Anonymous hacks Singapore PM website

[UPDATE: At a briefing Friday afternoon to which only local media were invited, IDA said traffic to many government sites was unusually high on November 5, the day "The Messiah" had urged Singaporeans to hold a virtual protest. The regulator said it indicated distributed denial of service attacks were launched against the sites, and pointed to a vulnerability in the Google search bar within two breached sites that allowed hackers to compromise the websites.] 

SINGAPORE--Following his threat to "track down" hackers who target the country, Prime Minister Lee Hsien Loong's official website was breached by hacktivist group Anonymous late Thursday night. 

In a statement released early Friday morning, ICT regulator Infocomm Development Authority of Singapore (IDA) said a "subpage for search" on the Prime Minister's Office (PMO) site was compromised but the main site was still functioning. 

In a second statement issued around noon, IDA said a subpage of the Istana website was also compromised about an hour after the PMO's website was defaced. Istana is the official residence of Singapore's president-elect Tony Tan

"A vulnerability in those subpages was exploited to display pages from other sources. This vulnerability is known as cross-site scripting," IDA said. "We will continue to strengthen all government websites. This includes the checking and fixing of vulnerabilities and software patching. While this is in progress, visitors to government websites may experience intermittent problems with access. This will be completed as soon as possible."

It added that the breach is now being investigated by local police. 

[UPDATE: At a briefing Friday afternoon to which only local media were invited, IDA said traffic to many government sites was unusually high on November 5, the day "The Messiah" had urged Singaporeans to hold a virtual protest. The regulator said this indicated distributed denial of service attacks were launched against the sites, and blamed a vulnerability in the Google search bar within the two breached sites that allowed hackers to compromise the websites. ZDNet is awaiting Google's response on this.]

The affected page of the PMO website was defaced with a headline that read "It's great to be Singaporean today", alongside an image of the now-infamous Guy Fawkes mask commonly associated with Anonymous. The page also contained this statement text: "PM Lee warns hackers: We will track you down--even if you think you're 'anonymous'."

The affected section was taken down after someone posted about the incident on Facebook. 

The breach comes after Lee had pledged to "spare no effort" to "track down" hackers who target Singapore's IT infrastructure. This was the first time he had responded to earlier threats by a hacker called "The Messiah" and part of the Anonymous group, who posted a YouTube video in protest of the Singapore government's online media licensing rule. 

Lee said online anonymity did not mean those responsible for cyberattacks should not be held accountable. "You may think you're anonymous--we will make the extra effort to find out who you are," he said.