Cyber attacks on NUS, NTU in bid to steal sensitive data

Attacks not the work of casual hackers; no classified info stolen

The two attacks, discovered last month (April), against NUS and NTU, are the first sophisticated attacks against universities here. PHOTO: NUS / NTU

Sophisticated hackers have broken into the networks of National University of Singapore (NUS) and Nanyang Technological University (NUS), in an effort to steal government and research data.

Revealing this yesterday, the Cyber Security Agency (CSA) of Singapore said the attacks, which were discovered last month, were not the work of casual hackers.

"We know who did it, and we know what they were after. But I cannot reveal this for operational security reasons," said Mr David Koh, chief executive of CSA.

Hackers have been in the news of late after trying to sabotage both the American and French presidential elections.

Singapore, meanwhile, has been taking precautions against attacks by delinking computers of public servants from the Internet.

The attacks on the universities may have been a roundabout way to try to access government-related information.

Experts say NTU and NUS have research links with the Government, being involved in projects for the defence, foreign affairs and transport sectors, among others. The Straits Times understands that the attacks were executed from overseas.

"The plans and progress for Singapore's Smart Nation agenda could be a subject of interest to the attackers," said Mr Bill Taylor-Mountford, American security intelligence firm LogRhythm's vice-president in Asia-Pacific and Japan.

The breaches were said to be advanced persistent threats in which hackers gain unauthorised access to computer networks and lurk hidden. Experts said such attacks require considerable resources and are typically state-sponsored.

The intrusions were detected when the universities ran their regular system checks - on April 19 for NTU, and April 11 for NUS.

Both universities alerted CSA, after which forensic investigations were carried out.

No classified information or personal data was stolen. The affected systems have since been removed.

NTU said it has since tightened "security controls at all levels".

NUS said it is beefing up its system defences. "This incident highlights the rising sophistication of cyber security attacks," it added.

CSA added that it had not noticed signs of suspicious activities in critical systems or government networks.

But it has advised other universities and critical sectors such as energy, telecoms and finance to step up security efforts.

Last month, the Government completed an exercise to delink the computers of all 143,000 public servants from the Internet to prevent classified information from being accessed. A spokesman for the Government Technology Agency, which coordinates the delinking effort, said: "The decision to separate Internet surfing from work devices is a difficult but necessary move to protect government systems and data from these increasingly frequent and sophisticated cyber threats."

The NUS and NTU breaches come on the heels of a cyber attack on the Ministry of Defence, in which the personal details of 850 national servicemen and staff were stolen.


Join ST's Telegram channel and get the latest breaking news delivered to you.

A version of this article appeared in the print edition of The Straits Times on May 13, 2017, with the headline Cyber attacks on NUS, NTU in bid to steal sensitive data. Subscribe