Amusing.... Singapore to Hunt ‘Anonymous’ hackers

[JR8]

Nothing mentioned above should ever happened. It is just security basics to keep such services apart from the Internet.

Yah oso security basics to keep government offices, and the Prime Ministers Office more secure than so it can't be brought down ('for routine maintenance' of course) by a teenager. Now... what about someone/thing with some real mal-intent and the expertise behind it... what havoc could they wreak? To me, that is the wider point of note, that of course will be swept under the carpet.

[x9200]

Yep, I believe you but we are talking about national power grid and the main country airport and air traffic control. If any of these was vulnerable to any form of Internet attack this would be IMHO a very good reason for the whole government to resign. I believe they are more than intelligent to take care of it.

[x9200]

Yah oso security basics to keep government offices, and the Prime Ministers Office more secure than so it can't be brought down ('for routine maintenance' of course) by a teenager. Now... what about someone/thing with some real mal-intent and the expertise behind it... what havoc could they wreak? To me, that is the wider point of note, that of course will be swept under the carpet.

It's a completely different security level. If a teenager hacks a web page it is just within the category of loosing face. There are no other consequences of it so a commonly available software is used. It may have holes and bugs as any software and it can be exploited because it's available.

For anything more critical there has to be right balance between accessibility and security and this includes this basic point: is there any reason why it should be hooked up to the Internet? If there is a need of remote communication I would rather expect a separate (physically) network to be built.

[JR8]

The worse the crisis they have facilitated, the more vital it is that they (not be sacked) but they use their unique knowledge to remedy the situation. After all (the theory goes, I think), only they can know how full of holes the system they created actually is.

However perverse, this is not an unusual argument.

p.s. What if Mossad, play at being a bunch of teenagers?

[zzm9980]

Yep, I believe you but we are talking about national power grid and the main country airport and air traffic control. If any of these was vulnerable to any form of Internet attack this would be IMHO a very good reason for the whole government to resign. I believe they are more than intelligent to take care of it.

Are we talking Singapore specifically or infrastructure in general? If the former, then yes I suspect they're at least adequately air-gapped from the internet and are beyond the reach of script kiddies. If the latter, then no don't be so confident. You're much too logical of a person and are applying that logic to IT, where people sadly aren't always logical. When it comes to SCADA, too many under-qualified managers have made the security vs availability calculation on their own and decided that it must be on the Internet so it can be reached remotely NO MATTER WHAT DAMNIT in case there is a problem and it needs to be fixed.

[PNGMK]

This will be controversial but I came to believe today that the whole thing about PM Lee's website being hacked by 'anon' is a false flag attack. The Gahmen has been trying to raise support (unsuccessfully) amoungst the populace for it's new internet policies and I think some sycophant cooked this up.

[PNGMK]

Yep, I believe you but we are talking about national power grid and the main country airport and air traffic control. If any of these was vulnerable to any form of Internet attack this would be IMHO a very good reason for the whole government to resign. I believe they are more than intelligent to take care of it.

Are we talking Singapore specifically or infrastructure in general? If the former, then yes I suspect they're at least adequately air-gapped from the internet and are beyond the reach of script kiddies. If the latter, then no don't be so confident. You're much too logical of a person and are applying that logic to IT, where people sadly aren't always logical. When it comes to SCADA, too many under-qualified managers have made the security vs availability calculation on their own and decided that it must be on the Internet so it can be reached remotely NO MATTER WHAT DAMNIT in case there is a problem and it needs to be fixed.

SCADA should never be on a shared network. However you're right... too many people link it in. The other that pisses me off is idiots thinking they need to run a browser on the internet AND their production plant mimic on the same PC.

[ecureilx]

Are we talking Singapore specifically or infrastructure in general? If the former, then yes I suspect they're at least adequately air-gapped from the internet and are beyond the reach of script kiddies. If the latter, then no don't be so confident. ..

Years ago, when I was supporting Firewalls, one of the minor govt agencies engaged our product for some solutions.

They had it so tight, when one of the Hard disk failed, they refused to return the failed HDD even though we needed it for RMA and investigation ..

And for another product, when one of the rules couldn't be supported, the Agency simply paid the vendor the full amount and just junked the stuff in the corner, than 'accomodate' the change, which would have not complied with requirements ...

And that was a very minor minor agency .. and that was more than 9 years ago ..

I am sure they have tightened up stuff much more in the 9 years since ...

to those who believe that on 5th November SG Govt domains was downed .. personally I don't think so ..

If they were quick to admit part of PMO's website being hacked, .. why hide the larger story then ? just sayin ,..

[JR8]

to those who believe that on 5th November SG Govt domains was downed .. personally I don't think so ..

If they were quick to admit part of PMO's website being hacked, .. why hide the larger story then ? just sayin ,..

Seems rather a coincidence. The hackers left a 'You've been hacked' message on the PMO website. So that cannot be denied. I see no mention of them also doing so on the other sites that went down at the same time.

Unannounced 'routine maintenance' across several government sites, during working hours on a weekday, at the same time as the PMO is hacked? That seems unorthodox, and one heck of a coincidence, don't you think?

[sundaymorningstaple]

I don't think, in view of the threats, that it was coincidental at all. I would have shut 'em down for maintenance as well. This would have had a two-fold reason, one, to take down the target that the Anon would have been looking for and two, make sure they have hardened their defenses as best as they can under the circumstances. Makes sense to me. I'd have done the same thing.

[JR8]

Maybe this gives a broad overview, of a developing picture... ?
http://en.wikipedia.org/wiki/October_20 ... berattacks

Looks like they got into the Istana site and AMK Town Council.

'Disruptions had occurred Saturday on more than a dozen of Singapore’s government-run websites, resulting in loss of accessibility for several hours. Authorities blamed the incident on technical difficulties that occurred during maintenance, though a self-proclaimed Anonymous member—in an email to U.S. Internet firm Yahoo Inc.'s Singapore news arm—has claimed responsibility for the disruptions.'
http://blogs.wsj.com/searealtime/2013/1 ... ster-says/

I think it was a government assertion (reported elsewhere in the media) that all these sites were down for 'routine maintenance'*, that caught my attention.

I wonder if all agencies that had their site taken down, share the same IT infrastructure. What ever happened to trigger this problem, that would seem like a significant risk/vulnerability.


Edit to add:
* http://www.euronews.com/newswires/21927 ... er-threat/
and
http://singaporedesk.blogspot.sg/2013/1 ... truth.html

[zzm9980]

They had it so tight, when one of the Hard disk failed, they refused to return the failed HDD even though we needed it for RMA and investigation ..

And for another product, when one of the rules couldn't be supported, the Agency simply paid the vendor the full amount and just junked the stuff in the corner, than 'accomodate' the change, which would have not complied with requirements ...

And that was a very minor minor agency .. and that was more than 9 years ago ..

Those types of requirements are relatively common in IT Policies, and aren't really indicative that they have their shit together or not. It just means that someone wrote a rule, and they weren't going to budge from. Maybe the risk vs cost calculation supported that decision, or maybe no one thought to dare deviate from the written rules and make that calculation. The latter scenario is quite common in Singapore and Asia, I'm sure most of you would agree.

[zzm9980]

Maybe this gives a broad overview, of a developing picture... ?
http://en.wikipedia.org/wiki/October_20 ... berattacks

Gahmen want to unmask some of the perpetrators? Just modify the article to sound slightly condescending towards the attackers, or change facts to diminish what they accomplished. Come back in a few hours and see who edited it to change back.

SG Government if you're reading, I'm available for part-time consulting at a low hourly rate. PM for details.

[Max Headroom]

Well, they got their man.

[Barnsley]

Well, they got their man.