Singapore PM’s website not hacked, but exploited: Trend Micro
By Digital News Asia November 14, 2013
- Servers were not breached, websites not compromised, but media reports say websites hacked
- Vulnerability from typical Cross Site Scripting, ‘search’ function on website exploited
CONTRARY to media reports, the official website of the Singapore Prime Minister’s Office (PMO) had not been hacked, although a vulnerability within the site was exploited to give that impression.
Security solutions provider Trend Micro Incorporated said that the PMO website remains intact, with visits unaffected.
Through analysis by its threat experts, Trend Micro found that the attack was not a result of a hacking attack, but an exploitation of vulnerability within the website, the company said in a statement.
Singapore media recently reported that both the Prime Minister’s and President’s official websites had been hacked.
The website attacks took place a day after Prime Minister Lee Hsien Loong told local journalists that his government would “spare no effort” in going after members of the Anonymous hacker group who had threatened to wage a cyber-war against Singapore, Yahoo! Singapore reported on Nov 8.
The news portal also reported on Nov 13 that five local men aged between 17 and 45 were being questioned for the attacks.
Malaysian websites twice this year were also subjected to DNS hijacking or poisoning attacks, where search queries were directed to different websites to give the false impression that a host of Malaysian websites had been hacked.
In both cases, it was the domain registrar or its retailers’ systems that had been compromised, not the websites concerned.
How the vulnerability came about
Meanwhile according to Trend Micro, based on its analysis, the Singapore PMO website incident was a result of a typical Cross Site Scripting (XSS) where the cybercriminal exploited the ‘search’ function on the website, and injected content from external sources.
In this particular instance, the cybercriminal had redirected the URL to the criminal’s intended image, the company said in its statement.
It was found that the exploited URL was broadcasted across various social networking sites including Twitter and Facebook and more, implying that the Singapore PMO website has been defaced.
With the exploited link referencing the Singapore PMO website’s official URL (http://www.pmo.gov.sg/), when clicked, unsuspecting visitors and consumers were tricked into thinking that the exploited link was a real defaced website.
With the cybercriminal’s choice of image, visitors and consumers were led to believing the compromise was by Anonymous, Trend Micro said.
Over the past couple of weeks, online assets of several government organisations in Singapore have been compromised by cyber-criminals, causing service disruptions and more, the company said.
Trend Micro advised organisations to conduct regular checks on the robustness of their IT infrastructure against exploitations of possible loopholes.
It recommends organisations take the following steps to check the health of their online assets, to better protect themselves against exploitations of vulnerabilities:
- Scan for web application vulnerabilities;
- Review HTML codes to ensure that search functions are not compromised, including setting up limitations in input content to reject special characters, sanitising output through HTML-encoding of user input or strings; and
- To ensure complete safety in the short run, disable website search functions.
For more information on security strategies against potential hacking attacks, click here.
Malaysia’s domain registrar MyNIC breached … again (Updated)
Malaysian sites hit by DNS poisoning
Week in Review: Trust, security and standards, or lack thereof
When the media, including DNA, let down readers
For more technology news and the latest updates, follow @dnewsasia on Twitter or Like us on Facebook.