'Lapse in maintenance' behind S'pore govt site breach

Software vulnerability not fixed despite prior warning by IT regulator, which led to hacking of Web sites operated by statutory board People's Association last month.
Written by Ellyne Phneah, Contributor

A "lapse in maintenance" had led to the hacking of Singapore's People's Association and its subsidiary sites been hacked last month, according to Yaacob Ibrahim, the country's minister for communications and information.

Yaacob said his ministry had been aware of a vulnerability in the software tool and agencies using the software had also been told to conduct maintenance ahead of time, The Straits Times reported on Monday.

Speaking in Parliament, Yaacob was referring to the People's Association (PA) Web site, along with sixteen other subsidiary Web sites, had been breached by hacker team HighTech Brazil HackTeam, the country's first security breach on government sites since 1999. The hacked Web sites were taken offline shortly afterwards, and restored two days later.

The Infocomm Development Authority of Singapore had also been aware of the vulnerability and told public agencies before the hacking incidents, a separate report by My Paper noted. However, there was a maintenance lapse by PA, which enabled the hacking group to gain access to the system.

"There was a lapse in maintenance and the agency responsible has informed us they will step up the maintenance regime to ensure the checking and auditing is done more timely," Yaacob said.

Preliminary investigations have also traced the hacking activities to foreign IP addresses, and Singapore's Police has requested assistance from its foreign counterparts, he added.

Yaacob also confirmed personal information had not been compromised as the Web site provides general information about the People's Association Activities.

Security watchers previously told ZDNet Asia the security breach on the PA sites may be "random", but more attacks on government sites are set to come with greater adversity.

Editorial standards