Singhealth kanna hack!

[Wind30]

I am not sure what this hacking has achieved and what can the hacker gain from this. I am also not sure how one can ensure 100% hacking proof if you have your system online.

 

Until today, I cannot understand what can be done when you have a person NRIC no and handpone no. I can only understand if you give your bank acct/ATM card and password no to someone.

I think the most basic way to protect yourself is to have a few different passwords. I have three passwords for different sites. One for useless sites like mcf, another for work and email, and one more for sites with my credit card details.

 

I think u have two have two password for email and sites like amazon, else if one is back, everything hacked

Edited July 23, 2018 by Wind30

[Mustank]

Lucky I no see doctor for quite sometime

[kdash]

Lucky I no see doctor for quite sometime

i see doc in MCF everyday

[Ben5266]

I am not sure what this hacking has achieved and what can the hacker gain from this. I am also not sure how one can ensure 100% hacking proof if you have your system online.

 

Until today, I cannot understand what can be done when you have a person NRIC no and handpone no. I can only understand if you give your bank acct/ATM card and password no to someone.

Got nric no and handphone number can apply loan from ah long online.

Can do many things with nric.

So, govt is going to replace nric and number for those affected?

If I recalled correctly, according to PDPC, losing personal info, CEO can get rotan one.

Maybe those time will be waived. But private company CEO won’t be that lucky.

[Victor68]

many things hacker can gain especially personal data

what disease or problem do a person have especially for "well known person"

if the person got STD, anxiety or depression, etc

can blackmail the person ... if not release the info to public

if the person is a CEO of a company, politician, celebrity ... that's money to be made

it's all about the MONEY

information can be used to extract money or use the information for other purpose

watch too many MI liao ... lol

 So it is about your personal health matters being disclosed publicly.  I am not sure ordinary citizen like me got people want to read them. So many certain group of people can opt to keep their data confidential.  for me, opening up is better because during emergency, data can be found quickly. 

Got nric no and handphone number can apply loan from ah long online.

Can do many things with nric.

So, govt is going to replace nric and number for those affected?

If I recalled correctly, according to PDPC, losing personal info, CEO can get rotan one.

Maybe those time will be waived. But private company CEO won’t be that lucky.

Sure or not, got NRIC and handphone number can apply loan liao. Even the illegal ones don't accept lah. You think money drop from sky and they so free to chase after loan without confident of recovery 

[Sdf4786k]

I am not sure what this hacking has achieved and what can the hacker gain from this. I am also not sure how one can ensure 100% hacking proof if you have your system online.

 

Until today, I cannot understand what can be done when you have a person NRIC no and handpone no. I can only understand if you give your bank acct/ATM card and password no to someone. 

 

one would imagine that when the istana web page was breech, it would have been a wake up call.

 

https://www.straitstimes.com/singapore/courts-crime/businessman-fined-8k-for-hacking-istana-website

 

SINGAPORE - An IT consultancy firm operator was fined $8,000 on Thursday for hacking into the Istana website.

Delson Moo Hiang Kng, 43, became the first person here to be convicted of carrying out a cross site scripting (XSS) attack - one of the most common types of cyber attacks.

They involve an attacker exploiting a security vulnerability and injecting a malicious script into a web application.

 

+++

But as this is no school boy hacking experiment, the bigger scale of a "state" attack can be quite a large scale .

 

So if the mother of all security is hack, Singhealth is not impenetrable. So give it some time to "heal". 

 

DAVID GREENE, HOST:

And let's talk now about an extraordinary security breach at the NSA. A group known as The Shadow Brokers have stolen sophisticated tools the agency uses to penetrate computer networks. In other words, the NSA's own hackers have been hacked, it appears. This all began last year, and it looks like The Shadow Brokers have tried to sell some of the NSA's cyberweapons. Matthew Olsen worked at the NSA as general counsel. He was later director of the National Counterterrorism Center. He's in our studio this morning. Thanks for coming in.

MATTHEW OLSEN: Thanks for having me.

GREENE: So who are The Shadow Brokers?

OLSEN: You know, The Shadow Brokers is, you know, as the name implies, a very shadowy group of hackers, and apparently very sophisticated hackers. We don't know, though, exactly who they are or even where they are.

GREENE: You don't know, and presumably the NSA has not been able to figure this out, which is part of the alarm here.

OLSEN: It certainly is part of the ongoing investigation - find out who these folks are, how they got these tools, where the tools came from. Remember, this is an ongoing investigation, and at this point, nobody's been identified as who those hackers are.

GREENE: So this could be a foreign government. This could be just some hackers who wanted to get this stuff. This could, in theory, involve employees at the NSA itself. I mean, a lot of possibilities here.

OLSEN: Lots of possibilities, lots of speculation. But the, you know, one of the main candidates is possibly a foreign government because of how sophisticated these hackers appear to be.

GREENE: And what exactly are the tools that they have been able to steal?

OLSEN: Yeah. It's exactly as you said, David. Very sophisticated, very sensitive, high-end, really weapons-grade computer code. These are hacking tools that are used to get around firewalls, to defeat anti-virus, to get into computer systems. They're exactly the kind of tools that nations build in order to exploit communications.

GREENE: You said weapons-grade. I mean, help people understand, you know, what a cyberweapon is as opposed to a more traditional weapon.

OLSEN: Yeah. Well, there's lots of hackers out there. We all hear about hackers and cyberattacks all the time, but there's levels of gradation in terms of how sophisticated those types of weapons are, those types of attacks are. Code like this that's used to break into very sophisticated and well-defended computer systems, that takes years and years to develop, and lots and lots of money and very, very sophisticated computer scientists and engineers. And that's what's so troubling here, is that apparently these tools have now fallen into the wrong hands.

GREENE: OK. So I don't want to speculate too much, but you say that there's the possibility that this is a foreign government. We've heard all about, you know, Russia's capabilities and other nations. If a nation like Russia had these tools, what could they do with them and how damaging could it be to U.S. national security?

OLSEN: Well, the really dangerous thing now is that these tools are out in the wild. So what we're seeing, and we've seen this over the last year, is that these tools are being used to facilitate computer attacks. So we saw ransomware attacks earlier this year that affected millions of people.

GREENE: Using these tools.

OLSEN: Using these tools to really advance the attacks, really to carry out these exploits.

GREENE: There were some hospitals in Britain, I think, that were turning away patients because of one of these attacks.

OLSEN: Exactly right. So they're used - they've been used also to go after really critical organizations like hospitals both here in the United States and in Europe. And so now these tools that were really possibly just in the hands of a very small number of people, inside governments, are now out and available on the internet. So, you know, pretty much anyone who's sophisticated can now get access to them.

GREENE: A lot of people hear NSA, and they think about the name Edward Snowden and that leak. People are suggesting this might be far worse than that in terms of the credibility of the agency and also the potential damage. Is that true?

OLSEN: It does seem like that's potentially true. I mean, Edward Snowden did damage, no doubt. He talked about programs that had been classified and were secret and gave insights to our adversaries about those programs. But this could be worse in the sense that this isn't just about the programs generally, but it's the computer code, the actual weapons, the actual information that can be used to carry out attacks. And so that's why it's potentially even worse.

GREENE: I think Americans like to think of their government being very good at counterterrorism, very good at intelligence, and they would wonder, how in the world could this happen, how in the world does it keep happening?

OLSEN: So our government is very good at this, and very good at defending information and also collecting foreign intelligence. I mean, take a step back and remember NSA's job is to go out around the world and collect foreign intelligence, identify the communications of our adversaries, terrorists, other nations and pull in those communications. But that job has gotten a lot harder in the digital age. This is not James Bond picking up a single digital cassette tape, for example. This is trying to find signals around the world and pick those up in this vast digital noise, and they're very, very good at it.

GREENE: Just briefly, how bad is morale right now inside the agency?

OLSEN: Yeah, I can understand the concern about morale in the agency, but I worked with these folks. These are some of the most dedicated and most brilliant people I've ever worked with. They are only going to redouble their efforts, I think.

GREENE: Matthew Olsen was the general counsel at the NSA, former director of the National Counterterrorism Center, talking to us about a significant hack of the agency that they're confronting right now. 

Edited July 23, 2018 by Sdf4786k

[Wt_know]

I think the most basic way to protect yourself is to have a few different passwords. I have three passwords for different sites. One for useless sites like mcf, another for work and email, and one more for sites with my credit card details.

 

I think u have two have two password for email and sites like amazon, else if one is back, everything hacked

1 password for non essential site

1 password for need online site

1 password for personal on confi use

 

always turn on 2FA whenever possible

 

i created a useless FB and Gmail account to connect all useless and non essential site ... lol

[Kopites]

1 password for non essential site

1 password for need online site

1 password for personal on confi use

 

always turn on 2FA whenever possible

 

i created a useless FB and Gmail account to connect all useless and non essential site ... lol

which lap top/mobile you used to create those useless FB and Gmail?

 

does it need network or even link IP address/handphone line?

Edited July 23, 2018 by Kopites

[Wt_know]

i do the MI style

every handphone and laptop i use ...

after 5eecs self destruct! muahahaha

Edited July 23, 2018 by Wt_know

[Ysc3]

Re : the singhealth data breach.

Just for all info, my sister works in SGH and they have just received queries from patients as these patients received calls supposedly from the hospital "verifying" their details.

 

Please note that the health services is NOT doing any follow up with any patients with regards to the data breach. Pls do not entertain and just ignore any of such calls if you happen to receive any health services calls.

[Nav14]

Dear lhl and gck. I don't give a f**k that your details were stolen. Thanks.

 

Why would anyone care. He already announced he will be stepping down very soon after next elections. And he is no LKY. So who will give a shit even if kicks the bucket soon.

GCT is also history.

Thus the hacking is meant to be symbolic with a message to the govt.

 

Will LHL/PAP have the guts to give an appropriate reply since they know which country is involved. For eg scrapping some joint project(s) with China, make it difficult for China developers to develop properties here  (which will at same time help cool down the market as China developers bid aggressively), or even hire the best hackers in the world and hack them back.

Edited July 23, 2018 by Nav14

[Fcw75]

They announced because if any peasant complained to singhealth, they will reply ‘LHL and GCT data also kenna stolen, why you (a peasant) so scared?’.

[Hoseyboh]

jiak sai lah....

 

[Victor68]

the cyber chief kana by that minster during the interview. i wonder the minister is an expert in cyber security or not. somehow he feels this can be prevented. haha to me, you can only deter butnit is just when you will be hacked.

[Ysc3]

the cyber chief kana by that minster during the interview. i wonder the minister is an expert in cyber security or not. somehow he feels this can be prevented. haha to me, you can only deter butnit is just when you will be hacked.

 

mindef kenah hacked

 

moh kenah hacked

 

MRT failure ... (got hacked before ?)

 

what other services kenah hacked ?

 

 

 

 

.... but the most robust system in SG remains !! ... the infallible  ERP system !! they shud get the engineers for the ERP to participate in security for other services too.

 

the hackers should consider that as a real challenge !!

[13177]

mindef kenah hacked

 

moh kenah hacked

 

MRT failure ... (got hacked before ?)

 

what other services kenah hacked ?

 

 

 

 

.... but the most robust system in SG remains !! ... the infallible  ERP system !! they shud get the engineers for the ERP to participate in security for other services too.

 

the hackers should consider that as a real challenge !!

Even the fare gate at all MRT station also never failed and hacked before, and they can deduct fare correctly for so many people going through it.

[Ysc3]

Even the fare gate at all MRT station also never failed and hacked before, and they can deduct fare correctly for so many people going through it.

 

bottomline ....

 

collect money systems = all top notch !! unbreakable like Apple !

 

provide service systems = ........... subcon to Microsoft ?

[Ben5266]

I am not sure what this hacking has achieved and what can the hacker gain from this. I am also not sure how one can ensure 100% hacking proof if you have your system online.

 

Until today, I cannot understand what can be done when you have a person NRIC no and handpone no. I can only understand if you give your bank acct/ATM card and password no to someone. 

Just remember some thing after saw the itune store hack.

 

We use our personal email to create an iTunes account or play store account.

and Singhealth gave our name, ic number and email to the hacker.

 

so, don't say our personal info is worthless.

 

Singhealth inform us our personal info was stolen. So what next? What am I supposed to do? Nothing to worry about?