Mazda defends online security

Car dealer says customer data 'safe' after website defaced by Turkish hacking group

Screengrab of Mazda's defaced website. PHOTO: MAZDA
Irene Tham
Tech Editor
Updated
Jan 20, 2016, 07:16 AM
Published
Jul 24, 2015, 05:00 AM

Mazda's car dealer yesterday defended its online security after its Singapore website was defaced by a Turkish hacking group.

Ayyildiz Tim wrote a message demanding "freedom for all Muslims" on Eurokars Group's site www.mazda.com.sg

It was spotted at 9am yesterday and the site was taken down by 10.30am before being reinstated 45 minutes later.

A Mazda spokesman said the company made a police report and an investigation was under way.

The website allows car owners to make service appointments by entering their personal details, including name and NRIC number. It is not known if customer details were compromised.

DESIGN DETERMINES SECURITY

Modern websites have multiple layers of security.... However, it is not unreasonable to assume that if attackers got into one system, they might be able to get into other systems.

MR AAMIR LAKHANI, Fortinet's senior security strategist

Mazda's spokesman said: "There is no evidence at present to suggest that customer data has been compromised."

Security experts say website vulnerabilities can give hackers unauthorised access to data. Mr Daniel Cohen, head of American security firm RSA's FraudAction Anti- Fraud Services, said a website could be vulnerable if its computer server software is not up to date.

The use of a third-party plug-in like a visitor counter, search tool bar or map - which Mazda's site has - may also introduce weaknesses and allow for this type of attack.

Mr Hugh Thompson, chief technology officer and senior vice-president of US-based security systems maker Blue Coat Systems, said a site could also be compromised through the stolen credentials of a system administrator.

But the design of a website determines how secure customers' sensitive information is, according to US-based security software firm Fortinet's senior security strategist Aamir Lakhani.

"Modern websites have multiple layers of security, with customer and user data typically secured in other parts of the site," he said.

"However, it is not unreasonable to assume that if attackers got into one system, they might be able to get into other systems."

Privacy watchdog the Personal Data Protection Commission said it "will investigate if there is reason to believe that personal data of individuals had been compromised".

Judging from the translated versions of the hacker group's Facebook and Twitter pages, it appears to have political motivation for some of its attacks.

Last August, the same group reportedly hacked into Israel's Iron Dome anti-missile defence system. And earlier last year, it reportedly defaced the official website of the United Nations Development Programme in Ecuador.

Mr Lakhani said it is not clear why the group targeted a Singapore entity, but "it is possible they were trying to attract attention and demonstrate their expertise".

Join ST's Telegram channel and get the latest breaking news delivered to you.

A version of this article appeared in the print edition of The Straits Times on July 24, 2015, with the headline Mazda defends online security. Subscribe

Available for
iPhones and iPads
Available in
Google Play

MCI (P) 066/10/2023. Published by SPH Media Limited, Co. Regn. No. 202120748H. Copyright © 2024 SPH Media Limited. All rights reserved.

Back to the top