Mazda's car dealer yesterday defended its online security after its Singapore website was defaced by a Turkish hacking group.
Ayyildiz Tim wrote a message demanding "freedom for all Muslims" on Eurokars Group's site www.mazda.com.sg
It was spotted at 9am yesterday and the site was taken down by 10.30am before being reinstated 45 minutes later.
A Mazda spokesman said the company made a police report and an investigation was under way.
The website allows car owners to make service appointments by entering their personal details, including name and NRIC number. It is not known if customer details were compromised.
DESIGN DETERMINES SECURITY
Modern websites have multiple layers of security.... However, it is not unreasonable to assume that if attackers got into one system, they might be able to get into other systems.
MR AAMIR LAKHANI, Fortinet's senior security strategist
Mazda's spokesman said: "There is no evidence at present to suggest that customer data has been compromised."
Security experts say website vulnerabilities can give hackers unauthorised access to data. Mr Daniel Cohen, head of American security firm RSA's FraudAction Anti- Fraud Services, said a website could be vulnerable if its computer server software is not up to date.
The use of a third-party plug-in like a visitor counter, search tool bar or map - which Mazda's site has - may also introduce weaknesses and allow for this type of attack.
Mr Hugh Thompson, chief technology officer and senior vice-president of US-based security systems maker Blue Coat Systems, said a site could also be compromised through the stolen credentials of a system administrator.
But the design of a website determines how secure customers' sensitive information is, according to US-based security software firm Fortinet's senior security strategist Aamir Lakhani.
"Modern websites have multiple layers of security, with customer and user data typically secured in other parts of the site," he said.
"However, it is not unreasonable to assume that if attackers got into one system, they might be able to get into other systems."
Privacy watchdog the Personal Data Protection Commission said it "will investigate if there is reason to believe that personal data of individuals had been compromised".
Judging from the translated versions of the hacker group's Facebook and Twitter pages, it appears to have political motivation for some of its attacks.
Last August, the same group reportedly hacked into Israel's Iron Dome anti-missile defence system. And earlier last year, it reportedly defaced the official website of the United Nations Development Programme in Ecuador.
Mr Lakhani said it is not clear why the group targeted a Singapore entity, but "it is possible they were trying to attract attention and demonstrate their expertise".