Over the Deepavali weekend, nineteen (according to Yahoo) websites of government departments were offline. These included the Land Transport Authority and the Singapore Police Force. “Scheduled maintenance” was the cryptic official explanation though no one reported seeing any prior notice. Deepavali (also known as Diwali) is a major Hindu festival. Considering that a significant number of IT engineers are of Indian ancestry, it seemed a strange choice to pick this particular weekend to do IT work, and to “maintain” 19 government websites simultaneously.
Of course, “scheduled” could mean something planned 25 minutes in advance, though such a squeeze on the meaning of the term would by itself indicate that there’s a hidden back story.
As for the context, most Singaporeans would know. But for the record, perhaps I should recap. Around 30 or 31 October, a video claiming to be from the hacker’s group Anonymous — not that there is any reason to doubt its authenticity — was put on Youtube threatening an attack on the government of Singapore and calling for a larger protest on 5 November. On 1 November, a section of The Straits Times’ blogsite was indeed hacked. Both events lit up social media.
Saturday, 2 November — Deepavali itself — numerous government websites were down.
The most unexcited explanation would be that the government took the threat seriously and felt that it had to harden its websites. Urgently. A new leak just in (see Report blames outage of Singapore government websites on ‘routing issues’, ‘hardware failure’) supports this hypothesis. This however raises a few other questions. Not being an IT engineer myself, I don’t know if these are pertinent questions or what the answer might be, but it seems to me questionable how the government can know within 24 – 48 hours what the vulnerabilities of a website are when it has been oblivious to the matter for years and years. All of a sudden, you know where to look and what to fix? All of a sudden, you know what the solution is? Not very logical, but perhaps IT engineers among my readers could advise.
More exciting, and surely more speculative, was the thought that one or more attempts at intrusion were detected and the government had to quickly shut down the sites. That several websites of the Philippines government were also hacked the same weekend by Anonymous only made the speculative theory more appealing.
But either way, the official explanation of “planned maintenance” just didn’t ring true.
It reminded me of the Chinese government’s initial response when cases of Severe Acute Respiratory Syndrome (SARS) first appeared ten years ago in the spring of 2003. The authorities denied that a contagious disease was spreading. Officials were not telling their citizens anything and were lying to the World Health Organisation about the death toll. According to Bloomberg, in first weeks of the outbreak, 774 persons died.
Here in Singapore too, we have a government that is so paranoid about being seen to have lost control of events, that it uses the same playbook: clam up, deny, use whatever excuse it can rummage up from a near-empty drawer.
The thing about governments obsessed about appearing invincible is that they also tend to believe that they have more credibility and enjoy more trust than they actually do. The two are linked. Governments that first begin by wanting to cement their control through appearing invincible quickly see that getting people to take seriously and believe their threats and pronouncements is a key step toward that goal of control. But human ego being what it is, the arrow of instrumentality is quickly reversed. Governments soon take for granted that they enjoy trust and credibility, and think that is why they remain in power.
It is therefore not surprising that governments which are blind and deaf to public opinion attempt to get away with bald denials and incredible excuses. A good part of our government actually thinks people believe them.
The irony then is that in refusing to say anything more than “scheduled maintenance”, this curt handling of the incident only slashed its credibility. The tiny hack also pricked the government’s aura of invincibility, even though it broke into just an inconsequential part of government mouthpiece Straits Times’ blogsite — with a readership of what? thirty-four? — yet by doing so, provoked the outsized, panicky response that it did.
And doubling the irony, the hacker didn’t even need to follow up and fell government websites. The government did it for him/her, in the most public way possible.
* * * * *
One panicked response came from a a former Nominated Member of Parliament, Calvin Cheng. Although supposed to be unaffiliated to any political party, Calvin Cheng had a Young People’s Action Party history, the subject of an article by Ng E-Jay on July 2009.
One particular line from his short Facebook post was this:
This repugnant blogger then asks “That even if you are victimised by a brutish government, you should go no further than respectful and polite conversation?”
My answer to this is yes. Because this is what being a civilised society is about.
Gee, what part of “brutish government” does he not understand?
An earlier part of his post could have done with some intelligent forethought before penning his outrage. In this part, he begins by quoting from me:
“That said, some tactics cause a lot more collateral damage than others. Terrorist bombings or bus hijacks have a tendency to kill and maim innocent people, for example. If we have to draw a line somewhere, it should be on the basis of how well-targeted that choice of tactic is”
– So he is saying that it is ok to kill and main [sic] politicians, if the target is well chosen? Is he inciting murder and political assassinations?
Actually, history is replete (“replete” is not even adequate a word, given the millions of examples) with instances when people have killed in well-targetted fashion and few today would think it was the wrong response. If Claus von Stauffenberg had been successful in his attempt to assassinate Adolf Hitler, we would be hailing him as a hero today. No one is too concerned about the anti-Mussolini partisans who killed the Italian dictator in 1945. Assassinations aren’t always killings of good leaders; much depends on context.
Moreover, “well-targetted” is an internationally accepted consideration in rules of war. Every soldier (including Singaporean ones) is taught that there will be times when he has to kill, and that generally speaking, it is acceptable if it is an enemy combatant that is attacking us. Millions have been killed in various wars in this “well-targetted” way and while we grieve for the loss, we can also understand how and why the tragedies came about. I doubt if any sane person would say that if enemy soldier is firing at you, you shouldn’t shoot back.
Sometimes, the other side hasn’t even begun shooting. Read up the how snipers were told to kill three Somali hijackers (said to be teenagers) in the Maersk Alabama hijacking. Were the snipers wrong to do as they did?
One lazy distinction is to say that when someone is given orders by a state to kill, it is alright, but no private person can do so for what he feels is a personal cause. That’s a very dangerous reduction, if you ask me. Through history, states have been far less than noble. Some have been downright evil. Much of history is about struggles that inevitably involve violence, sometimes preplanned, sometimes not, to secure freedom or progress, e.g. the innumerable slave rebellions in American history; the struggle against apartheid in South Africa, which though meant to be peaceful, was repeatedly punctuated by rioting.
At the same time, we need to beware how history is revised by victors to cast the vanquished’s aims and methods as illegitimate, and their own acts of violence as a justifiable route to their shining ascendency.
“Nothing justifies violence and acts of criminality,” wrote Calvin Cheng.
Beware too how the presently powerful do the same to less powerful groups that contest their position, among which is classification of acts of resistance as criminal. Read Jothie Rajah’s book, in which she described how, in order to suppress opposition party Barisan Sosialis’ attempts to get their message out to the people (i.e. by sticking posters up in public places, since the press had been controlled), Singapore’s People’s Action Party government made “vandalism” as they called it, a caning offence.
I think it is important that Singaporeans become more capable of critical thinking, hard as it may be in an environment wherein thunderclaps of self-righteous government-speak issue daily. One lesson we can take from this Calvin Cheng post is that mouthing uninformed, unreflexive responses to what is really a highly context-dependant and historically-subjective issue — the issue being the morality of acts of resistance — only reveals an embarrassing simple-mindedness.
Addendum, Tuesday, 5 Nov 2013, 12:15h
An internal incident report with the Infocomm Development Authority (IDA) letterhead, and which Today newspaper says it “understands to be genuine” was leaked yesterday. It is published at the TechInAsia site (IDA blames outage of Singapore government websites on technical issues, denies hackers involved). The contents of the letter appear consistent with what was reported to have been told to the media at an IDA press conference Monday afternoon.
The chronology of events as revealed by the letter and reported by Today was as follows:
1. Maintenance work was “brought forward,” quoting Today’s news report, “in the wake of last week’s threat by a group claiming to be part of the Anonymous hacking collective”;
2. “Urgent scheduled maintenance” was meant to be done on Friday, 1 Nov 2013 from 13:00h to 15:00h, “to test the implementation of a security solution for internet access” — according to the leaked report;
3. During the test, the internet connection was “swung from the primary link to the secondary link.” However, “a routing problem was detected at the secondary internet link and the swing to secondary link was unsuccessful”;
4. “When the internet connection was swung back to the primary link, the router experienced a hardware failure.” This happened at the “Internet facing router”;
5. Then, a “replacement router was set up to support the primary link,” but they “encountered difficulty in re-establishing the network connection with the ISP infrastructure”.
6. Internet connection was restored at 17:21h on Saturday, 2 Nov 2013.
So the chief theory that was circulating on social media over the weekend (in the absence of information from the government itself) was correct. They were urgently trying to harden their websites.
It’s not over yet. Today reported the IDA spokesperson to have told the media that over the next few days, some government websites may continue to face downtime.
What this report shows is that there was much inherent fragility and unreliability in the system. They couldn’t even do a security fix without causing the whole thing to crash. Instead of being reassured, should we be even more worried?