Amateurs as well as so called professionals alike….
o a few days ago, right after an image of an Anonymous YouTube video embedded on the Singapore Prime Minister Office’s (PMO) site started appearing on the interwebs, news sources have been reporting that the PMO website got hacked.
Here’s a list of the reports:
Singapore PM’s website hacked by Anonymous
‘Subpage’ of the Prime Minister’s Office website hacked; Investigations ongoing
ANONYMOUS ATTACKS PMO WEBSITE DESPITE PM LEE’S THREATS TO HUNT THEM DOWN
‘Anonymous’ hacks Singapore Prime Minister’s website
Prime Minister’s Office and Istana websites hacked; Investigations ongoing
Anonymous hacks Singapore PM website
On behalf of every single decent software developer in Singapore, let me say this once: this is not a hack. If any journalist had investigated more deeply, they would have found out that the URL to access the supposed hacked site is:
http://www.pmo.gov.sg/content/pmosite/search.html?q=%27%22%2F%3E%3Cdiv+style%3D%22position%3A+absolute%3B+top%3A+80px%3B+left%3A+0px%3B+
right%3A+0px%3B+bottom%3A+200px%3B+background-color%3A+black%3B+color%3A+red%3B+background-image%3A+url%28%29%3B+font-size%3A+12p x%3B+text-align%3A+center%3B+padding-top%3A+1px%3B%22%3E%3Cbr%3E%3Cmarquee+behavior%3D%22alternate%22%3E%3Ccenter%3E%3Cfont
+color%3D%22red%22+background-color%3D%22black%22%3E%3Ch1%3E~ANONYMOUS+SG+WAS+HERE+BIATCH~%3C%2Fh1%3E%3C%2Ffont%3E
%3C%2Fcenter%3E%3Cbr%3E%3C
img+src%3D%22http%3A%2F%2Fi.imgur.com%2FLtKG7Gt.jpg%22%2F%3E%3Cimg
+src%3D%22http%3A%2F%2Fi.imgur.com%2FLmWOvw6.jpg%22%2F%3E%3C%2Fmarquee%3E%3C%2Fdiv%3E
which when decoded, gives you:
http://www.pmo.gov.sg/content/pmosite/search.html?q='"/><div style="position: absolute; top: 80px; left: 0px; right: 0px; bottom: 200px; background-color: black; color: red; background-image: url(); font-size: 12px; text-align: center; padding-top: 1px;"><br><marquee behavior="alternate"><center><font color="red" background-color="black"><h1>~ANONYMOUS SG WAS HERE BIATCH~</h1></font></center><br><img src="http://i.imgur.com/LtKG7Gt.jpg"/><imgsrc="http://i.imgur.com/LmWOvw6.jpg"/></marquee></div>
Even the less tech-savvy folks can guess that the contents of the ‘hack’ can be found within the URL. This means that someone had to type that in in order to see the contents or insert that into the search bar. Nothing on the server was compromised, therefore, this was not a hack, which by definition involves breaking into a server or website from a remote location to steal or damage data.
That’s not to say that the IT guys behind the websites aren’t at fault for letting this through. A simple HTML encoding function could have prevented this from happening and is widely available in most web programming languages. But it certainly wasn’t a security breach. It’s like hanging a poster on the door of a house which you can’t break into.
However, in a bid get pageviews, our dear journalists are now calling every single thing a hack, instead of educating the public on what it actually is, or doing any form of research whatsoever. Simply because fearmongering gets you pageviews. To top it off, I just saw this latest news from The Online Citizen where a guy was arrested for being in possession of hacking devices. Pray tell, what are hacking devices?
As such, I would like to appeal to journalists to do proper research before covering news like this (this article gives some good information). You are not doing society a favor by spreading fear and misinformation. It deserves better.
Follow Tech in Asia’s coverage of Anonymous in Asia here.
(Editing by Terence Lee)
Dear journalists, stop spreading fear, uncertainty, and doubt in Anonymous coverage.