IDA: PMO and Istana websites not hacked, but compromised

Singapore

THE websites of the Prime Minister's Office (PMO) and Istana were not hacked but were compromised, the Infocomm Development Authority of Singapore (IDA) said yesterday.

A vulnerability in the Google Search bar embedded on the websites' subpage had been exploited by unknown parties in two attacks, the IDA said. These were detected within 15 minutes of their occurrence - the first one late on Thursday night and the second one 20 minutes past midnight yesterday.

Within an hour of discovering the attacks late on Thursday night, the search function on the affected subpages was disabled.

BT understands that a patch addressing this particular vulnerability for the embedded Google Search bar had existed, but it had not been applied by the time of the attacks. The patch is currently being applied across government websites.

"Both the PMO and Istana main websites are still functioning, and restoration of the compromised subpages are under way," the IDA said yesterday.

The attack was designed in such a way that a user looking for website content through the embedded search bar would have been brought to a page of search results, some of which would have contained Web links to a page hosted elsewhere.

This page would have resembled the PMO or Istana website with additional images to create the impression of defacement, the IDA said. One of the images had been the Guy Fawkes mask, used by the Anonymous group, a hacking collective.

Yesterday, security software firm Trend Micro echoed the IDA's stance on the matter, saying, "The attack was not a result of a hacking attack, but an exploitation of vulnerability within the website."

"The exploited URL was broadcast across various social networking sites including Twitter, Facebook and more, implying that the PMO website has been defaced. With the exploited link referencing to PMO website's official URL (www.pmo.gov.sg), when clicked on, unsuspecting visitors and consumers were tricked into thinking that the exploited link was a real defaced-PMO website," Trend Micro said yesterday.

Last week, individuals claiming to be part of Anonymous urged Singaporeans to mount a protest on Nov 5, which was Guy Fawkes' Day. While the date had passed without apparent incident, the IDA revealed yesterday that there had been "unusually high Internet traffic" to many government websites throughout Nov 5.

"This was indicative of attempts to scan for vulnerabilities or potential (distributed denial-of-service) attempts," it said.

The attacks on both websites are being investigated by the IDA and the police.

"We will continue to strengthen all government websites. This includes the checking and fixing of vulnerabilities and software patching. While this is in progress, visitors to government websites may experience intermittent problems with access," it said.