The Cyber Attack on the Singaporean Government: part 1

OK much has been said in the last few days on the Anonymous Cyber Attack on the Singapore government's websites, I was waiting to see how the story develops before offering my perspective but given what has happened so far, I would like to offer some of my thoughts. Firstly, I think it is a storm in a teacup really. Many Singaporeans have overreacted to this as it is unprecedented, at least in Singapore. There won't be a revolution in Singapore any time soon. It is one thing to hack into Sun Ho's website, it is another to take on the Singapore government. Or is it?

After all, a website is just a website as far as these hackers are concerned. Some companies spend a lot more money on cyber security protecting their websites and the amount of money spent is often proportional to the risk of being hacked. This is not rocket science really. When I was in Indonesia earlier this year, I saw some beautiful houses where the rich people lived - these were protected by high fences and walls, razor wire, CCTV, elaborate alarm systems, guard dogs and often a security guard keeping intruders out.  Then there are the poor people who live in the slums and they don't even have a lock on their front door because they own so little there's nothing to steal. And then there's everything in between: the equivalent exists on the web. Some websites are a lot better protected than others.

Now given the number of Singaporean websites that got hacked today, such as the Ang Mo Kio Town Council website, it is clear that the level of security on these websites are not particularly high - but why should they be? It is not like the AMK Town Council website is likely to contain any kind of sensitive information (such as pertaining to defence, which would be detrimental to Singapore if it got into enemy's hands) - the hackers evidently went for a soft target because it was there. There are plenty of other soft targets as well, but one wonders what can be achieved by going for these soft targets? After all, what happened in the case of the AMK Town Council was that the website was taken offline for several hours during a weekend - it is a temporary and minor inconvenience at best.

All in all, 19 government websites went down this weekend and some of them would certainly not be soft targets - such as the Singapore Police Force , the Ministry of Home Affairs and the Ministry of Finance. Many of these websites which were hacked have already been put back online again. What is astonishing is the way the IDA tried to claim, "Such planned maintenance is usually undertaken during the weekends and public holidays due to low expected website traffic. The maintenance took longer than expected, due to technical difficulties. Maintenance of the websites is progressively being completed. We apologise for the inconvenience caused." Whilst planned maintenance works do occur during weekends and public holidays, these disruptions are always announce in advance of the works, rather than after the works have taken place. It seems that at least part of this disruption is due to this hacking episode but the government is trying to deny it or at least downplay the extent of the hacking attack.

I know what you're thinking, "of course it's the hackers lah! So obvious lah, alamak!" But I think we need to move beyond that - what are the hackers trying to do? After all, the Singapore Police Force website is back online already as I am writing this, but what actually happened when these websites were hacked? We may never know, but let me give you an analogy. Imagine a group of burglars broke into your house and they spent about an hour in your house - how much damage you suffer depends on what they do whilst in your house? Did they help themselves to the food in your fridge? Did they steal all your valuables? Did they simply walk around, take a tour, rearrange your furniture and then leave a note to let you know that they managed to break into your house? I'm not sure we'll ever know what the hackers did manage to do to these websites they hacked as we don't know if their intentions is simply to send a message to the Singaporean government or if they really had the intention (and resources) to follow through with this attack and cause an even bigger disruption. Is this the end of the attack or are the hackers just warming up?

Is this the right way to challenge the government?

As for the hacking of the SPH website, at least they are making some kind of statement about the freedom of speech in Singapore and the way this whole story has been presented in the Straits Times: the hackers made it clear that this was an attack on the Singapore government (or quite specifically, the PAP) rather than Singaporeans or Singapore per se. However, SPH keeps reporting that this is an attack on Singapore, rather than on the Singaporean government. I don't think this is a particularly wise move in the face of a crisis when you're dealing with a hacker who obviously has the technical skills to cause a lot of disruption to the SPH's websites - rather, the right thing to have done would have been to attempt to engage the hacker(s) and get their side of the story, whilst trying to defuse the tension (rather than aggravate the situation). SPH handled this incident really poorly from a PR point of view.

On the lighter side, I was amazed at how many people jumped to the wrong conclusions after having watched the Youtube video released about this imminent cyber attack. The biggest misconception was that these hackers couldn't possibly be Singaporean because (and I'm not making this up) the voice in video did not have a Singaporean accent. LMFAO.ROFL. Good grief. Are these people for real? It is evident that some Singaporeans have never heard of text to speech converters. OK let's just try this okay, copy the following text in Singlish.

Text to speech converters do exist you know...

"Aiyah, you know Mrs Foong always liddat one lah, just bo chup her lah. She very bo liao, always want to kaypoh one. She ask you what happen you just act blur act blur lor, say you donno anything lah. Bo chup her lah! If you don't tell her, then she will go kachiaow someone else. But she harmless one lah, she just very big mouth one. She talk cock all the time one lah, nobody actually believe what she say one lah. Alamak, don't let her upset you, okay?"

Go to this website: http://text-to-speech.imtranslator.net/ and paste this text into the box - then simply click on "Say It". What you will then hear is a speech to text converted version of a statement in Singlish read with an American accent. There are currently no text-to-speech converters which have a Singlish or Singaporean accent setting yet - the options are usually British or American English. (Would anyone like to develop a Singlish version?)

Many Singaporeans are asking the wrong questions. 

But more to the point, is there anything to suggest that these hackers are not Singaporean? I don't know who they are - but there is no evidence right now to suggest what their nationalities are. But let me put this to you: if you are not Singaporean, if you are say from somewhere far away like Mongolia, Iceland, Morocco or Argentina - why would you want to launch such a brazen attack on the Singaporean government? What do you have to gain by putting the time, energy and resources into such a hack - knowing that you run the risk of severe punishment if you are caught?

Allow me to refer you to a group of British hackers who were caught in the UK earlier this year - their targets were PayPal, Visa and Mastercard, whom they saw as evil capitalists exploiting the world. Christopher Weatherhead, 22,  was part of "a campaign against PayPal that cost the firm £3.5m to repair." For his part in this cyber attack, Weatherhead was sentenced to 18 months in jail. Oh yes, let me state it clearly in very plain English: hacking is a crime. What these hackers are doing is a criminal offence and if they are caught, they will be arrested and probably jailed. One can only guess that Weatherhead was not careful enough to cover his tracks as he hacked PayPal's website - but most hackers do cover their tracks quite well to avoid detection because governments and big companies who are victims of such cyber attacks will use whatever means to try to bring these hackers to justice.

Hacking is a crime. You can go to jail if you're caught hacking.

It is a highly dangerous and risky game that these hackers are playing, the stakes are very high and unless you have a very good reason to launch an attack on the Singaporean government like that, it is just doesn't make sense for a non-Singaporean to pick a fight like that with the Singapore government. Such is the nature of one's relationships with governments around the world. You may not like the government of another country, but you have to recognize that in countries where there are free and fair elections, those governments are chosen by the people of that country. You may not agree with their choice, but you still have to respect the outcome of a democratic election. And by that token, whether you are a fan of the PAP or not, you have to accept the fact that they did win the 2011 general elections in Singapore with 60.14% of the vote. Such is democracy for you unfortunately, you may not always get what you want.

However, if you are living in a country where you do not like or support the government and indeed, the ruling party was not one you had voted for at the last elections - then that's when this frustration will grow and fester. I believe in the path of least resistance - so if you're not happy with the way things are in Singapore with the government, it is far easier to simply leave Singapore for another country, than to try to change the way things are. That's just me, I pick my battles - you may call me a coward, but I think that has got to be balanced with being pragmatic in life.

I picked the path of least resistance.

But there are people who do stay and fight, in order to try to change the system in their country. Take the protests in Istanbul this year that spread across Turkey, more than a hundred thousand people came out into the streets of Istanbul to protest against the government for weeks. The economy was Turkey was severely affected by the protests, the tourists and investors stayed away, businesses lost a lot of money - on top of that, thousands of people were injured, 10 people died and 9 are still missing after the protests.

Let me ask you this: if you were not Turkish, if you did not care deeply about the state of Turkish society, would you risk your life to go out and protest in the streets knowing that people were being killed and there were widespread reports of police brutality everyday? No, you wouldn't. The stakes are just too high - but it is only when you care so deeply about a cause that you would take such risks in order to make your voice heard. This is why I am pretty convinced that the people responsible for this cyber attack are indeed Singaporean - foreigners wouldn't want to fight this battle if it meant possibly going to jail for a long time if they did get caught hacking.

What we saw from Turkey earlier this year was shocking and what was most disappointing was the outcome - the Turkish government made some small concessions to appease the protesters but at the end of the day, there was no change in regime despite the fact that people died, thousands were injured and so many suffered so much hardship as a result of the protests: was it all for nothing? It's sad, when you think about all the brave people who went into the streets to try to make their country a better place. By that token, at least I am glad that some Singaporeans have chosen to use the internet as a means of protest - at least there will not be blood shed on the streets of Singapore and the worst that has happened so far is a minor disruption for those wishing to visit those websites which were hacked.

Like I said in my last article, Singapore is a society that has changed a lot in one generation because of the very high quality of education and the internet. Hence perhaps we shouldn't be surprised by the fact that this protest has manifested itself as a cyber attack rather than a more old fashioned street protest. And if they do manage to catch the person who did this, s/he would be led away in a dignified manner and we won't see any of that police brutality that we witnessed in Turkey earlier this year. Would all future revolutions be cyber ones?

That's it from me for now on this story. I'm sure we all will have plenty to talk about as it is still an evolving story - I am currently looking for an IT expert to interview about this to shed more like on the issue of hacking and I think I may be able to speak to the right person later on Sunday or Monday, so bear with me please as I get that interview for you guys. I'm not an IT expert and given that this is an IT story, I'd love to get an expert's opinion. Akan datang!

If you have any questions or comments about the issue or if you have any questions you would like me to put to my IT expert, please leave a message below  - many thanks for reading.

If you have a question about hacking, leave a comment below!