The Anonymous group made one of its boldest moves against the Singapore government over the weekend when it leaked the personal information of 10 public officers and threatened to do the same with thousands more. I found myself with the best seats in the house, holding on to that data a day before it went public.
It all started rather curiously when I was approached by a Twitter user associated with the Anonymous movement. A URL to an encrypted pastebin led me to a statement protesting recent arrests in Singapore of alleged hackers.
This was a bid by the hacktivist group to drum up noise ahead of court proceedings this week, namely of James Raj Arokiasamy, who was accused of defacing of at least one government Web site, as well as two other individuals who ran a cross-site scripting exploit on the official site of the President's Office.
The statement by Anonymous also came attached with the personal particulars of 10 individuals, including their names and government e-mail addresses. More significantly, it also listed much more private information such as birthdates, passport numbers, and mobile phone numbers.
Interestingly, there were signs the data was pretty old. Some of the phone numbers were out of service, and some of the respondents told me they had long left the particular government agency identified via the associated e-mail address.
Signs of more to come?
That was the latest in a recent spate of cyberattacks, at least those publicized, against the Singapore government, with the data leak incident potentially dealing the biggest blow so far.
November 2013: The threat comes just three months after the website under the Prime Minister's Office was defaced last November. Hours later, the Istana website under the President's Office was hit with a cross-scripting exploit. These attacks came days after Prime Minister Lee Hsien Loong vowed to "track down" hackers who targeted the country, in response to a video threat protesting against a controversially introduced online media licensing rule.
Later that same month, the websites of 13 schools which were hosted on a single server were defaced, according to the Straits Times.
October 2013: The Ang Mo Kio Town Council's website was defaced by a hacker under the moniker "Messiah".
December 2012: The Messiah has also been linked to a similar attack on statutory board People's Association (PA) nearly a year earlier. This was then the first cyberattack on a government website in 13 years, according to Lianhe Zaobao.
Ngair Teow Hin, founder and CEO of Singapore-based security vendor SecureAge, previously pointed out in an interview that the country's "vibrant" IT security environment, low rate of reported breaches and incidents, and not being at the frontline of online attacks had lulled local organizations into a "false sense of security" leaving them vulnerable.
According to Stree Naidu, vice president at Imperva Asia-Pacific and Japan, the recent attacks are a reminder for all organizations to keep their eyes on the ball when it comes to data security. He highlighted that security was a multi-layer process, with most organizations protecting their applications and networks, but neglecting to protect their data centers.
"There is never a guarantee in the security landscape as security providers and hackers are constantly in bid to outrun and outwit each other," Naidu added. "The important thing now is how fast we are able to implement protective measures. Hackers are becoming more agile and we are continuously changing their attack strategies."
Such concerns have already prompted Singapore to call for new approaches in cybersecurity including wider international collaboration. Last July, the country also launched its third 5-year cybersecurity roadmap with a focus on grooming the pool of homegrown talent.
Engage foreign media more closely
Perhaps part of that push for more "international colloboration" should also cover the media engagement policies by government agencies, where they should engage "foreign" media based in Singapore more actively.
There have been many times where the ZDNet team here in Singapore has been locked out of media briefings apparently reserved exclusively for local media, such as the one involving a call by Anonymous for a tweetstorm against the government. Whenever this happened, we would often have to call up the ministry involved for more information. Not only would this end up wasting time on our end, but also man hours for whoever was answering our queries--I have to acknowledge, though, that the Infocomm Development Authority of Singapore (IDA) has over the years become increasingly accommodating.
With the immediacy of online options, news consumption is no longer constrained to the traditional sources dominated by mainstream local press but now involves much more search engine optimization and social media referrals. Public interest can only be better served with the equal engagement of all media, which ultimately will help generate more coverage, analysis, and healthy discussion.
In a backdrop where the Singapore mainstream press is part state-owned, perhaps the biggest factor to consider is how some news sources may increasingly prefer to confide in non-government linked media, especially with politically-sensitive information.