COI Report – Part IV
Page
116 of
425 20 EVENTS OF 11 JUNE 2018 20.1 Detecting failed logins to the SCM database and changing of passwords for the DA. account 329. At pm on 11 June 2018, Katherine received a system-generated email showing a number of failed logins to the SCM database within a very short period of time earlier that day.
Shortly after that, she was notified of a few more failed logins earlier that same day.
330. At pm and pm on 11 June 2018, Katherine forwarded the details of the failed logins
via email to Robin Seah (“
Robin”), Kelvin Chong Wee Kiat
(“
Kelvin”) and Reynaldo Delgado Francisco (“
Rey”) from the IHiS Service Delivery (Clinical Care)
Department, asking if they had any idea what was going on. Shortly after, Katherine also forwarded
this email chain to Vicky Boh, Thota
Veerendra Naidu (“
Veerendra”) and Joanne Lim Shan Shan (“
Joanne”), who are Citrix administrators, to ascertain whether a particular IP address
was that of a Citrix server, and to followup with any further investigations. She also copied
Lum Yuan Woh (
"Lum")
in this email, in his capacity as the Assistant Director of the Citrix Team.
331. These were in fact part of the failed logins discussed in paragraph 177 (pg
62) above. All the failed logins were shown to have originated from one IP address, which was subsequently determined to be the
IP address of Citrix Server 1.
332. Katherine noticed that a number of different account names had been used to attempt to login to the database. The login attempts generally failed because they were invalid user-IDs. Applying basic commonsense, the obvious inference to be drawn was that
someone was guessing user-IDs, and therefore, the attempted access to the SCM database was likely to have been unauthorised. Yet, this
did not occur to Katherine, and she initially thought that some IHiS staff might have been “
testing the system”.
