Last week, TOC reported the alleged purchase of “weaponised German surveillance malware” by a Singapore company, as revealed in a Wikileaks media release on 15 September.

The Singapore company which is said to have purchased the products is apparently PCS Security Pte Ltd, which was incorporated in 1998 by two Singaporeans, and is now headed by five Singaporeans with $2 million dollars of paid up capital.

TOC understands that this private company is wholly owned by Phoenix Co-operation Society Ltd, but more information is publicly unavailable on the co-op except that it was granted a statutory exemption from the Government under the Co-operative Societies Act.

This bestowed full administrative powers on the president of Phoenix, unlike other co-operatives.

Till date, there has been no response from the contact person listed for Phoenix Co-operative Society Ltd on who exactly is the president of co-operative.

On its website, PCS says it prides itself “in delivering value-added systems with our domain expertise and experience in Homeland Security and Infocomm Security.”

“We have the expertise and capability to deliver cutting-edge technology solutions for our Customers in the Government, trade and the commercial sector,” it said.

TOC has sent repeated queries to PCS Security on the accusations of the company purchasing the surveillance malware by Wikileaks since last week , but the company has yet to respond.

While TOC investigates further on PCS Security Ltd, let’s look at the capability of the malware and items said to be purchased by PCS.  

In the information released by Wikileaks, the licences purchased by PCS Security Pte Ltd from Finfisher are FinSpy, FinIntrusion, FinUSB Suite and FinUSB.

FinSpy is described by the software company as a field-proven remote monitoring solution that allows monitoring of mobile and security-aware targets that regularly change location, use encrypted and anonymous communication channels and travel inter-nationally.

When FinSpy is installed on a computer system, the surveillance system can be remotely controlled and accessed as soon as it is connected to the Internet, no matter where in the world the system is located.

However, users will need to obtain FinSpy licenses from Finfisher as information is routed through Finfisher’s server before reaching the users’ terminal.

From the information provided by Wikileaks, it is surmised that PCS purchased licenses to monitor up to 500 targets in 2012.

The FinFly USB provides an easy-to-use and reliable way of installing Remote Monitoring Solutions on computer systems when physical access is available to the agents.

Once the FinFly USB is inserted into a computer, it automatically installs the configured software with little or no user-interaction and does not require IT-trained agents when being used in operations. The FinFly USB can be used against multiple systems before being returned to the agent’s headquarters.

FinIntrusion Kit described as an up-to-date and covert operational kit that can be used for most common IT intru­sion operations in defensive and offensive areas.

The kit comes as a portable covert tactical unit that includes many common IT intrusion devices, all necessary adapters and antennas which can be used with the purchased malware.

FinUSB Suite is a flexible product that enables law enforcement agencies to quickly and securely extract forensic information from computer systems without the requirement of IT trained agents.

The suite consists of a headquarter notebook and ten encrypted USB dongles. They look just like any common USB stick and are easy to use, as they are pre-programmed to search exactly the data that is needed. The user interface makes it easy to configure the dongle’s operational options and to decrypt and analyse the gathered data.

FinFisher malware is said to be able to operate under all major desktop and mobile operating systems, namely Windows, OS X, Linux, Android, iOS, BlackBerry, Symbian, and Windows Mobile.

TOC asked a local network administrator, Chong Kai Xiong, about his thoughts on this surveillance system.

“FinFisher is extremely intrusive, much more so than the average spyware. It runs on every platform imaginable and collects literally everything there is to collect on infected devices. Contact lists, emails, chat messages, webcam videos, screenshots, keystrokes, you name it.
“In this information age where many people live out their lives online, the use of FinFisher against anyone is a criminal breach of privacy.
“And like all forms of malware, FinFisher requires software exploits or plain deception for delivery to the target person’s device(s). This raises a whole host of other legal and ethical issues.”

TOC sent emails to the Attorney General Chambers last week about the legality of such software and the act of hacking into one’s computer using such software but we have yet to receive any replies from them.

Subscribe
Notify of
6 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
You May Also Like

WP candidate draws flak on the Internet

A vote for the PAP is not just an endorsement of its candidate, but more importantly, is an endorsement of its policies. In Mr Yaw’s zeal to endorse MP Teo Ho Pin, perhaps he forgot about this, argues Ng E Jay.

接公平竞赛奖得主刘威延律师函 苏睿勇被要求撤“不实”文章

马拉松健将苏睿勇,接到新加坡国家奥林匹克委员会(SNOC)的律师信函,要求他撤回有关2015年东南亚运动会马拉松赛的一篇文章,并且在4月9日下午5时前作出道歉。惟,苏睿勇透过律师回应拒绝了有关要求。 这篇名为“2015 SEA Games Marathon – In My Words (2015东南亚运动会马拉松赛-就我而言)”的文章,是苏睿勇于2015年6月22日(于2018年更新)在其个人部落恪“RunSohFast”发布。这位两届东南亚运动会马拉松金牌得主,在文章中细说他在4年前赢得首个金牌的经过,其中包括在抵达第一个5公里标记后,出现了意想不到的错误U弯。 他在文中是这样写道: “接下来我预计需要回转,我寻找标志、箭头,或是一些告诉我们要回转的标志。我们看到只有一群赛道裁判员集聚在一起,但是没有发现我们已经快速接近了。我们直接越过他们,并且在他们喊着阻止,“走错了!回来!”时,我们才停下。我们转回来,平衡力发生了变化。原本跑在前方带领大家走上错误路线的领队,现在处于后方,然后追回来前方。到目前为止一直处于最后的队友Ashley(刘威延),现在反而跑在我们前端,只因为我们转错了弯。没有人放慢速度等待,比赛依旧进行着。”…

Think Centre's Labour Day Message

~ By Think Centre ~ This Labour Day, Think Centre salutes all…