From December 2018 to the early part of January this year, Singapore suffered from several serious hacking attacks with over 400 hackers trying to penetrate the city-state’s government online sites.
To ensure the government’s security systems were well protected, the city-state sought the help of hackers. Singaporean officials approached those who call themselves ‘white hat’ or ethical hackers and not those on the wanted list or involved in criminal activities.
This initiative was facilitated by the Government Technology Agency (GovTech) and Cyber Security Agency (CSA). These agencies sought the assistance of both local and overseas hackers to track down vulnerabilities under the five government agencies that are easily accessed online.
In the past, Singapore’s Ministry of Defence also created a similar project.
To be part of the team, the white hat hackers need to register and highlight their expertise as they are being validated by HackerOne, a US-based bug bounty firm responsible for the programme execution.
Based on reports, recruited white hat hackers are provided with a contract and told not to leak any data of potential vulnerabilities in Singapore’s systems.
As cited in a joint statement from the three companies, GovTech, CSA, and HackerOne, 25% of the hackers who participated were Singapore-based.
The report added, from the top 10 hackers in the project, seven were from Singapore.
During the three-week period, the hackers found a total of 26 bugs. Based on the records, seven were at ‘low’ severity status, 18 were at ‘medium’ level, and one was at ‘high’ risk.
As payment, the government paid US$11,750 (S$15,927) to the hackers who identified the 26 bugs. The remuneration was given based on the severity of the bug ranging from S$250 to US$10,000.
Janil Puthucheary, senior minister of State for Communications and Information, expressed in the Committee of Supply Debate his gratefulness for the assistance of the local cybersecurity community in the initiative.
The joint statement noted that the city-state’s government seeks to enable the programme to involve more systems and government websites in the future.