S’pore Public Healthcare Web Services Outages Were Caused by a DDoS Attack

Ongoing DDoS Attacks Disrupt Singapore’s Public Healthcare Web Services

On 1 November, netizens were left puzzled and worried when dozens of official websites of major health centres throughout Singapore were inaccessible for more than seven hours. 

No matter how much they refreshed, rebooted and screamed in frustration—they were merely met with a message saying that data was not loaded.

Image: Screenshot (Microsoft Edge)

You can also watch this video on a recap of what happened:

Two days after the incident, we finally know what happened.

The Affected Websites

From approximately 9:20 am to 4:30 pm, users were unable to visit the websites of Singapore General Hospital, Tan Tock Seng Hospital, National University Hospital, Changi General Hospital, KK Women’s and Children’s Hospital, Sengkang General Hospital, Khoo Teck Puat Hospital, Ng Teng Fong General Hospital and the Institute of Mental Health.

Singapore’s three public health clusters – SingHealth, which runs hospitals and other health centres in the east; National University Health System in the west; and National Healthcare Group in the central area – were also unavailable.

A spokesman for SingHealth advised panicked users to use the Health Buddy app during the disruption and that this family pack of website crashes was due to an internet access disruption.

After the websites had been recovered at 5:15 pm, the websites’ internet provider Synapxe also stated on Facebook that they had “found no evidence to indicate that our data and internal networks have been compromised”.

Website disruption was caused by a DDoS attack

On Friday, Synapxe informed Facebook users that the disruption was in fact caused by…internet attackers.

The havoc was wreaked in a distributed denial-of-service (DDoS) attack, where internet assassins flood servers to overload their systems – making the network unavailable to users.

What’s worse, since DDoS attacks utilise multiple IP addresses or attack machines; they are much harder to track down and turn off completely.

You might be one of these machines; read on and you’d understand.

DDoS attacks have been on the rise since 2016, with many attackers delighted by the low level of skill it requires. This is because DDoS attacks are simply akin to that one group of noisy aunties crowding the entrance of a shop door, blocking people from entering.

This simplicity, coupled with the fact that DDoS code and tactics are freely available on the Dark Web, makes DDoS attacks a common offence by aspiring cyber criminals.

However, thankfully for us, DDoS attacks are usually not utilised to garner ransom or steal money. At least, according to sources form The Straits Times, there hasn’t been any demands for ransom so far.

Nonetheless, this doesn’t deter hacker activists, or hacktivists – who use DDoS attacks as a form of online protest. In January 2013, hacker group Anonymous even posted a petition asking the United States’ White House to recognise DDoS attacks as a legal form of protest.

However, their efforts were not very successful. Many internet trouble-makers in the United States were stunned to find themselves escorted to a prison cell after conducting such attacks. Meanwhile, in European countries as well as the United Kingdom, denial-of-service attacks are illegal.

Tracking Down the Perpetrator Would be Difficult

But not every hacker or attacker gets their virtual ski masks thrown off. In fact, many of them remain anonymous.

Because most DDoS attacks stem from the Dark Web, perpetrators are practically untraceable. This makes it extremely tough to find out that specific fellow whose chose to crash all our healthcare websites.

Zombie Computers

Tracing the attacker is made even more complicated by the existence of zombie computers.

That’s right, we could very well be in the middle of a virtual zombie apocalypse, if we’re unlucky enough.

Zombie computers are basically computers that have been compromised– probably by a computer virus. This virus gives control of the computer to the hacker, who can now remotely perform malicious tasks using that computer.

This means there’s a chance some poor innocent’s computer was hacked, and used to coordinate a DDoS attack. Talk about a double whammy.

Synapxe to Update their Defensive measures, with investigations underway

Synapxe added that its servers had a “layered defence”; a protective wall designed to detect and respond to internet attacks, including DDoS attacks.

However, the overload on Wednesday was so great that it bypassed the defence and overwhelmed Synapxe’s firewall. This caused the firewall to filter out all the traffic instead of just the harmful ones, causing all the websites to become unavailable.

The internet provider assured netizens that investigations by the Cyber Security Agency (CSA) were underway, and that Synapxe was effectively seeking more reliable defense methods in case of future attacks.

And here’s the thing: the attacks are still ongoing, so there might be further disruption.

Image: The Len / Shutterstock.com

In-Person Clinical Services Were Unaffected

Lastly, netizens were assured by the hospitals and Synapxe that even during the disruption, all patient records remained unaltered and that face-to-face clinical services went on as usual.

…Looks like you won’t be able to escape your doctor’s appointment after all.