By Lim Yan Liang, The Straits Times, 30 Nov 2013
THE Istana website was attacked four times by hackers in a span of minutes on Nov 8, a district court heard for the first time yesterday.
The cyber intrusions were said to have been committed by two suspects, who used a string of computer code to illegally access the website and cause it to display illegitimate images and insulting phrases.
Businessman Delson Moo and student Melvin Teo were each charged yesterday with two counts of unauthorised modification of the server which hosted the Istana webpage.
This, just over two weeks after they were first questioned by police over the hacking of the site.
The court heard that Moo and Melvin each made two successful and almost simultaneous intrusions just after 12.30am through the website's search box.
The court heard that Moo and Melvin each made two successful and almost simultaneous intrusions just after 12.30am through the website's search box.
At 12.33am, Melvin allegedly hacked into the site to display the phrase "Patrick Tan For The Win". It is not known who he was referring to exactly.
The 17-year-old then repeated the attack within the next few minutes and posted what appeared to be a caricature of himself and the phrase "Melvin Teo For The Win", over what the webpage would normally display.
Moo, who is 42, allegedly used a similar method to break into the the Istana site twice, starting at 12.34am that same morning.
On both occasions, he caused the webpage to display a picture of an old woman pointing her middle finger, along with a string of offensive words in Hokkien.
The charges against Moo and Melvin were not read together - both their charge sheets also did not bear each other's name, which means they would likely be dealt with separately.
The two are, respectively, the second and third suspects to be charged after the recent string of cyber attacks reported here. The first was James Raj Arokiasamy, the alleged hacker who used "The Messiah" pseudonym.
The 35-year-old, accused of hacking a town council website last month, has been remanded for further investigations. Police had said previously that Moo and Melvin are not linked to James Raj. The businessman and James Raj are both represented by lawyer M. Ravi.
Yesterday, Moo arrived at court accompanied by his wife and Mr Ravi, while Melvin was with his parents.
The 35-year-old, accused of hacking a town council website last month, has been remanded for further investigations. Police had said previously that Moo and Melvin are not linked to James Raj. The businessman and James Raj are both represented by lawyer M. Ravi.
Yesterday, Moo arrived at court accompanied by his wife and Mr Ravi, while Melvin was with his parents.
Melvin was released on $10,000 bail, but Moo's bail was doubled to $20,000 after he was granted permission to leave Singapore for a family holiday in Thailand next month. He will be required to report to the police within 24 hours of his return.
Both men declined to speak to reporters when approached.
The pre-trial conference for both their cases will be held on Jan 24.
Museum website hacked; MOM finds duplicate site
Singapore Art Museum and ministry file police reports
By Melody Zaccheus, The Straits Times, 30 Nov 2013
Singapore Art Museum and ministry file police reports
By Melody Zaccheus, The Straits Times, 30 Nov 2013
THE Singapore Art Museum (SAM) found its website was hacked on Thursday, less than a month after information on 4,000 people on its online mailing list was compromised.
This came on the same day that the Ministry of Manpower (MOM) filed a police report after discovering a duplicate of its website, also on Thursday.
A SAM spokesman said it was alerted by the Infocomm Development Authority (IDA) on Thursday that SAM was among a list of 1,500 "vulnerable websites" that was published on the Internet.
Internal checks uncovered links that had been added to a page on the SAM site directing visitors to another website, but they were dead links.
The museum immediately removed the links and lodged a police report. No data was compromised, said the spokesman.
The SAM website was taken down briefly to retrieve the affected files and eventually restored by 9pm last night.
This latest cyber intrusion comes even as SAM beefs up security of its site, after data including names, e-mail addresses and phone numbers were taken from its online mailing list and illegally published on a New Zealand-based storage website for at least two hours on Nov 5.
"It is an ongoing process. It takes some time," the spokesman said about the security measures.
Meanwhile, the fake MOM site, www.momgov.sg, was still accessible at press time. It features the same design as the original and the TrustSG trust mark, although not all the links work.
In a post on Facebook yesterday, Acting Minister for Manpower Tan Chuan-Jin said the public should use only the official MOM website - www.mom.gov.sg.
He also advised them to pay attention to punctuation: "A full stop makes all the difference", he wrote.
"At the same time, we would also like to assure everyone that access to the official MOM website remains unaffected, and no data has been compromised," he added.
The official site links the public to MOM e-services, where they can apply for work permits online, view foreign worker levy bills and pay fines and bills.
The fake site directs users to what appears to be the real site and in some instances, dead links.
An MOM spokesman said "there are measures to protect the MOM website".
This incident follows a series of cyber attacks since mid-October that resulted in several school websites being defaced and intrusions into websites belonging to the Ang Mo Kio Town Council, Istana and the Prime Minister's Office.
Five people have been arrested and three have been charged over these incidents.
2 men arrested over Istana site hacking
S'porean businessman and ITE student expected to be charged in court today
By Lim Yan Liang, The Straits Times, 29 Nov 2013
S'porean businessman and ITE student expected to be charged in court today
By Lim Yan Liang, The Straits Times, 29 Nov 2013
BUSINESSMAN Delson Moo and student Melvin Teo were arrested yesterday - more than two weeks after they were first questioned by police over the recent hacking of an Istana webpage.
The two Singaporeans, aged 42 and 17 respectively, are expected to be charged in court today for the "unauthorised modification of computer material under the Computer Misuse and Cybersecurity Act", said a police spokesman.
The spokesman did not release the names of the suspects. But The Straits Times previously reported that Mr Moo and Melvin were hauled up for questioning over the cyber intrusion of the Istana website.
This was after the police revealed on Nov 14 that two suspects were involved in the Istana attack, while two others allegedly hacked into the Prime Minister's Office (PMO) website on the same day - Nov 8. The two pairs are not connected to each other and did not act in concert, but "exploited a vulnerability of those sites to display pages from other sources", the police said then.
The Straits Times later learnt that the pair allegedly behind the PMO incident were brothers Mohammad Asyiq Tahir, 21, and Mohammad Azhar Tahir, 27. Both were arrested, but have since been released on police bail.
Their mother, who declined to be named, said on Wednesday night that her sons had moved out of their Tampines flat, and she was unaware of the developments in the case against them.
Police said yesterday that "investigations are ongoing for the PMO case".
Unlike the brothers, Mr Moo and Melvin were arrested only yesterday. They are believed to have been released on police bail, and will have to appear in court on their own to face charges today.
None of these four men is linked to James Raj Arokiasamy, whom court documents earlier identified as the alleged hacker who used "The Messiah" pseudonym. The 35-year-old accused of hacking the Ang Mo Kio Town Council website has been remanded for further investigations.
Melvin is an Institute of Technical Education (ITE) student. Mr Moo runs an online store selling baby products and women's clothes, and two IT-related firms.
Both active social media users, they became friends through Facebook. Both men declined comment when contacted last night. But Mr Moo said previously that he committed the offence in a moment of folly. He also admitted that he intruded into the PMO website, and it is believed he faces another charge for the act.
"It was purely a stupid mistake," he told The Straits Times on Nov 14. "My hand was itchy and... I got myself into trouble."
If found guilty, Mr Moo and Melvin may be fined - not exceeding $10,000 - or jailed for a term not exceeding three years, or both, said a police spokesman.