[July 01, 2011] Singapore names suspect hackers Tweet SINGAPORE, Jun 28, 2011 (The Straits Times - McClatchy-Tribune Information Services via COMTEX) -- Malaysian hackers could be behind the recent attack on a Singapore government website and the theft of data belonging to users, a business consultancy in Singapore has said. The hackers, a group called H3x4 Crew, are believed to have been behind the unauthorised access to the website of the National Parks Board (NParks). The group has also been linked to attacks on more than 140 websites, including those of a Nepalese bank and a Malaysian university. The business consultancy, called The Black Wilder Group (TBWG), told The Straits Times that it alerted the authorities when its employee in Malaysia found NParks' website hacked into two weeks ago. The company said it has representatives in different parts of the world, including Singapore. A TBWG spokesman said the matter was reported to the Home Affairs Ministry and NParks because it believed confidential information to have been leaked. "We felt that this was a matter of national security because in the NParks database, we believe that there are individuals who are also affiliated with other government organisations, whose data would have been compromised. That will then have a chain effect." TBWG, which keeps a low profile, declined to elaborate on its business. It would say only that it "specialises in the areas of computer science, business forecasting and planning, as well as business intelligence". The NParks website runs a range of user services, such as application for camping permits. The breach in question was limited to information submitted by users seeking to contribute pictures or comments to an NParks photo gallery, so only those who had previously registered online to use the gallery were affected. NParks was, nonetheless, forced to take its website temporarily offline to plug security gaps, test the integrity of its system and move all personal data into secure environments. Because the hackers had accessed details such as e-mail addresses, names and encrypted passwords, NParks advised the users of its website to change their log-in names and passwords if they use these to access accounts on other websites. So far, no report of compromised accounts has surfaced. The TBWG spokesman said one of the consultancy's employees in Malaysia was monitoring H3x4 Crew for an unrelated case when he saw that screenshots of the hacked NParks website had been uploaded onto a temporary website. The images were later taken down, but reappeared on kenahack.com, a website that displays hacking exploits. In that portal, H3x4 Crew was named as the 'notifier', the party that broadcast the attack. When contacted, the police would say only that investigations were in progress. The case raises concern over the vulnerability of government websites; hackers recently disrupted dozens of Malaysian state-linked websites and even that of the United States' Central Intelligence Agency. Singapore's cyber defences include a cyber-watch centre, the role of which is to provide round-the-clock security monitoring of government systems and networks. The Infocomm Development Authority (IDA) did not respond when asked whether the centre had detected the hacking; it also did not answer a query on the frequency of intrusions on government websites. Its spokesman would only say: "We're concerned with cyber threats and have implemented measures to mitigate them. Such measures are long-term and continually evolving with technologies." Besides administering a masterplan to beef up digital security, the IDA shares information on cyber threats with its overseas counterparts. In the light of the NParks hacking and Singapore's reliance on Internet-based communications, IT security expert Wong Onn Chee recommends that the Government look into upgrading the protection systems of its websites. He added that Government should require vendors to be competent in secure coding and run checks on the security of Web applications before accepting vendors' work. "The more we delay in taking effective action, the more exposed our e-Government portals will be to cyber attacks. The clock is ticking," he said. Mr Wong, who leads the Singapore chapter of the Open Web Application Security Project, said cyber security is always a work in progress: "We must be aware that there is no such thing as 100 per cent cyber security. The only type of website I know which is unhackable is one that is not powered on." To see more of the Asia News Network, go to http://www.asianewsnet.net/home/ Copyright (c) 2011, The Straits Times, Singapore / Asia News Network Distributed by McClatchy-Tribune Information Services. For more information about the content services offered by McClatchy-Tribune Information Services (MCT), visit www.mctinfoservices.com. [ Back To TMCnet.com's Homepage ]