SINGAPORE (12/07/2010) - More information has come to light about the hacking attacks against Singapore Government and APEC officials at last year's Lion City meetings of the Asia Pacific Economic Cooperation Forum (APEC).
It has been revealed that there were at least seven waves of cyber-attacks between September and November 2009.
The revelations come in an article in the Singapore Ministry of Home Affairs Home Team Journal, prompting front page coverage in Saturday's (4 December 2010) Singapore Straits Times.
The Home Team Journal article which provided the details was written by Singapore Infocomm Technology Security Authority (SITSA) head Loh Phin Juay. SITSA has formed last year in the Lion City to develop a framework to provide a comprehensive incident reporting, response and escalation process to handle national level emergencies resulting from large-scale cyber attacks.
SITSA has also formed the National Cyber Incident Response Team (NCIRT), with cyber incident responders from various sectors making a team which will be activated should a large-scale cyber attack hit Singapore.
Emails impersonating officials
The article said that "purposing crafted emails, from attackers impersonating Singapore government officials of the APEC 2009 Organising Committee were sent to APEC officials and delegates of various APEC economies with the aim of infiltrating their computers and extracting privileged information."
"The attacks were highly targeted, focusing on members of the APEC Organising Committee and APEC delegates whose email addresses were published on various website or found within APEC mailing lists," the report said.
The article said that, in one of the first waves of Trojac attack, the perpetrators sent an email warning Singapore civil servants in the APEC meetings of impending terrorist attacks.
"The perpetrators further provided photos of supposed terrorists in a Microsoft PowerPoint document which was infected with malware. They played on the tightened security consciousness of the government officials to trigger and execute the malware, thus infecting the targeted computer systems."
The Home Team journal article said that "The malware used in these attacks were highly sophisticated and stealthy enough to evade the detection of most anti-virus programs."
Technically savvy perpetrators
"The perpetrators were technically savvy and demonstrated security consciousness," the Home team Journal article stated. "Other than deleting their traces in the infected computers after they had finished their operations, they also established anti-tracking operation set-ups, for example, their control servers were registered with fake names just prior to the attacks and likely to be used purely for controlled the Trojans and discarded after the attacks were completed."
The article said that analysis of the communication between the malware and the control servers led to dubious domain names and registrants.
This latest official article said the Singapore government suffered minimal damage from the attacks, however "the cyber-threat landscape is ever-evolving and we will not be seeing the last of such cyber attacks:.
"Lapses and complacency may bring about a 'Digital Pearl Harbour' to the nation."
"While it is not possible to prevent 100 percent of all attacks from succeeding, the key to minimizing and mitigating this increase number of sophisticated attacks and its consequences, is a holistic strategy that involves the cooperation of all stakeholders, in particular system owners, who must not forsake IT security measures and best practices because of reasons such as user-convenience and the east and cost of implementation," the article concluded.
Sign up for Computerworld eNewsletters.