Sunday, November 10, 2013

Trophy targets in a cyber war: A look at Anonymous Singapore (Anonymous SG) versus the Singapore Government

In the real world and the cyber world, there are trophy targets whose well being exerts an influence in the battlespace out of all proportion to the actual action taken against it.

In the digital battlespace, websites for the Singapore President and the Singapore Prime Minister's Office (PMO) are, arguably, trophy targets with a high prestige value.

Both were hit by cyber intruders on Friday, with online activist(s) from Anonymous claiming bragging rights for the handiwork. These developments should leave Singaporean security watchers no doubt as regards the credibility of their online statements as Anonymous has flexed its ability to match words with deeds.

Making a point
The Anonymous group had earlier declared "war" on the Singapore Government for its stand on the licensing framework for news websites. This could have led to a heightened state of alert last weekend when a number of government-linked websites were taken offline for what has been officially described as "planned maintenance".

The 5th of November - Guy Fawkes Day - was supposed to be D-Day when Singapore government websites could expect an online assault.

On Wednesday 6 November, Singapore Prime Minister Lee Hsien Loong pledged that no effort would be spared to find hackers who threatened Singapore's online networks. PM Lee made the comments on the sidelines of a counter-terrorism exercise for real world scenarios.  His warning to hackers was given strong play by the mainstream media and was carried on Page 1 of The Straits Times.

We did not have long to wait for the other shoe to drop.

On Friday 8 November, Anonymous responded with visits to the Istana and PMO websites.

We would probably never know if the action taken by Anonymous was triggered in response to, or executed in spite of, comments made by PM Lee.

Credible opponent(s)
If Anonymous read PM Lee's remarks and then launched the intrusion as a counter strike amid a climate of heightened vigilance by Singapore's cyber sleuths, this says a lot about their spunk, technical prowess and fighting spirit (or audacity, depending on your point of view).

Had Anonymous planned all along to hit the websites anyway, this says even more about the capability of the group to plan, organise and execute a campaign strategy using a pre-determined list of targets which they may have scouted beforehand for weaknesses worth exploiting. This second assumption, in our view, elevates the capability of the group as it indicates their ability to conduct mission planning, probably rehearsals and that the group recognises the concept of a strategic centre of gravity by hitting trophy targets.

Anyone can issue a statement online. But to follow up with direct action so soon after by walking right into the Lion's den to make a point is something else altogether.

What's more, the point made on a PMO webpage was delivered succinctly in Tweet-compliant verbiage. No long, rambling manifesto ala the Unabomber. Just a pointed message that hit the right nerves. From a public relations standpoint, the terse taunt on the PMO website was a PR masterstroke  - because it soon went viral.

The red faces that probably ensued make this episode a classic example of asymmetrical action where a non-state actor forces a country to take remedial action that results in a high financial and manpower penalty vis-à-vis the effort needed to stage the intrusions.

For officialdom to reason that the Anonymous action failed to disrupt or degrade online services furnished by government departments misses the opportunity to reassure Singaporeans that they are on top of things.

If you care about Singapore, you may realise such assurance is important as it appears Anonymous now holds the initiative in the online tussle. They hit trophy targets and have done so with impunity.

The InfoComm Development Authority (IDA) Assistant Chief Executive James Kang told the Today newspaper:"Were genuine users being affected? No. The integrity and operations of the websites have not been hijacked."

The IDA's point of view is factually correct. But are we to be reassured by this? The authority could have done more to address why a full scale alert failed to deter, degrade or disrupt outside interference in trophy websites.

Mind you, this was no Pearl Harbor surprise attack launched from out of the blue.

Anonymous went on Youtube to deliver a statement of intent, even helpfully narrowing down its target sets to  government websites. So the war warning would have been received in good time (hopefully) and our cyber defences would have come online, fully mobilised in anticipation of trouble.

Instead, we get tech-speak from IDA.

Mr Kang added:"At any one time, there are thousands of vulnerabilities... no organisation will be 100 per cent... If we cannot prevent, then we must detect fast. It's all about minimising the impact and protecting data, services."

The Today article noted that the attacks on the Istana and PMO websites were discovered within 15 minutes and the pages were taken down within an hour.

Readers who are not tech-trained can only take Mr Kang's statement about "thousands of vulnerabilities" at face value.[Note: Ironically, only Anonymous knows the true value of his statement....]

Wither the Cyber Defence Operations Hub
We may not be tech-savvy but from a strategic studies and PR point of view, we can say that fallout from this affair will affect the Ministry of Defence and Singapore Armed Forces (SAF) the next time it has to showcase its cyber defences.

Why, you may ask?

Because this episode appears to be fronted entirely by IDA. What role, if any, does MINDEF/SAF Cyber Defence Operations Hub serve in safeguarding Singapore from Anonymous? The grandly named hub was announced by Minister for Defence Dr Ng Eng Hen on 29 June'13, as part of his interview for SAF Day.

Thus far, not a word has been shared... and one wonders why. Perhaps opsec due to ongoing operations?

If you are charitable, you could form the mental picture of SAF Cyber Defence Operations Hub operatives working tirelessly behind the scenes, burning their weekends as part of an All Of Government task force, tracking down the electron trail which will lead men in black to the door of Mr or Ms Anonymous, ready to make a forced entry and bring the show to a forceful close.

But there's another scenario more worrying to consider. This assumes the Cyber Defence Ops Hub is a benchwarmer with little or no active part in all this unless Cyberpioneer is hacked. This would make an interesting talking point on the level and extent of inter-ministry cooperation when the websites chips are down.

The silence will hurt the credibility of the Cyber Defence Ops Hub the next time MINDEF/SAF parades them to the media, because people may ask why they didn't swing into action when most needed by our country.

War has been declared. The attacks have started. What more are you waiting for?


Anonymous said...

This is as much an issue with MDA as it is with the PAP. Everyone knows how self-censorship works. And as much as I detest the PAP, I cannot in good faith endorse attacks on the country in this manner. If it were personal attacks, you would probably find me secretly cheering from the sidelines, but not at this current point in time.

Sgcynic said...

If the upshot of this hacking episode is that Singapore cannot deal with individual hackers, it is then worrisome how the country can defend itself against determined organised cyber attacks from other countries and how effective will our 3G ICT-based SAF be when it comes to the crunch?

Anonymous said...

I can imagine Hsien Loong and his clique flying into a rage and fuming in their sleep.

I am just worried about the psychological effects on him. He might personally perceive it as a test of wills against the non-PAP camp, even if he publicly declares that he is opposed by only a very small minority. He might retreat further behind his walls and enact policies from there, which is not good for any of us.

Anonymous said...

My PE teacher say that time he is involved in the SQ 117 hijack. First they call in the Commando then call in the Guards then call in the infantry to surround the aircraft. My teacher that time is serving his national service in the Guards. He is the first to storm into the aircraft and he shoot all the terrorist.

Anonymous said...

Yes the real issue is the credibility of the ministries involved and the government. To the lay-man the term hack brings to mind penetrating an impenetrable fortress. They do not understand that the attacks so far have been more of acts of vandalism on the wall of the impenetrable fortress. But they have generated good PR for Anonymous and gang. The way the ministries have handled this situation is downright silly. A group has declared war on the government, and instead of telling the people we've got the right people on the job, they've hid behind technical jargon.
OPSec is one thing but shouldn't the people know that the Singaporeans sons we have tirelessly trained for times of war are being put to the task?

Considering how cyber attacks are now legitimate way of causing destruction to property and damaging of infrastructure(case in point Stuxnet), I would really love if David you could perhaps write a piece with a view from IT security experts from in and around Singapore.

Anonymous said...

It was a select few from the SOF that stormed the hijacked aircraft and killed the hijackers. SOF members were selected from the CDOs.
At that time, there were no Guards units - now elite infantry?

Anonymous said...

I'm not sure if the cyber defence ops hub was meant to tackle these Anonymous-type threats (would that include watching over the Straits Times, the official site of City Harvest pastor’s wife Ho Yeow Sun, Converse Singapore and pre-school Carpe Diem which got hacked?)

From earlier reports, it seemed like the hub was designed to watch over military networks. So it does make some sense for IDA to watch over other cyber-security issues so the cyber defence ops hub can focus on more critical business.

See, it says...

"A new centralised, round-the-clock Cyber Defence Operations Hub has been established to create a more robust defence for Singapore's military networks, Defence Minister Ng Eng Hen said last Saturday.

Speaking in a media interview ahead of Singapore Armed Forces (SAF) Day today, Dr Ng said the ops hub will help to develop expertise to combat evolving cyber threats, which can not only disrupt the military's front- and back-end systems, but civilian water and electricity grids as well.

The ops hub will carry out day-to-day cyber-defence operations to detect, identify, contain and neutralise cyber threats to the country's military networks. It will be able to quickly recover the networks, too, if needed."

bob villa said...

On the SQ 117 hijack, would the man on the scene please let us know what weapons the hijackers had with them ,other than the fake bomb .
What kind of weapon they manage to sneak on board?.
I hope to get a first hand account, from the person who claim as part of the boarding team.

AnonymousMasses said...

Not every country will be able to have the brightest minds in "cyber space".

Clearly certain countries will have (by numbers or otherwise) massive advantages.

And by that, if they wanted to wage and win against a second tier capable country, they will.

Thereby, exactly how secure can the SAF/Singapore feel about the cyber security?

MINDEF, Singapore said...

Dear Mr Boey, to clarify, the Cyber Defence Operations Hub is established to defend MINDEF/SAF military networks against cyber threats.

David Boey said...

"Dear Mr Boey, to clarify, the Cyber Defence Operations Hub is established to defend MINDEF/SAF military networks against cyber threats."

Dear All,
The above comment is from MINDEF Singapore. Have established it is bona fide.

Best regards,


The said...

The hijack of SQ117 - the only "weapons" wielded by the terrorists were knives from the aircraft and some fireworks (or fire crackers) were.

Anonymous said...

When a steward was pushed onto the tarmac from the aircraft, the SOF stormed the airplane. In other words, when a person was hurt seriously, the hijackers got a robust response.

Anonymous said...

The hijacks only armed with simple home made fire crackers which cannot even harm a fly. To think Singapore need to use SOF!!!!

Delta Whiskey said...

In reply to Anon @ November 11, 2013 at 8:36 PM;

If not the SOF, who do you think we should have used? Perhaps we should have issued you a weapon and asked you to do it?

No harm with using the most efficient and well-trained tool in the toolbox.

Delta Whiskey said...

Also, to be cynical about it, this sudden bringing up of SQ 117 smacks of purposeful comment derailment.

It has nothing to do with the topic at hand - cyber security - and this juvenile disruption is ironically being carried out on an online platform.

AhHuatFaceBookisSibehKilat said...

Eh I hear that Facebook guy Eduardo Severin shaking leg in Singapore.

Why not ask him help? Foreign talent mah? Maybe can qualify for new PR volunteer service? Kill two bord with one stone.

Some more got branding one. Is called outsourcing. Mindef like a lot

AhHuatgotGettingNervous said...

People nowsadays gahment want open dialgue.

You suka suka ask them to crack down?

Maybe Gahment damm clever, let 'Anonymous' go into system so can tracking.

You tink what? Our gahment so bochup meh?

Got even come and visit here leh.

bob villa said...

Anon, 11 nov 8.36, it the threat of a real bomb that got the bunch of 'hijerkers' a dose of 9mm double tap ,courtesy of the singapore SOF,. Please give credit where credit is due.
I don't think the zero casualty results ,would remain so if the those clown were armed with AK's

And Delta whiskey, there is a parallel betwen the cyber hijack of the PMO website and an the SQ 117 hijack.
It is the respones of the SG gov, that will be the highlight that everyone will be watching, even the neighbours are interested in its outcome.

Anonymous said...

To be honest, i think too much credit is being given to the cyberattack and while we can be abit cynical about the government's response, the MINDEF cyber defence is more concerned with cyber attacks that would affect Singaporeans in some way. Attacking the comment box of the PM's website hardly affects Singaporeans (aside from the ability to KPKB), so to state that "war is declared" is abit alarmist and overly exaggerated.

David Boey said...

Dear Anon 10:26 AM,
With respect, you are writing with the advantage of hindsight after the deeds were done, suspects caught and trotted out to the media.

The cyber war warning was picked up by the foreign media, which means outsiders will watch how our tech-reliant country responds.

Where we have failed is in deterrence. There are ample examples of how our computer forensics teams have tracked down cyber mischief makers in the past. But we failed to make clear the seriousness of the penalties meted out, or even naming offenders in past cases. So we pay the price for pussy footing and not using past cases to educate people about our computer forensic capabilities.

When deterrence fails, one should never be shy about a capability overmatch that ends up quashing the belligerents decisively and relentlessly.

Best regards,