The two waves of cyber attacks that brought down Internet surfing on StarHub's broadband network last Saturday (Oct 22) and on Monday (Oct 24) came from the bug-infected machines of the telco's own customers.
These are the latest findings revealed at a hastily-called press conference organised by StarHub on Tuesday evening (Oct 26).
On the two occasions, many home broadband subscribers could not surf the Web for about two hours each owing to a spike in traffic to StarHub's Domain Name System (DNS).
StarHub chief technology officer Mock Pak Lum said: "Cyber security is everyone's responsibility and not just that of telcos, the Government and service providers."
A DNS is a directory that maps Web addresses such as www.abc.com to a machine-readable string of numbers to connect Internet users to websites.
When the DNS is not operating optimally, users may not be able to access the websites.
On those two occasions, subscribers' bug-infected machines turned into zombie machines that repeatedly sent queries to StarHub's DNS, overwhelming it.
This is known as a distributed denial-of-service (DDoS) attack.
As the traffic came from its own subscribers, they appeared legitimate.
But StarHub employed mitigation tools that filtered out traffic from the hijacked machines and increased its DNS capacity to restore its broadband services.
It maintained that the security of customers' information was not compromised.
The two incidents came hot on the heels of a similar DDoS attack last Friday against United Stated-based DNS service provider, Dyn.
A piece of malware called Mirai reportedly infected traffic cameras, which turned them into zombie machines that overwhelmed Dyn's DNS.
That resulted in a massive Internet outage on the east coast of the US, cutting off access to websites ranging from the New York Times website to music streaming service Spotify.