COI Report – Part IV
Page 161 of 425
503. Katherine did not press for an answer to her query. By this time, she was of the view that IHiS was dealing with a security incident, but she did not personally report the matter to anyone else. Neither did she associate the active queries with the failed login attempts in June 2018, in spite of certain indications, such as the fact that the database being queried was the same database on which failed login attempts were made repeatedly on 11, 12,13, and 26 June 2018, and the fact that VM 1 was used in attempts to login to the SCM database both on
13 June 2018 and 4 July 2018. After Ernest spoke with her that afternoon, she was of the view that there was no further need for her to make any additional report.
504. On Sze Chun’s part, when he first saw Katherine’s question and the screenshot, he did not know who the incident should be reported to, as he was not aware of any incident reporting framework. Furthermore, Benjamin from the
SMD was already aware of the situation. Sze Chun explained that he “did not
make any conscious decision, one way or the other, as to whether the incident
should be reported”, and that he “was focused on trying to stop the queries at
that point in time.”
26.11 Preventing further queries to the SCM database from the SGH
Citrix servers
505. On the night of 4 July 2018, IHiS staff decided that something had to be done to prevent further queries or access to the SCM database from the SGH
Citrix servers. To this end, Lum took stepson the night of 4 July 2018 to prevent such access.
26.12 Implementing scripts on the SCM database to block malicious
queries
506. On the night of 4 July 2018, Katherine and Sze Chun worked together on a script to be implemented on the SCM database to block malicious queries and to alert them when any such queries were made. Katherine has explained that ordinarily, a Change Request has to be made in order fora script to be made and
|
