This is breaking news. The Anonymous hacker group had threatened a protest on November 5th. I wonder if they have struck early. A whole bunch of Singapore government websites, including the likes of www.gov.sg, www.ida.gov.sg, www.ica.gov.sg, are now all offline.
At this moment, it looks like the DNS record for the gov.sg domain has been tampered with. Call it DNS hijacking, DNS poisoning, or whatever you like. The gov.sg domain has been tampered, causing users on the Internet to be unable to locate any Internet servers in the gov.sg domain.
This is the directory of the Internet. If you’re not locatable in this directory, then you’ve practically been taken out of the Internet.
The whois directory service is also inaccessible right now (whois.nic.net.sg).
The phrase “bo zeng hu” (no government) has taken on a new literal meaning.
While we’re currently caught up in the drama as it unfolds, let’s just put things in a little perspective. This is a DoS (denial of service) attack. It doesn’t mean data has been stolen, modified, messed up, etc. The systems are all still there. You just can’t access them.
Now, that’s not to say it’s no big deal. A DoS can cause quite an impactful disruption too. The recent Bukit Panjang Exchange fire, for example, is an example of a type of denial of service. In that instance, some users were impact by inability to access telecommunication services, or access to other services that depended on those telecommunication services.
16:18: In a Facebook posting, IDA claims that all government website are under planned maintenance. I wonder. Do you spoil your DNS to carry out maintenance? Sounds like a cover up to me. If there is a planned maintenance, you would typically put up a webpage to receive all web access to explain what is going on. You don’t kill your DNS. (Incidentally, the posting to Facebook was from a mobile. Doesn’t sound very planned to have to be posting from mobile…)
16:33: I’m just thinking. Perhaps the government should just declare 5 Nov to be a planned maintenance day. Oh yah, maybe declare it a public holiday too?
17:30: Two key name servers, pridns.gov.sg and secdns.gov.sg are now up. They were inaccessible earlier. Pridns is providing working replies for sites like www.ida.gov.sg, but secdns at this time still does not provide valid answers. It seems like they’re still struggling to get back the DNS infrastructure. But they’re recovering. There’s a good chance you can access sites like www.ida.gov.sg already.
18:00: Just for interest. The cached SOA record during the incident reflected a serial number of 2008217046. The outage is now mostly over. The SOA’s serial number is now 2008217056. The numerical jump reflects changes, likely multiple times, made to the gov.sg domain.
Sounds logic!
The thing is, you can never be sure if (a) someone was incompetent enough to zap the DNS zone while re-doing it or (b) some shenanigans took place (zone transfer or properly hacked).
Really depends on how cynical you want to be and in which direction 😛 personally I wouldn’t put it past IDA to make either mistake.
Mr Lai, you are going to be famous soon.
(y)
Bro, your explanations seem quite logical. Are you ok if I repost this on TRE? 🙂
Sure. 🙂
Got meh? All can access now what?
Have u checked with the people that manages SGNIC ?? I can drop them a message. Once the registra (a local ISP) dropped the nomain name for my organization – causing DNS outage for more than 1 day that affect more than 100 sites. Amazingly, the local ISP did it again a few month later…..
Please do! I’ve had people in the government claim that it was routine maintenance, I’d be interested to see what happens.
Please do! I’ve had people in the government claim that it was routine maintenance, I’d be interested to see what happens.