Hackers broke into NUS, NTU networks in search of government, research data

The two attacks, discovered last month (April), against NUS and NTU, are the first sophisticated attacks against universities here.
The two attacks, discovered last month (April), against NUS and NTU, are the first sophisticated attacks against universities here.PHOTO: NUS / NTU
The two attacks, discovered last month (April), against NUS and NTU, are the first sophisticated attacks against universities here.
The two attacks, discovered last month (April), against NUS and NTU, are the first sophisticated attacks against universities here.PHOTO: BLOOMBERG

SINGAPORE - Persistent hackers have broken into the networks of two universities in Singapore in a bid to steal government and research data.

The two attacks, discovered last month (April), against the National University of Singapore (NUS) and the Nanyang Technological University (NTU) are the first sophisticated attacks against universities here.

At a press conference on Friday (May 12), the Cyber Security Agency (CSA) of Singapore said the attacks were carefully-planned and were not the work of casual hackers.

"We know who did it, and we know what they were after. But I cannot reveal this for operational security reasons," said Mr David Koh, chief executive of CSA.

CSA would not say what the hackers made away with, but noted that no classified data was stolen as the universities' systems are separate from government systems. Student personal data was also not stolen.

The intrusions were detected when the universities ran their regular system checks - on April 19 for NTU, and April 11 for NUS.

  • What are advanced persistent threats (APTs)?

  • - Hackers gain unauthorised access into and lurk within computer networks undetected for a long period of time.
    - Sophisticated techniques using malware are typically deployed to exploit vulnerabilities in systems in such attacks.
    - Malware can be introduced when computer users plug infected portable storage drives into the network, or click on infected links embedded in e-mail messages.
    - Once the malware is planted in the network, hackers remotely monitor and extract data from the target network.
    - The Straits Times understands that the hackers executed the attacks from overseas.

Both universities alerted CSA, after which forensic investigations ensued.

The breaches were said to be advanced persistent threats (APTs) in which hackers gain unauthorised access into and lurk within computer networks undetected for a long period of time.

Sophisticated techniques using malware are typically deployed to exploit vulnerabilities in systems in such attacks. Malware can be introduced when computer users plug infected portable storage drives into the network, or click on infected links embedded in e-mail messages. Once the malware is planted in the network, hackers remotely monitor and extract data from the target network.

CSA would not say how long the perpetrator had been lurking in the NUS and NTU systems, but said that the affected systems have since been removed.

The hackers were said to have executed the attacks from overseas.

In a Facebook post on Friday, Communications and Information Minister Yaacob Ibrahim urged everyone to do their part to defend important data. For instance, individuals can practise good cyber hygiene.

"As we become more digitally connected, such threats will continue to increase in sophistication, and both public and private sector organisations are equally vulnerable," he said.

In a statement, NTU said it takes cybersecurity and data integrity seriously and has since tightened "security controls at all levels". It said it will also continue to educate employees and students to remain vigilant.

NUS said it is working with consultants to enhance its surveillance and system defences. "This incident highlights the rising sophistication of cybersecurity attacks, and the need for heightened vigilance," it said in a statement.

 

Mr Aloysius Cheang, executive vice-president of global computing security association Cloud Security Alliance, said that the hackers may have been drawn to NUS and NTU because they are top universities. "There is definitely valuable research data of commercial value."

He added that the hackers may have also assumed that the universities' databases had links to government systems.

CSA added that it had not noticed signs of suspicious activities in critical systems or government networks. But it has advised other universities and critical sectors such as energy, telecoms and finance to step up on security efforts.

The NUS and NTU breaches come on the heels of the theft of the personal details of 850 national servicemen and staff at the Ministry of Defence (Mindef), discovered in February.

Similarly, the Mindef cyber attack was also targeted and possibly aimed at accessing official secrets.