SINGAPORE - An IT consultancy firm operator was fined $8,000 on Thursday for hacking into the Istana website.

Delson Moo Hiang Kng, 43, became the first person here to be convicted of carrying out a cross site scripting (XSS) attack - one of the most common types of cyber attacks.

They involve an attacker exploiting a security vulnerability and injecting a malicious script into a web application.

Moo pleaded guilty to one of three charges of illegally accessing the Istana website and causing it to display illegitimate images and insulting phrases on Nov 8 last year.

He had targeted the Google search page embedded in the Istana website.

Deputy Public Prosecutor Suhas Malhotra said instead of entering text search terms on the Google search page embedded on the Istana website, Moo entered Hypertext Markup Language (HTML) code which was processed by the server. It generated an HTML page showing offensive phrases in Hokkien and images such as one of an elderly woman giving the middle finger gesture.

Moo had learned about the vulnerability of the website from fellow Facebook users.

At the time, XSS scripts that had been used to compromise the Google search page on the Prime Minister's Office (PMO) website were being disseminated online.

After the search function on the PMO website was disabled to prevent further XSS attacks, Moo injected the modified script into the Istana website.

Such attacks gave the impression that these websites had been "hacked".

The court heard that Moo's act did not cause any damage to the contents of the Istana web server.

His lawyer Anil Balchandani said at no time was anyone else able to view or replicate what he had done to the Istana website. He added that his client was remorseful.

Moo could have been fined up to $10,000 and/or jailed for up to three years.