By J Prakash, Singapore Correspondent
A state of psychological war is now underway in Singapore with the city-state in a presumably lock down mode.
In a series of actions, Singapore’s military establishment found itself outflanked when hackers raided its cyber networks and stole data belonging to 850 servicemen.
A security blanket taut at its ends is now wrapping the city-state’s entire security apparatus. A defence ministry spokesman told Asia-Pacific Security Magazine (APSM) ‘we will not reveal for operational reasons to the attacker what we know’.
The breach was most visible in the I-net system says an announcement daubed over the website of Singapore’s Ministry of Defence – which it promptly disconnected upon detection of the breach. As an added precaution, all other computer systems are also currently being investigated. The attack on the I-net appeared to be targeted and was carefully planned, the Ministry said in its media release. What was most concerning was that it was an attempt to gain access to official secrets.
But the fortuitous separation of the I-Net from ‘our internal systems’ saved the Ministry from an embarrassingly awkward and potentially catastrophic situation. That could have easily entailed needless months of vexation and introspection.
Critical data such as details of weapon systems were not stolen, however what was taken were the names, telephone numbers and the national registration identity card (NRIC) numbers of military servicemen. The NRIC is a British colonial-era relic imposed during the 1960s as an identification kit to combat communist operatives who were then menacing the Malaya. It contains details of a person’s fingerprint impressions and address and has often aided the nation’s security officials and bureaucrats in the administration of safety and security in the nation.
Singapore officials are insisting that given the scale and the artful way in which the operation was carried out, suggests it was a well-planned and well-choreographed move pulled off with masterly expertise.
‘[The job] was ‘likely to be professionals with substantial resources and skills to carry out this type of attack’, said CyberArk’s Jeffrey Kok, senior director of Presales, Asia-Pacific and Japan.
By the manner the attack was led and launched, suggests in Kok’s words, that something of a tearing down of a Maginot Line of Defence.
He pointed out that cyber threats facing governments and companies today require a new security approach which assumes that the attacker has already breached the network. ‘Once this assumption has been made companies can focus on the potential risks by identifying the particular data and systems on the network that are most likely to be compromised and which ones would be the most devastating to have infiltrated’, he concluded.
MINDEF in the meantime, did not say what it will do to raise defences against attacks, only tersely saying it will stand ready to defend its cybersecurity defences for it expects such attacks to only but rise in the future.
