The list of hacked websites just keeps getting longer. The Istana website, official cyber-domain of Singapore’s Presidential Office, is the latest high-profile casualty. The Singaporean police have arrested two suspects, who have been charged under the Computer Misuse and Cybersecurity Act, punishable by up to five years in prison.
The hacking took place on 8th November when the suspects, Delson Moo and Melvin Teo, initiated multiple XSS attacks on the website. The Infocomm Development Authority of Singapore (IDA) admitted that lots of important content was lost due to the hacking.
The first suspect is a 42-year old businessman from Singapore, while Teo is just a 17-year old local student. The duo met randomly on Facebook, started chatting and before long their casual acquaintance blossomed into a full-fledged professional hacking partnership.
Moo and Teo allegedly gained access to the Istana website via the search function vulnerability. The results were disastrous – defaced pages and disabled features, uploading of insulting content in Hokkien and also the planting of offensive photos. A classic Cross-Site Scripting vulnerability hacking incident.
“A stupid mistake,” Moo told reporters. “My hand was itchy and I got myself into trouble.”
Both hackers have been released on bail and now anxiously await their trial which is scheduled to start on Jan 24, 2014. First-time offenders in Singapore can receive up to three years of imprisonment, while people with criminal records can be punished with a maximum of five years in jail along with a fine of $20,000.
Cyber-crime in Singapore has been on the rise lately, with numerous cases of XSS and SQL Injection attacks on government and commercial websites alike. As a result of the hacker onslaught, The Monetary Authority of Singapore (SAS) now officially requires all FIS in the country to implement Source Code Analysis (SCA).
Source – Istana Website Compromised
Sign up today & never miss an update from the Checkmarx blog
Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.
Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.