Sunday 3 November 2013

‘Anonymous’ cyber threat 2013: Government agencies on alert after hackers threaten attacks

By Irene Tham, The Straits Times, 1 Nov 2013

GOVERNMENT agencies have been put on alert after someone claiming to be part of the global hacker group Anonymous posted an online video threatening to hit out at the country's infrastructure.

The Straits Times learnt that the Government IT Security Incident Response Team - set up to coordinate responses to a cyber intrusion - alerted all government agencies after the video was posted on YouTube on Tuesday, warning of possible hacks to bring down government websites.

When contacted, the Infocomm Development Authority of Singapore said: "We are aware of the video, and the police are investigating the matter."

The video threatened to bring down Singapore's infrastructure in a show of protest against licensing regulations on news sites.

Instituted in June, the regulations require certain news sites to post a $50,000 bond and take down offensive content within 24 hours.

"We demand you reconsider the regulations of your framework or we will be forced to go to war with you," said the video message, which was delivered using an image of a Guy Fawkes anonymity mask.

The threat followed Monday's attack on Ang Mo Kio Town Council's home page and the earlier hacking of a webpage within pre-school operator PAP Community Foundation's site by someone known as "The Messiah", who also claimed to be part of Anonymous.

Both webpages were still down as of 8pm yesterday.

Tuesday's video alluded to the attacks as the work of one Anonymous hacker, and a "sneak peak" of what would come if the Government stuck to its guns.

It warned of "a legion" of Anonymous hackers "unleashed" on Singapore's infrastructure if the demands were not met.

The video was put up using the YouTube account of "Cecilia Xiao", but the user removed the clip at about 5.30pm yesterday.

Mr Howard Lee, spokesman for the FreeMyInternet movement, which organised protests against the licensing rules, said he and the movement had nothing to do with the video threat.

"FreeMyInternet has made it clear from the start that we are for, and continue to believe in, open and direct communication with the Government," said Mr Lee, who is also an editor with The Online Citizen website.

Security experts are not sure whether the video was indeed the work of Anonymous, which has claimed responsibility for many high-profile attacks on corporations and government agencies globally, including the United States' Federal Emergency Management Agency and Sony-branded websites.

Mr Eric Chan, regional technical director of security software firm Fortinet, said: "Anyone can claim to be a member (of Anonymous); it is hard to determine who is real."

Mr Paul Ducklin, a consultant at security software firm Sophos, said: "I don't see the need to do anything different because of these threats unless you weren't taking computer security seriously beforehand."

Govt sites down due to glitch, not hacking: IDA
Some may experience intermittent access while maintenance continues
By Oo Gin Lee, The Straits Times, 5 Nov 2013

SEVERAL government websites were unavailable for a few hours last Saturday because of a technical glitch, and not because they had been hacked into.

The Infocomm Development Authority (IDA) said yesterday that the glitch had occurred during maintenance work to beef up security.

"At no point was it a hacking attempt," said an IDA spokesman at a press conference in the evening.

Government agencies had been on heightened vigilance to enhance the security of their information technology systems since global hackers group Anonymous made threats against them last Thursday.

Over the next few days, some government websites may experience intermittent access while maintenance continues. Agencies will try to complete the work as soon as possible, said the spokesman.

To bolster their resilience, selected government websites had to be taken offline for maintenance. But last Saturday, between 1pm and 3pm, a combination of Internet routing issues and hardware failures caused a glitch, which took the websites offline longer than expected. This was rectified by 5.20pm, said IDA.

Websites of the Singapore police and the ministries of Home Affairs and Foreign Affairs were among those affected by the glitch. Unaffected websites included the Central Provident Fund, Inland Revenue Authority of Singapore and Ministry of Defence.

Last Thursday, a YouTube video posted by "Anonymous" threatened to bring down Singapore's infrastructure in a show of protest against licensing regulations on news sites.

Instituted in June, the regulations require selected news sites with at least 50,000 unique visitors from Singapore each month over a period of two months to post a $50,000 bond and take down content against public interest or national harmony within 24 hours.

"We demand (that) you reconsider the regulations of your framework or we will be forced to go to war with you," said the video message, delivered by someone wearing a Guy Fawkes anonymity mask.

The threat last Thursday followed attacks mounted on Ang Mo Kio Town Council's homepage on Monday last week and an earlier hacking of a webpage within pre-school operator PAP Community Foundation's site by someone known as "The Messiah", who also claimed to be part of the Anonymous collective.

Last Friday, a section of The Straits Times' website was attacked, with "Messiah" claiming responsibility.

These recent cyber intrusions gave rise to speculation that last Saturday's downtime may have been an extension of the attacks.

"The Singapore Government takes cyber security and threats to its IT infrastructure very seriously," added the IDA spokesman yesterday.

Hackers deface more Australian sites
By Zakir Hussain, The Straits Times, 5 Nov 2013

THE authorities in the region were no clearer on the precise identities of those behind a series of attacks on websites, even as more websites reportedly fell victim to the global movement called Anonymous.

Yesterday, a group called Anonymous Indonesia claimed responsibility for the defacement of around 200 Australian sites to protest against reports of alleged Australian spying in Indonesia.

Indonesian Foreign Minister Marty Natalegawa said he had been following these reports, but was not sure what kind of causal relationship there was between the surveillance disclosures and the attacks.

What he wanted though, he said at a press conference yesterday, was a "strong commitment" from both Australia and the United States that they "would not be engaged in any activity inconsistent with the friendly relations between our two countries".

Anonymous Philippines said it had infiltrated more than 100 government websites before a demonstration outside Congress today as part of a global march against corruption and government censorship. The government pledged to take action against hackers.

Anonymous Philippines apologised for the inconvenience, but said it was drumming home the message that Filipinos have become "tired of this government and the politicians who only think about themselves", the Philippine Daily Inquirer reported.

Meanwhile, Indonesian officials said they had yet to receive reports or requests to identify the attackers, believed to be a loose network of hackers.

Communication and Information Technology Ministry spokesman Gatot Dewa Broto said such attacks, like illegal surveillance, cannot be left unchallenged. "We are often the object of such cyber attacks," he told The Straits Times.

A number of social media users in Indonesia cheered the hijacking of the Australian sites, which bore messages that read "Stop spying on Indonesia", alongside a masked image of 17th-century rebel Guy Fawkes, who was arrested on Nov 5, 1605, for trying to blow up the English Parliament.

The mask has become a protest symbol against politicians and has been adopted by the international Anonymous movement, which pledged to carry out more attacks today.

In Australia, targets of its hacking ranged from websites of children's charities and small businesses to a hospital and humanitarian organisation.

Speaking to reporters at Indonesia's Foreign Ministry, Dr Marty also had tough words for the US and Australia.

Last week, documents from National Security Agency whistle-blower Edward Snowden said both countries ran surveillance operations from their embassies in Jakarta. On Sunday, a newspaper report said both mounted a joint surveillance mission on Indonesia during a 2007 conference in Bali.

Both countries, Dr Marty said, would neither confirm nor deny these allegations.

"We must assume that such activities are taking place unless we are able to obtain explicit assurance that they are not taking place," he said. "They should be able to say, henceforth, they're not going to do it any more. Enough is enough."

Indonesia, Dr Marty announced, would join Germany and Brazil in asking the United Nations to adopt a draft resolution to end excessive electronic surveillance.

It would also review its information-sharing arrangement with Australia and the US, he added, saying: "If they do their information gathering outside the formal channels, then what is the point of having these?"

Police probing hacking of ST website
Fourth attack by culprit claiming to be linked to Anonymous group
By Bryna Singh, The Straits Times, 2 Nov 2013

THE police are investigating yet another cyber intrusion after part of The Straits Times' website was hacked into early yesterday morning.

The person behind the attack, who identified himself as The Messiah, had hacked into a webpage that carried blogs by the newspaper's reporters.

He claimed he was unhappy with a "misleading" report published yesterday on the threat made in a YouTube video by the Anonymous group of hackers.

They claimed that they would hit out at Singapore's infrastructure if the Government did not reconsider the regulations of the licensing framework on news sites.

The police are looking into this video, which threatened to "go to war with you (the Government)", the Straits Times report said. editor Eugene Leow said he was alerted to the intrusion at about 7am, and steps to remove the affected section were taken immediately.

"At no point was our main site affected," he said.

A spokesman for Singapore Press Holdings added that the "paper stood by its report, and reporters", and the matter was reported to the police, who are investigating.

This is the fourth time that the culprit, who claims to be part of the global hacker group Anonymous, has hit local websites since September.

In September, The Messiah had defaced City Harvest Church co-founder and singer Ho Yeow Sun's website.

Last month, pre-school operator PAP Community Foundation's website was also hit - purportedly by the same hacker, who posted a message demanding a "proper investigation" into an incident at one of its centres which involved a baby being allegedly scalded by hot coffee.

And on Monday, the Ang Mo Kio Town Council's website was targeted in an act directed at one of the constituency's MPs, Mr Ang Hin Kee.

The website has since been restored.

Mr Leow said readers with issues about stories in the newspaper had several channels to voice their concerns, such as the newspaper's hotline, letters to the Forum, or the ST Readers' editor.

"So there is really no need to resort to the criminal act of hacking."

The Straits Times reported yesterday that the Government IT Security Incident Response Team has sprung into action, following the threat issued by the Anonymous group on YouTube.

The unit - set up to coordinate responses to a cyber intrusion - has reportedly alerted government agencies about potential hacks stemming from the video.

It's an attack on you
By Melvin Singh, The New Paper, 2 Nov 2013

This is addressed to You, the silent majority online who do little when netizens break laws.

Offline, it's a different story. When Jemaah Islamiah's plans to attack infrastructure here were exposed in 2001, you reacted with disgust and concern.

But you are dismissive of online criminality. When a hacker, named "The Messiah", loudly proclaimed his Intention to launch a cyber attack against the Government, you said little.

The few, including former journalist Bertha Henson on website Breakfast Network, and a writer on The Real Singapore portal, criticised the hacker's proclamations.

Others either distanced themselves from him without condemning his intentions and worse, on sociopolitical website TR Emeritus, egged him on and even thanked him for having the gumption to do it.

You, the silent majority, think it's not your business. You might even believe "The Messiah" and criminals like him should play judge, jury and executioner because the Government has failed to meet your needs.

You might be tempted to believe he's attacking the Singapore Government, not Singapore. That's naive.

This is him attacking you.

Last month, software company Adobe Systems was hacked and information relating to millions of customers, including encrypted credit or debit card numbers, were stolen. Your credit card details.

A month earlier, in Israel, criminals launched a cyber attack and immobilised a major road network, disabling key operations for two days. resulting in hundreds of thousands of dollars in damage. That's you, in a traffic jam.

An attack on infrastructure here slows down services and shakes confidence. More than 90 per cent of government-related services are available online and computer ownership and smartphone penetration are close to 100 per cent.

You live online. A cyber attack on the Government infrastructure is an attack on your way of life.

So what can you do? The first step is easy - don't encourage criminality. When netizens launch personal attacks, don't "Like" or forward the postings. Criminal defamation is a real crime.

When vitriol dominates and online vigilantes turn into a mob that targets individuals, be the voice of calm.

In September, two US teenagers tormented a 12-year-old online until she jumped to her death. Both have since been arrested and charged.

Next, support tough action against criminality. Crime taking place online is still crime, not anti-social behaviour.

But others need to voice their disapproval too. Law enforcement agencies must also send a signal loud and clear.

The self-claimed "Messiah" had hacked into the City Harvest Church website in September. A police report was made, but there was no word on the action taken.

Subsequent police reports were made when he continued his attacks on other sites. It is unclear If any action has been taken.

In the past, police action was swift and tough. In 2005, the Sedition Act was used against two young bloggers who were subsequently jailed for comments they made about Muslims.

In 2008, blogger and former Singaporean Gopalan Nair was jailed for "threatening, abusing or insulting a public servant".

Now it's largely police warnings, with one exception last year. In a first, a former engineer was jailed two months for an online posting inciting violence on National Day.

If you mollycoddle online criminality, people like "The Messiah" will grow bolder and more defiant.

Show him, if he hacks, he will get whacked."

Dialogue, not threats, the way to resolve issues

HACKER group Anonymous' threat to the Government's critical IT infrastructure is akin to a group of bandits taking over a town ("Government agencies on alert after hackers threaten attacks"; yesterday).

We should never allow our Government to be forced into a particular position as a result of coercion or threats.

While there may be much discontent with the new regulations requiring certain popular news sites to post a $50,000 bond, we should engage in meaningful discourse with the Government, regulators and representatives alike.

Even in the event that dialogues do break down, there are avenues within the legal system to adjudicate on the justness of the regulations.

One can easily apply for a judicial review on the relevant regulations, so as to have a final arbiter to decide the issue.

The maturity of our society is best reflected by how we handle divisive issues in a worthwhile manner. If we are really unhappy with a regulation, let us be circumspect about it and be open to dialogue.

By resorting to threats, Anonymous has failed to represent the behaviour and views of Singaporeans, but instead has chosen to foist its own liberal comprehensive doctrine on the rest of us.

We must question whether this is what we want of our society - to be held hostage to one particular ideology.

Desmond Chew
ST Forum, 2 Nov 2013

Hacking websites not democratic way to effect change

HACKER group Anonymous has posted an online video threatening to undermine key online infrastructure if the Government does not roll back its website licensing framework ("Government agencies on alert after hackers threaten attacks"; yesterday).

I am puzzled by its use of coercion to pursue "democracy". Its violent means run counter to its goal of a more democratic Singapore.

It is robust, persuasive public discourse that is an essential element of a democratic society. Ideas are accepted because people are persuaded by them and not because they are threatened to believe them.

There is no lack of peaceful and democratic means for Anonymous to push its case. Hacking websites and disrupting public services are not ways to achieve change in a democratic society.

The group ought to discard its militant means, take away its cloak of anonymity and make its case honestly and fearlessly.

Ultimately, our democratic process cannot and should not be short-circuited.

Anonymous' approach of coercion should roundly be rejected by society.

Let's speak up for democracy. Let's speak out against "Anonymous".

Muthhukumar Palaniyapan
ST Forum, 2 Nov 2013

No comments:

Post a Comment