Table of contents exchange of letters with the minister executive summary


Further investigations by Ernest into the SQL query and the use



Download 5.91 Mb.
View original pdf
Page135/329
Date27.11.2023
Size5.91 Mb.
#62728
1   ...   131   132   133   134   135   136   137   138   ...   329
Report of the COI into the Cyber Attack on SingHealth 10 Jan 2019
26.7 Further investigations by Ernest into the SQL query and the use
of the AA. account
488. It happens that at around pm on 4 July 2018, Wee was at Ernest’s desk discussing another matter when Ernest received the email enclosing a copy of SCM Breach.pptx from Benjamin. They looked through and discussed the slides, trying to understand the information contained therein. Wee did not notice the program that had been used to run the query or the user-ID that had been used to access the SCM database. He also did not understand the syntax of the SQL query. On the other hand, Ernest had a rough understanding that the query was seeking to select a large number of records from a particular database table.
489. Ernest and Wee then went to see Katherine in person, knowing that she was a SCM database administrator. Ernest asked Katherine to explain the SQL query, including what the query could do and the records it could receive. Katherine directed Ernest to Vida Junitha (“Vida”), an IHiS IT administrator whom Katherine knew would have knowledge of the table that was being queried.
490. Vida informed Ernest that the database table contained data which was
obsolete”. Ernest did not clarify further what she meant by this. Vida also informed Ernest that the database table contained information about dispensed medication. She performed a “sample query” to retrieve one record from the database table in question. Ernest reviewed the retrieved record, and realised that it “contained staff information”.
30 Evidence was not led on what this meant. Based on the context, it appears likely that Vida’s sample query was made using the identfiers of a member of staff, and that Vida and Ernest had found that the test query did in fact retrieve the records of this staff member.


COI Report – Part IV
Page 158 of 425

491. Looking at the screenshots in SCM Breach.pptx in greater detail, Ernest realised that the queries were run using the AA. account. Ernest also noticed from the screenshots that the query was made from the second program, which was unusual.
492. At this point, Ernest only knew of the query reproduced in SCM
Breach.pptx, and did not know that there were similar queries being run repeatedly and being terminated by Katherine as they were being run. But based on the use of the AA. account and the second program, “alarm bells started
ringing” for Ernest, and thought that the query was suspicious. He and Wee thus arranged fora meeting to beheld on the morning of 5 July 2018.

Download 5.91 Mb.

Share with your friends:
1   ...   131   132   133   134   135   136   137   138   ...   329



The database is protected by copyright ©ininet.org 2024
send message
    Main page
united states
total number
vast majority
federal government
other side
next generation
supreme court
information contained
current state
executive director
national association
middle east
east coast
general assembly
private sector
same time
west coast
united kingdom
united nations
total amount
full range
highest level
soviet union
european union
national academy