzm9980
Governor
Governor
Posts: 6837
Joined: Wed, 06 Jul 2011
Location: Once more unto the breach

Postby zzm9980 » Fri, 08 Nov 2013 9:41 pm

x9200 wrote:Yep, I believe you but we are talking about national power grid and the main country airport and air traffic control. If any of these was vulnerable to any form of Internet attack this would be IMHO a very good reason for the whole government to resign. I believe they are more than intelligent to take care of it.


Are we talking Singapore specifically or infrastructure in general? If the former, then yes I suspect they're at least adequately air-gapped from the internet and are beyond the reach of script kiddies. If the latter, then no don't be so confident. You're much too logical of a person and are applying that logic to IT, where people sadly aren't always logical. When it comes to SCADA, too many under-qualified managers have made the security vs availability calculation on their own and decided that it must be on the Internet so it can be reached remotely NO MATTER WHAT DAMNIT in case there is a problem and it needs to be fixed.

PNGMK
Director
Director
Posts: 4899
Joined: Thu, 21 Mar 2013

Postby PNGMK » Fri, 08 Nov 2013 10:43 pm

This will be controversial but I came to believe today that the whole thing about PM Lee's website being hacked by 'anon' is a false flag attack. The Gahmen has been trying to raise support (unsuccessfully) amoungst the populace for it's new internet policies and I think some sycophant cooked this up.

PNGMK
Director
Director
Posts: 4899
Joined: Thu, 21 Mar 2013

Postby PNGMK » Fri, 08 Nov 2013 10:44 pm

zzm9980 wrote:
x9200 wrote:Yep, I believe you but we are talking about national power grid and the main country airport and air traffic control. If any of these was vulnerable to any form of Internet attack this would be IMHO a very good reason for the whole government to resign. I believe they are more than intelligent to take care of it.


Are we talking Singapore specifically or infrastructure in general? If the former, then yes I suspect they're at least adequately air-gapped from the internet and are beyond the reach of script kiddies. If the latter, then no don't be so confident. You're much too logical of a person and are applying that logic to IT, where people sadly aren't always logical. When it comes to SCADA, too many under-qualified managers have made the security vs availability calculation on their own and decided that it must be on the Internet so it can be reached remotely NO MATTER WHAT DAMNIT in case there is a problem and it needs to be fixed.


SCADA should never be on a shared network. However you're right... too many people link it in. The other that pisses me off is idiots thinking they need to run a browser on the internet AND their production plant mimic on the same PC.

User avatar
ecureilx
Immortal
Immortal
Posts: 9528
Joined: Fri, 20 Aug 2010

Postby ecureilx » Sat, 09 Nov 2013 9:46 am

zzm9980 wrote:Are we talking Singapore specifically or infrastructure in general? If the former, then yes I suspect they're at least adequately air-gapped from the internet and are beyond the reach of script kiddies. If the latter, then no don't be so confident. ..


Years ago, when I was supporting Firewalls, one of the minor govt agencies engaged our product for some solutions.

They had it so tight, when one of the Hard disk failed, they refused to return the failed HDD even though we needed it for RMA and investigation ..

And for another product, when one of the rules couldn't be supported, the Agency simply paid the vendor the full amount and just junked the stuff in the corner, than 'accomodate' the change, which would have not complied with requirements ...

And that was a very minor minor agency .. and that was more than 9 years ago ..

I am sure they have tightened up stuff much more in the 9 years since ...

to those who believe that on 5th November SG Govt domains was downed .. personally I don't think so ..

If they were quick to admit part of PMO's website being hacked, .. why hide the larger story then ? just sayin ,..

User avatar
JR8
Immortal
Immortal
Posts: 16514
Joined: Wed, 24 Mar 2010
Location: K. Puki Manis

Postby JR8 » Sat, 09 Nov 2013 10:21 am

ecureilx wrote:
to those who believe that on 5th November SG Govt domains was downed .. personally I don't think so ..

If they were quick to admit part of PMO's website being hacked, .. why hide the larger story then ? just sayin ,..


Seems rather a coincidence. The hackers left a 'You've been hacked' message on the PMO website. So that cannot be denied. I see no mention of them also doing so on the other sites that went down at the same time.

Unannounced 'routine maintenance' across several government sites, during working hours on a weekday, at the same time as the PMO is hacked? That seems unorthodox, and one heck of a coincidence, don't you think?

User avatar
sundaymorningstaple
Moderator
Moderator
Posts: 34341
Joined: Thu, 11 Nov 2004
Location: Still Fishing!
Contact:

Postby sundaymorningstaple » Sat, 09 Nov 2013 1:10 pm

I don't think, in view of the threats, that it was coincidental at all. I would have shut 'em down for maintenance as well. This would have had a two-fold reason, one, to take down the target that the Anon would have been looking for and two, make sure they have hardened their defenses as best as they can under the circumstances. Makes sense to me. I'd have done the same thing.

User avatar
JR8
Immortal
Immortal
Posts: 16514
Joined: Wed, 24 Mar 2010
Location: K. Puki Manis

Postby JR8 » Sat, 09 Nov 2013 2:02 pm

Maybe this gives a broad overview, of a developing picture... ?
http://en.wikipedia.org/wiki/October_20 ... berattacks

Looks like they got into the Istana site and AMK Town Council.

'Disruptions had occurred Saturday on more than a dozen of Singapore’s government-run websites, resulting in loss of accessibility for several hours. Authorities blamed the incident on technical difficulties that occurred during maintenance, though a self-proclaimed Anonymous member—in an email to U.S. Internet firm Yahoo Inc.'s Singapore news arm—has claimed responsibility for the disruptions.'
http://blogs.wsj.com/searealtime/2013/1 ... ster-says/

I think it was a government assertion (reported elsewhere in the media) that all these sites were down for 'routine maintenance'*, that caught my attention.

I wonder if all agencies that had their site taken down, share the same IT infrastructure. What ever happened to trigger this problem, that would seem like a significant risk/vulnerability.


Edit to add:
* http://www.euronews.com/newswires/21927 ... er-threat/
and
http://singaporedesk.blogspot.sg/2013/1 ... truth.html
Last edited by JR8 on Sat, 09 Nov 2013 3:30 pm, edited 1 time in total.

User avatar
zzm9980
Governor
Governor
Posts: 6837
Joined: Wed, 06 Jul 2011
Location: Once more unto the breach

Postby zzm9980 » Sat, 09 Nov 2013 2:20 pm

ecureilx wrote:They had it so tight, when one of the Hard disk failed, they refused to return the failed HDD even though we needed it for RMA and investigation ..

And for another product, when one of the rules couldn't be supported, the Agency simply paid the vendor the full amount and just junked the stuff in the corner, than 'accomodate' the change, which would have not complied with requirements ...

And that was a very minor minor agency .. and that was more than 9 years ago ..


Those types of requirements are relatively common in IT Policies, and aren't really indicative that they have their shit together or not. It just means that someone wrote a rule, and they weren't going to budge from. Maybe the risk vs cost calculation supported that decision, or maybe no one thought to dare deviate from the written rules and make that calculation. The latter scenario is quite common in Singapore and Asia, I'm sure most of you would agree.

User avatar
zzm9980
Governor
Governor
Posts: 6837
Joined: Wed, 06 Jul 2011
Location: Once more unto the breach

Postby zzm9980 » Sat, 09 Nov 2013 2:22 pm

JR8 wrote:Maybe this gives a broad overview, of a developing picture... ?
http://en.wikipedia.org/wiki/October_20 ... berattacks


Gahmen want to unmask some of the perpetrators? Just modify the article to sound slightly condescending towards the attackers, or change facts to diminish what they accomplished. Come back in a few hours and see who edited it to change back.

SG Government if you're reading, I'm available for part-time consulting at a low hourly rate. PM for details. :cool:

User avatar
Max Headroom
Reporter
Reporter
Posts: 596
Joined: Wed, 08 May 2013
Location: Singapore
Contact:

Postby Max Headroom » Tue, 12 Nov 2013 11:17 am

Well, they got their man.

User avatar
Barnsley
Manager
Manager
Posts: 2094
Joined: Tue, 10 Jun 2008
Location: Pasir Ris
Contact:

Postby Barnsley » Tue, 12 Nov 2013 11:30 am

Max Headroom wrote:Well, they got their man.


:D
Life is short, paddle harder!!


  • Similar Topics
    Replies
    Views
    Last post
  • Hackers Hit 100 Banks
    by x9200 » Mon, 16 Feb 2015 7:51 pm » in Latest News & Current Affairs
    22
    3673
    by maneo View the latest post
    Thu, 26 Feb 2015 12:14 pm
  • Mildly amusing
    by Steve1960 » Tue, 02 Oct 2012 10:42 am » in General Discussions
    2
    2273
    by beppi View the latest post
    Wed, 10 Oct 2012 6:02 pm
  • Amusing vids
    by JR8 » Tue, 29 Oct 2013 3:27 pm » in Leisure Chat, Jokes, Rubbish
    0
    835
    by JR8 View the latest post
    Tue, 29 Oct 2013 3:27 pm
  • Just .... somewhat amusing stuff, news etc
    by JR8 » Thu, 31 Oct 2013 12:04 pm » in Leisure Chat, Jokes, Rubbish
    53
    10373
    by JR8 View the latest post
    Wed, 15 Jan 2014 9:15 pm
  • Amusing Protest in London
    by zzm9980 » Sun, 15 Dec 2013 11:14 am » in Latest News & Current Affairs
    3
    1354
    by JR8 View the latest post
    Sun, 15 Dec 2013 9:09 pm

Return to “Latest News & Current Affairs”

Who is online

Users browsing this forum: No registered users and 1 guest