NSF bug hunter wins big

https://www.mindef.gov.sg/web/wcm/connect/pioneer/5c1ec963-722c-4bcb-92a1-6acdb9ec1461/1_DSC_8464+copy.JPG?MOD=AJPERES&CACHEID=ROOTWORKSPACE.Z18_1QK41482LG0G10Q8NM8IUA1051-5c1ec963-722c-4bcb-92a1-6acdb9ec1461-mUFNTe. /web/wcm/connect/pioneer/5c1ec963-722c-4bcb-92a1-6acdb9ec1461/1_DSC_8464+copy.JPG?MOD=AJPERES&CACHEID=ROOTWORKSPACE.Z18_1QK41482LG0G10Q8NM8IUA1051-5c1ec963-722c-4bcb-92a1-6acdb9ec1461-mUFNTe. /web/portal/pioneer/article/regular-article-detail/technology/2019-Q4/02nov19_news1
02 Nov 2019 | TECHNOLOGY

NSF bug hunter wins big

// Report by Thrina Tham

// Photos by Kenneth Lin

English 华文
3SG Lim beat 304 white hat hackers around the world to emerge as Top Bug Hunter in MINDEF’s Bug Bounty Programme.

For three straight weeks, 3rd Sergeant (3SG) Eugene Lim would spend 10 hours a week searching for "bugs".

The Full-Time National Serviceman (NSF) would use his nights off hunting for system vulnerabilities in the Ministry of Defence’s second Bug Bounty Programme which ran from 30 Sep to 21 Oct this year.

His typical weekends saw him "hunting" from 11am to 6pm, followed by a quick meeting with his family or girlfriend, before hunting again until 2am in the morning.

His efforts paid off.

The 24-year-old topped a total of 305 white hat hackers, or ethical hackers, to emerge as the "Top Bug Hunter".

Defence Cyber Chief Brigadier-General Mark Tan (right) presenting the Top Bug Hunter award to 3SG Lim in a ceremony on 1 Nov.

The programme saw 134 local and 171 international white hat hackers invited to search for vulnerabilities (or bugs) in 11 of MINDEF's Internet-facing systems.

Participants reported 52 vulnerabilities, of which 20 were valid. 3SG Lim uncovered eight out of those 20 valid and unique vulnerabilities reported, which put him squarely in the lead among the hackers.

He also received an award for "First Reported Bug", which he found within the first hour of the programme opening.

His interest in cybersecurity was piqued when he took part in the first Army Cyber Defence Exercise last October. During the exercise, he would work with other cyber defenders to respond to online threats to defend simulated training networks.

3SG Lim (seated, third from left) taking part in the Army Cyber Defence Exercise last year. Chief of Army Brigadier-General Goh Si Hou (standing, third from left) also observed the exercise. [Photo: Singapore Army Facebook].

He then joined two Government Bug Bounty Programmes – this January and July – where he emerged as the top hacker in the second edition.

The self-taught hacker, who is a Supply Supervisor at the 12th Command, Control, Communications, Computers and Intelligence Battalion, said that it takes creativity to bypass protection tools (such as firewalls) that are set up by system administrators.

"They'll put a lock on the front door so you have to find another way – a window, an unlocked back door – to get yourself into the 'house'."

And it's a "thrill" to be able to get in, said 3SG Lim, who goes by the moniker SpaceRacoon online.

"It's a rush when you finally 'pop the shell', which is to be able control the server. There's a huge sense of achievement."

"For us white hat hackers, we would then submit proof (for the system administrator) to reproduce the bug themselves," said 3SG Lim, who graduated from Yale University last year with a Double Major in Computer Science and History.

3SG Lim, who will work as a civil servant after he completes his National Service on 31 Dec, is not shy about the fact that cybersecurity is his "primary hobby".

Earlier this year, he built a web app for scanning malicious packages, which he presented at Black Hat Asia (Arsenal), a convention on open source tools.

When asked on how he got into white hat hacking, he said: "I wanted to contribute to Singapore's cyber security and testing government systems was interesting to me."

"Being able to find vulnerabilities for MINDEF, as an NSF, was also a big motivation."

He added that his hobby has helped to foster a positive attitude: "If I meet an obstacle, I'll always think of ways around it.

"These problem-solving skills will be useful in any role I take on (in the future)."

Suggested Reading
Defence scholars with a passion to serve
Defence scholars with a passion to serve

The defence scholarship awards are a responsibility not for those lacking in resolve or steel in their characters, said defence minister Dr Ng Eng Hen.

A different kind of defence
A different kind of defence

All his life, Military Expert (ME) 4 Devaraj Chandramoorthi thought he would be a lawyer, arguing cases and standing up for justice.

What you need to know about the new Special Operations Command Centre Feature
What you need to know about the new Special Operations Command Centre

Mission planners can now coordinate multiple counter-terrorism operations across the country from a centralised command centre.

She loves a good challenge
She loves a good challenge

As a cyberthreat analyst working in the private sector, Ms Serena Ong’s interest was piqued when the Singapore Armed Forces (SAF) announced the setting up of the Defence Cyber Organisation (DCO) in 2017.

Students develop AI and cybersecurity solutions at inaugural youth tech event
Students develop AI and cybersecurity solutions at inaugural youth tech event

Only one out of four members in the team had deep knowledge of Artificial Intelligence (AI), but that did not stop them from developing an AI model that can accurately recognise and classify human gestures and poses in images.

Building collaboration to boost defence and security tech
Building collaboration to boost defence and security tech

The inaugural Singapore Defence Tech Summit (SDTS) is being held from 27 to 29 Jun. The three-day event brings together more than 400 industry experts from 17 countries, including policy-makers, defence scientists and leaders from academia and think tanks.