Singapore Art Museum website hacked; MOM finds duplicate site

A screengrab of the duplicate website MOM discovered on Thursday. It features the same design as the Ministry of Manpower’s original official website and the TrustSG trust mark, although not all the links work.
A screengrab of the duplicate website MOM discovered on Thursday. It features the same design as the Ministry of Manpower’s original official website and the TrustSG trust mark, although not all the links work.

Singapore Art Museum and ministry file police reports

The Singapore Art Museum (SAM) found its website was hacked on Thursday, less than a month after information on 4,000 people on its online mailing list was compromised.

This came on the same day that the Ministry of Manpower (MOM) filed a police report after discovering a duplicate of its website, also on Thursday.

A SAM spokesman said it was alerted by the Infocomm Development Authority (IDA) on Thursday that SAM was among a list of 1,500 "vulnerable websites" that was published on the Internet.

Internal checks uncovered links that had been added to a page on the SAM site directing visitors to another website, but they were dead links.

The museum immediately removed the links and lodged a police report.No data was compromised, said the spokesman.

The SAM website was taken down briefly to retrieve the affected files and eventually restored by 9pm last night.

This latest cyber intrusion comes even as SAM beefs up security of its site, after data including names, e-mail addresses and phone numbers were taken from its online mailing list and illegally published on a New Zealand-based storage website for at least two hours on Nov 5.

"It is an ongoing process. It takes some time," the spokesman said about the security measures.

Meanwhile, the fake MOM site, www.momgov.sg, was still accessible at press time. It features the same design as the original and the TrustSG trust mark, although not all the links work.

In a post on Facebook yesterday, Acting Minister for Manpower Tan Chuan-Jin said the public should use only the official MOM website - www.mom.gov.sg.

He also advised them to pay attention to punctuation: "A full stop makes all the difference", he wrote.

"At the same time, we would also like to assure everyone that access to the official MOM website remains unaffected, and no data has been compromised," he added.

The official site links the public to MOM e-services, where they can apply for work permits online, view foreign worker levy bills and pay fines and bills.

The fake site directs users to what appears to be the real site and in some instances, dead links.

An MOM spokesman said "there are measures to protect the MOM website".

This incident follows a series of cyber attacks since mid-October that resulted in several school websites being defaced and intrusions into websites belonging to the Ang Mo Kio Town Council, Istana and the Prime Minister's Office.

Five people have been arrested and three have been charged over these incidents.

melodyz@sph.com.sg