Hacking into the Universities in Singapore: Is There a Laxity in Security?
An Iranian hacking syndicate has allegedly attacked four universities in Singapore and pilfered more than 31 terabytes of academic data and intellectual property from varsities all over the world.
According to reports, the breach affected 52 staff accounts including:
- Nanyang Technological University (NTU)
- National University of Singapore (NUS)
- Singapore Management University (SMU)
- Singapore University of Technology and Design (SUTD)
The Cyber Security Agency (CSA) of Singapore and the Ministry of Education (MOE) released a joint statement on March 23. It said the nine Iranians allegedly responsible for the attacks had gotten charges in the United States for attempting to hack into 144 US and 176 foreign universities across 21 countries. These include those in Singapore.
The MOE and the institutions needed to run checks on their networks after the CSA received information about the breach in the user accounts of the universities in Singapore.
“The universities have stepped up their vigilance and users have been advised to change their passwords immediately,” said the agencies.
The CSA statement also said that the incident did not appear linked to the 2017 cyber attack on NUS and NTU networks. Additionally, “at this time” there was no evidence regarding any breaching of sensitive information.
Investigations revealed that the incident was a phishing attack. The scheme worked when staff members went into a credential harvesting website to key in their login details. The attackers then used these credentials to gain unlawful access to the institutes’ library websites to obtain research articles published by staff members.
Following the alert from CSA and the MOE, the four universities said they had since reset passwords and scanned affected users’ computers. User accounts affected were mainly those of faculty members.
Internal investigations are also ongoing as the institutes continue to work with authorities on the matter.
According to US court documents, the nine Iranians believed to be responsible for the hacking are Gholamreza Rafatnejad, 38; Ehsan Mohammadi, 37; Abdollah Karima, also known as Vahid Karima, 39; Mostafa Sadeghi, 28; Seyed Ali Mirkarimi, 34; Mohammed Reza Sabahi, 26; Roozbeh Sabahi, 24; Abuzar Gohari Moqadam, 37; and Sajjad Tahmasebi, 30.
Charges against the group, which were made public on March 23, include several counts of identity theft, fraud and conspiracy to commit computer intrusions.
US Department of Justice
Investigations also revealed that the group has connections to the Mabna Institute, an Iran-based company. The firm has conducted a coordinated campaign of cyber intrusions into computer systems since 2013, according to the US Department of Justice.
The US courts have since termed the attacks as the “University Hacking Campaign” where research and data across all fields of research and academic disciplines are targets. These include science and technology, engineering, medical and social sciences.
The campaign targeted over 100,000 accounts of professors worldwide and approximately half of those targetted come from United States-based universities. In effect, the incident took place from 2013 to 2017.
The court papers said about 8,000 professor accounts worldwide were compromised, of which about 3,768 belonged to academics from US-based universities.
The data and account details allegedly benefitted the following:
- Iranian government
- Islamic Revolutionary Guard Corps (IRGC)
- other Iranian customers
- Iran-based universities
There were no revelations for the identities of the hackers in the previous attacks on NUS and NTU as of April 2017. However, they believed to have infiltrated the networks of these universities in Singapore to steal government-related information. This is because universities got into involvement with government-linked projects for the defence, foreign affairs, and transport sectors.
There was also another cybersecurity attack earlier in 2017. It breached into the personal data of 850 national servicemen and the Ministry of Defence staff.
As of now, the government requires everyone to utilize ransomware protection programs.