>> ASIAONE / DIGITAL / NEWS / STORY
Sun, Nov 08, 2009
The New Paper
Condo residents' website hacked after online spat

By Liew Hanqing

IT WAS an online spat that escalated into a flame war.

The next thing he knew, an online attack left his website crippled - less than a week after it was put up.

The website in question: a community forum for residents of a Jurong condominium.

The attack: a flood of hits, which took the site down for more than an hour.

The drama unfolded after Mr Paul Lim, 45, decided to create an exclusive online forum for residents in his condominium.

He said: "The site's members are condominium residents, who use the forum to organise monthly gatherings and other events. Sometimes, we discuss the condominium's management.

"There's also normal banter between neighbours - we talk about our children, their exams and so on."

The business development manager, who creates online communities as a hobby, said he and some neighbours earlier had been communicating on another forum - myhometown.sg - but got into an online spat with a group of netizens on that forum last month.

He claimed that netizens were displeased that the group members were discussing issues related to their condominium in an open forum, and some commented that the group was showing off.

'Show-off'

Said Mr Lim: "There was a lot of flaming by forum members who were displeased with us. They called us names like 'hao lian' (show-off).

"After I set up the new website just for residents of my condominium, members of the other forum somehow managed to gain access to it, even though you need a user name and password to log in."

He said he found out about the breach when he chanced upon a conversation on the other forum, where a netizen bragged about knowing the contents of his members-only site.

Then, on 28 Oct - five days after his new website went live - Mr Lim logged on to his site, only to find it was down.

Two of Mr Lim's other websites - both online community websites - which are hosted on the same server, also went down.

It is yet to be ascertained whether the attack was linked to the online spat.

The attack on his websites, he said, was a first for him - and the last straw.

He said: "There are banners on my website which help generate advertising revenue. I get up to 1,000 unique visitors a day. I can't afford for my sites to go down."

A check with his US-based website host revealed that Mr Lim's sites had been subject to a distributed denial-of-service (DDoS) attack, which flooded his sites with more than 250,000 hits, crippling them almost instantaneously.

A DDoS attack happens when an attacker infects multiple computers with malicious software and uses these computers to flood a website with so many hits that it cannot be accessed.

He said: "When my host checked on the attack, it found that the attack originated from Singapore.

"I was shocked because I thought Singapore had one of the highest levels of Internet security in the world."

Mr Lim made a police report and posted it on his website. There have been no attacks since.

A police spokesman confirmed a report had been lodged and that investigations are ongoing.

Still, Mr Lim is worried because the privacy of his website may have been compromised.

He said: "Somebody wrote on the other forum that he had managed to gain entry into my site, and I have no idea how.

"I screened everybody before I gave them a user name and password."

 

Online security expert Aloysius Cheang, president of the Special Interest Group in Security and Information Integrity, said DDoS attacks are a worldwide phenomenon.

He cited a US-based website that monitors such attacks, which often shows Singapore among the top 10 countries where such DDoS attacks originate.

Said Mr Cheang: "This implies that quite a substantial number of Singaporean PCs are infected with malicious software which enable these PCs to be part of a large group of computers that an attacker can utilise in a DDoS attack."

He added that although there is no way individual website owners can protect their sites against such attacks, they can get some assurance by choosing Internet service providers (ISP) which ensure users' websites will be operational within a certain time frame after a malicious attack.

This article was first published in The New Paper.

Bookmark and Share
 

 
STORY INDEX
 
  Windows 7 debut a hit: NPD
   
 
  Singaporeans out of love with GPS devices?
   
 
  StarHub has no-frills broadband plans
   
 
  Great deals and cool gadgets at SITEX 2009
   
 
  French driver suspected in bank heist becomes Internet star
   
 
  iPhone disappoints in China launch: analysts
   
 
  Condo residents' website hacked after online spat
   
 
  Your weekend tech guide
   
 
  Microsoft websites top spots in September: comScore
   
 
  "Call of Duty" game shoots to make history
   
>> RELATED STORY
Online forums dominant site of IT discussions here
Italy's intelligences services launch website
S'poreans aren't shy to flirt online
Watchdogs on the net
Netting the right partner

Elsewhere in AsiaOne...

News: Google seeks revenue from online retailers

Travel: Online travel agencies duke it out for bookings

Motoring: Car recalled? Now you can find out online

Business: More firms turn to cloud computing

Just Women: Diva wins gold at IFRA Asian Media Awards

 
We welcome contributions, comments and tips.
a1admin@sph.com.sg
9180 1253 (SMS)
6319 8177