Sony hacking: Singapore 'among sites used by hacker group'

Pedestrians walk past Sony Pictures Studios in Los Angeles, California on Dec 4, 2014. A hacker group that leaked confidential e-mails and recent movies belonging to Sony Pictures Entertainment last month reportedly used Singapore as one of its sites
Pedestrians walk past Sony Pictures Studios in Los Angeles, California on Dec 4, 2014. A hacker group that leaked confidential e-mails and recent movies belonging to Sony Pictures Entertainment last month reportedly used Singapore as one of its sites to launch its cyber attacks, according to a recent New York Times report. -- PHOTO: AFP 

A hacker group that leaked confidential e-mails and recent movies belonging to Sony Pictures Entertainment last month reportedly used Singapore as one of its sites to launch its cyber attacks, according to a recent New York Times report.

Responding to The Straits Times' queries, the Singapore Computer Emergency Response Team (SingCert) said the attacks on the Hollywood movie studio may have been routed from command-and-control centres across the world, including a server owned by a private company in Singapore.

"As a precautionary measure, SingCert has taken immediate steps to notify the company through its (Internet) service provider to take necessary measures to enhance the cyber security of its systems," said a SingCert spokesman.

American government officials claim that the hacker group, Guardians of Peace, is linked to the North Korean authorities. Earlier this week, Sony succumbed to their threats and cancelled the release of The Interview - a comedy about the fictional assassination of North Korean leader Kim Jong Un.

Even if the attacks appear to have been started in Singapore, experts say that it is not conclusive.

Cyber-security expert Aloysius Cheang said it is common for hackers to have infected an entire army of computers - called a botnet - with malware, and left them dormant until they are ready to initiate a major attack. Typically, owners of the infected computers are unaware that their machines have been compromised.

"In fact, if the hackers did activate the Singapore computers, it was likely done in order to mask their true location," added Mr Cheang, who is the Asia-Pacific managing director of global computing security association Cloud Security Alliance.

"In my opinion, it is more likely that the attack originated out of Singapore," he added.

It is very hard to trace the source of the attack. The true master controller could be anywhere, but may have routed the attacks through botnets from Singapore to China and to Russia and other locations, said Mr Cheang.

lesterh@sph.com.sg