Mindef cyber-attack sees data of 850 NSmen, employees stolen

Yahoo News SingaporeFebruary 28, 2017

ricky l

4 seconds ago

Wonder where is the source of attack?

ricky l

2 seconds ago

Wonder what will the hackers used the stolen data for?

Raymond

6 hours ago

Isn't it very clear... need CIA to tell you??? LOL
ricky l

6 hours ago

Wonder what will the hackers used the stolen data for?
Qian

6 hours ago

ask Snowden. Lol
Pict

5 hours ago

To apply for Employment Pass??
Jay

4 hours ago

To know how to start their terrex knockoffs..
tim

3 hours ago

this is a "ping" for those have military exercise with taiwan, prepare yourself & spore for further attack.....
Food4Thought

3 hours ago

yeah...where's the source?.....Mindef wants to know too....sigh....
ricky l

13 seconds ago

Not easy to identify the source.

For eg. a hacker can easily hack into say :-

(1) a client or a server which is low in security - by taking over them through RDP. And from this hijack client or server launch attack and hack the Web portal.

(2) or the hacker can break the security of an internet router, telnet or ssh in - and take over the router - and launch attack and hack the Web portal.

The hacker can be in Arctic, but can hijack the compromise client, server or router in Antarctic to hack the Web portal and steal the data.

But the security system can only detect the attack coming from Antarctic and not from Arctic.

So easy to find the source of hacking?

Not easy.
ricky l

3 seconds ago

Windows for eg. turn on so many "services" eg. remote access by default in different windows version - and hackers can easily hijack all these clients or servers and take control of it.
ricky l

13 seconds ago

Don't believe, check all your windows administrative tools to see whether your remote access is turn on?

It is turn on by default.

If not turn off, your notebook or PCs can be hijacked to hack others.
ricky l

13 seconds ago

Unless people from the Internet know how to harden their internet devices, clients, servers, routers, apps etc and turn off unwanted or dangerous services.

If not all internet devices can be hijacked to launch attack or be downloaded with botnets to launch attack.

Because many "services" by default are turned on - and can be exploited by hackers to hack others.
Alvin

4 hours ago

NRIC, Date of Birth and Telephone number, is it this a very important piece of data. NRIC number is one of userid for Singpass. Telephone number can cause harassment to the telephone number holder. Date of birth cannot be change.

What are the personnel going to do with their personal data leakage? This can cause those 850 person to have headache for sometime.

What is Mindef going to compensate those 850 personnel?

Why are those data store in the compromise server?
- ricky l
  
  12 seconds ago
  
  If no unique identifier, then how to do search?
  
  It will be even more devastating if those info. are stored in the backend database - and the Internet front-end web portal got to retrieve it all the way.
  
  Thinking allow, should unqiue number be assign to NSmen to replace the need to keep name, IC no. and telephone (to be the unique identifier)?
  
  Then even if the unique number is stolen from the web server, it is meaningless to the hackers.
- ricky l
  
  13 seconds ago
  
  Also wonder how this hacker retrieve the data from the front-end web server data storage?
  
  Is it through :-
  (1) SQL injection?
  (2) cross-scripting?
  (3) phishing?
  
  WAF (Web Application Firewall) - will have prevented the above hacking technique - couple with good coding technique.
- lim kopi
  
  8 minutes ago
  
  don't play play hor , spore is a smart nation which mean they know they kena attack soon after .
  ricky l
  
  3 seconds ago
  
  Hai yah, Host IPS, IDS - will have detected any anomaly or intrusion.
  
  No rocket science.
  
  ricky l
  
  3 seconds ago
  
  And with SIEMs - Security Intrusion and Events Management System - will have picked up the intrusions or anomaly very quickly when a pattern of intrusions emerged.
  
  FAQ: How MINDEF's Internet system could have been breached and by whom
  
  Posted 01 Mar 2017 08:00
  
  File picture of a man looking at computer code. (Photo: AFP/Thomas Samson)
  
  ENLARGE
  
  CAPTION
  
  323
  
  Email
  
  More
  
  A
  
  A
  
  SINGAPORE: Professionals with substantial resources and skills likely carried out the breach in one of the Ministry of Defence's (MINDEF) Internet-connected systems - but MINDEF may never get to the bottom of why it had been attacked, or by whom exactly, a cyber security expert told Channel NewsAsia on Tuesday (Feb 28).
  
  The breach resulted in the theft of personal data belonging to 850 national servicemen and employees, although no classified military data was stolen.
  
  Channel NewsAsia put some key questions about the breach to cyber security firms.
  
  Q: How serious is the attack?
  
  Only limited amount of personal information from 850 users were exposed, pointed out CyberArk's Jeffrey Kok. He called it a "small incident", contrasting it to the severity of breach suffered by US health insurer Anthem in 2015, where hackers stole the personal information of 78.8 million people.
  
  However, Dick Bussiere of Tenable Network Security added that stolen personal data is often sold by cyber criminals in a large underground black market, and each type of data can be sold for various purposes.
  
  Q: MINDEF said that the breach was not the work of criminal gangs or casual hackers. What are the tell-tale signs?
  
  Based on the choice of target and modus operandi, it is possible to eliminate the types of culprit in any attack, said Mr Kok.
  
  He noted that cyber criminals and gangs are predominantly profit-driven, which does not seem to be the case here, as there are few financial assets and little information to be gained.
  
  Hacktivists typically launch cyber attacks to send a message and claim credit - and as no one has come forward to claim credit or spread a message, this is similarly unlikely.
  
  Based on the amount of effort, time and skill needed to pull this off, Mr Kok also ruled out casual or opportunistic hackers.
  
  "By elimination, it's likely to be professionals with substantial resources and skills to carry out this type of attack," he said.
  
  Q: How difficult will it be to track down the culprits?
  
  It has become more difficult to pinpoint who is responsible for an attack, as tools and techniques are widely distributed, shared, studied, used and reused, said Mr Kok.
  
  "It has become next to impossible for an organisation to know why and by whom it may have been attacked."
  
  Q: What can be done to prevent a replay of such a breach?
  
  The proactive and continuous monitoring for vulnerabilities, misconfigurations and active threats is essential, said Tenable's Mr Bussiere.
  
  However, CyberArk's Mr Kok asserted that there is no silver bullet to prevent data breaches. "Chances are that MINDEF has already implemented the necessary strategies to prevent something like this from occurring," he said.
  
  He pointed out that cyber threats facing companies today require a new security approach, which assumes that the attacker has already breached the network.
  
  "Once this assumption has been made, companies can focus on the potential risks by identifying the particular data and systems on the network that are most likely to be compromised and which ones would be the most devastating to have infiltrated," he said.
  
  "This allows companies to prioritise the discovery and subsequent lockdown of privileged accounts and administrative credentials needed to access these sensitive assets and limit attacker movement once they have made it within the network."
  
  - CNA/dt