14 DAY TRIAL // Shortly after he threatened the Anonymous hackers who plan on attacking the Singapore government, the official website of Prime Minister Lee Hsien Loong was “defaced” by hacktivists.
According to Singapore’s Infocomm Development Authority (IDA), the attackers leveraged a cross-site scripting (XSS) vulnerability in the search subpage of the prime minister’s website to display a message. A similar security hole was leveraged to deface the website of Istana, the official residence and office of the president of Singapore.
“Anonymous SG was here [expletive]. It’s great to be Singaporean today,” the hackers wrote on the prime minister’s website.
On the presidency’s website, the hackers wrote “jiak liao bee,” a Hokkien slang that means “good for nothing.”
“Both the PMO and Istana main websites are still working, and we will restore the compromised pages as soon as possible. The matter is under investigation,” IDA stated.
The organization says that it will continue to improve the security of government websites and warns that some of them might become temporarily inaccessible during the process.
Several Singapore government websites have been taken offline over the past few days. Some hackers are taking credit for the downtimes, but IDA claims that the sites have been shut down for maintenance.
Singapore’s prime minister threatened Anonymous just before they targeted his website.
“When somebody threatens to do harm to [our IT network], we take that very seriously and we will spare no effort to try and track down the culprits and if we can find him, we will bring him to justice and he will be dealt with severely,” he said.
Over the past period, Anonymous operations against governments have intensified. The most notable attacks have taken place in the Philippines where around 40 government websites have been targeted. It remains to be seen if the security improvements made by Singapore will prevent hackers from causing damage.
Update. Many reports falsely say that the websites of the PMO and the presidency have been hacked. Trend Micro has published a blog post to explain how XSS attacks work.