Thursday 5 June 2014

After Singpass got hacked, IDA put the blame squarely on users

SINGAPORE: More than 1,500 SingPass users may have had their IDs and passwords accessed without their permission. The Infocomm Development Authority of Singapore (IDA) was notified on Monday (June 2) by the SingPass operator, Crimson Logic, that a number of users had received a SingPass password reset notification letter, even though they did not request a password change. SingPass is a single-factor authentification system for all government e-services in Singapore.

It was announced on Wednesday (June 4) that IDA's preliminary investigations show that 1,560 users' IDs and passwords were potentially accessed, of which 419 passwords were reset. Password reset notification letters were sent to the registered address of SingPass account holders.

"SYSTEM NOT COMPROMISED"
The IDA has filed a police report on Tuesday, but the authority's checks so far show there is no evidence to suggest the SingPass system has been compromised and there are no known losses. Passwords of all affected users have been reset, and the IDA is in the process of notifying them. IDA also says it is looking at using the two-factor authentication (2FA) system, for e-government transactions.

ADVICE FOR SINGPASS USERS
Said Ms Jacqueline Poh, the Managing Director for the Infocomm Development Authority of Singapore: "For every individual, the incident underlines the importance of taking personal responsibility for cyber security."

 
Read the news here



My take: Well, this is amazing fucked up situation here in Singapore where top civil servants who are being paid millions do not apologise for their own fuck ups. This chick by the name of Jacqueline actually insinuated that users poor passwords were the cause of the hack. Now the hacker couldn't possibly guessed all 1560 user ids and passwords and it looks like there was a system failure. If there was a system failure, then why would any strong password help? 

Is she shrinking from responsibility again? Like how she did back in Nov 2013? When the PMO and Istana websites got hacked, she said it was not a hack but "defacement"! And the whole govt IT infrastructure was fumbling like mad to try and defend itself against cyber attacks. 

Now she is saying the system has not been compromised! Then what the fuck happened to those 1560 users? They were not compromised? 

Are not real people to you? Not real citizens? I guess they are just a number to this amazingly fucked up system. And for fuck's sake, I haven't even heard her apologise to those affected. 

Yup, so these people talking shit should be fucking shamed. The banks were using 2FA for umpteen years already and only now after the hack you tell Singaporeans that you're looking into 2FA for Singpass? Hello...too fucking late...yeah so fuck u fuck u fuck u...if you can't do your job properly then don't fucking take so much money from Singaporeans. 




3 comments: