clever social engineering. i think they should expect that every big event in singapore, this might happen again. the ones responsible? chinese? usa?
‘APEC forum in S’pore was target of cyberterrorists’
Cyberterrorists launched crafty attacks aimed at stealing secret information from the computers of top delegates at last year’s Asia-Pacific Economic Cooperation (Apec) forum last year, says a new journal report.
The unknown group is said to be responsible for a series of seven attacks between September and November last year, with most anti-virus softwares proving ineffective in stopping their rampage, said an article in the Home Team Journal, a publication of the Ministry of Home Affairs (MHA).
This is the first time the ministry has revealed the details of a cyberattack here in Singapore. However, it did not mention the number of delegates – which included top local civil servants as well as foreign dignitaries — who fell victim to these attacks, nor did it account for what information was stolen, if any at all.
The Straits Times reported that the MHA has declined to share any more details than was already published.
The attacks were launched in the form of a Trojan, a malicious software that hides within a seemingly legitimate email, but instead facilitates unauthorized access of the victim’s information on the computer, such as documents and passwords. This happens when the user opens the attachment in the email.
The attack on the Apec forum happened just this way — through a Trojan attached to an e-mail — with the cyberterrorists impersonating Singapore government officials on the Apec organising committee.
Research on Apec-related websites and mailing lists were done by the attackers to acquire the necessary e-mail addresses that were useful to their cause.
In one such attack, Singapore civil servants received an e-mail prompting them to open an attachment which contained pictures of terrorists looking to sabotage one of the high-level meetings at the forum.
In another, the attackers posed as a genuine Singapore Apec official and sent out e-mail invites to an event which was listed on the programme.
This was not the first time such an attack has happened here, according to the author of the Journal article, Singapore Infocomm Technology Security Authority (Sitsa) head Loh Phin Juay.
Over a two-year-period from 2004, civil servants in various ministries were the victims of over 900 Trojan e-mails that enticed them to open the attachments due to the legitimacy and relevance of the information given in the e-mail.
The Apec attack, which had United States and Chinese Presidents Barack Obama and Hu Jingtao present, did not yield any visibly damaging consequences.
But it’s now known that these cyberterrorists are experts at what they do and that they have inside information to the details of Apec events that nobody in the general public would have known.
Authorities were unable to apprehend the culprits as they covered their tracks well by abandoning the computer servers used to send the Trojans — servers which they rented under false names.
This incident does not come as a surprise to public sector security specialists.
Mr Julian Ho of security firm ThinkSecure told ST,“In politics, there’ll always be some countries interested in what other countries are doing, and some of them will have no qualms lauching attacks to achieve these ends.”
Have any of the suspects been caught?
Though it is not mentioned in the Journal article, Mr Aloysius Cheang, another cybersecurity specialist, believes they are still at large.
“The difficulty of finding them is extremely high,” he said.
He went on to explain that not only do the authorities first have to identify the attackers — which will be extremely difficult considering their own security countermeasures — but bringing them to justice here may be tough as these cyberterrorists only target victims in countries without extradition treaties to where they live.
One thing is for sure: more of such attacks can be expected.
Mr Cheang concluded with a chilling analysis, “It’s going to be as common as spam e-mail and viruses.”
The truth is, an exposed and unprotected computer on the internet can be hacked within 3 mins of exposure.
The interesting part is how the hackers got the mailing list. =)
gosh