Singapore is using spyware, and its citizens can’t complain: Page 2 of 2
By Gabey Goh August 3, 2015
Behind the surveillance curtain
Meanwhile, Goh Su Gim (pic), the security advisor at cybersecurity firm F-Secure in Asia, has examined the Hacking Team documents that have been leaked online, and said he believes them to be legitimate.
“Especially the source code and their Galileo product architecture – it is exactly how security researchers have expected it to be,” he told DNA.
“Many have compiled the source code and replicated what products Hacking Team has been selling to the [Singapore] Government,” he added.
The leaked Hacking Team information also includes email threads that point to other Singaporean agencies showing an interest in the Italian company’s spyware, according to Goh.
These agencies include the Centre for Strategic Infocomm Technologies (CSIT), part of the Ministry of Defence; and the Infocomm Technology Division (ICTD) of the Ministry of Home Affairs (MHA) back in 2013.
Goh noted that an Israeli company, Nice Systems which specialises in telephone voice recording, data security and surveillance, serves as a partner working with Hacking Team to sell to CSIT and MHA.
“Interestingly, the MHA was interested in its IPA device (Injection Proxy Appliance),” he said.
“This is a networking device, typically installed alongside an Internet service provider’s servers, that can hijack targets’ Internet traffic without their knowing, and surreptitiously deliver malware to their device or computer.
“Tricking a target into opening a file or going to a phishing site may be not be as easy, and this is the perfect appliance to intercept Internet activity on the fly – for example, if a target wants to watch a video or download a new app, the IPA could intercept and prompt the target to install a booby-trapped version of Adobe Flash with the spyware.
“It is also interesting to note at the end of the [leaked] email, [there is the statement]: ‘(As always, but especially in this country, confidentiality is a must. Thanks.)’,” he added.
Why the IDA?
There were no further documents available to show whether discussions with the CSIT and MHA panned out and were converted to sales, Goh conceded.
He said that the F-Secure team was also unable to independently confirm whether the IDA and other agencies in South-East Asia, besides the publicly published list of clients available on the Internet, were or are Hacking Team customers.
However, Goh noted that given what Hacking Team offers, it may seem more relevant for CSIT and MHA to purchase such tools in the name of homeland security.
“But the IDA is a statutory board of the Singapore Government, under the Ministry of Communications and Information, whose mission is to develop information technology and telecommunications within Singapore – with a view to servicing citizens of all ages and companies of all sizes.
“With that said, since it is not an enforcement agency – there is no use for a surveillance tool, unless it is used for research purposes,” he said.
The IDA did not respond to DNA’s repeated requests for comment.
Up Next: Industry reflections after the Hacking Team leaks
Malaysian Govt spyware use unconstitutional, call for action
What Malaysia bought from spyware maker Hacking Team
Malware targeting GE13, spyware maker was in KL
MCMC probes The Malaysian Insider over spyware story
For more technology news and the latest updates, follow us on Twitter, LinkedIn or Like us on Facebook.