Last week, TOC reported the alleged purchase of “weaponised German surveillance malware” by a Singapore company, as revealed in a Wikileaks media release on 15 September.

The Singapore company which is said to have purchased the products is apparently PCS Security Pte Ltd, which was incorporated in 1998 by two Singaporeans, and is now headed by five Singaporeans with $2 million dollars of paid up capital.

TOC understands that this private company is wholly owned by Phoenix Co-operation Society Ltd, but more information is publicly unavailable on the co-op except that it was granted a statutory exemption from the Government under the Co-operative Societies Act.

This bestowed full administrative powers on the president of Phoenix, unlike other co-operatives.

Till date, there has been no response from the contact person listed for Phoenix Co-operative Society Ltd on who exactly is the president of co-operative.

On its website, PCS says it prides itself “in delivering value-added systems with our domain expertise and experience in Homeland Security and Infocomm Security.”

“We have the expertise and capability to deliver cutting-edge technology solutions for our Customers in the Government, trade and the commercial sector,” it said.

TOC has sent repeated queries to PCS Security on the accusations of the company purchasing the surveillance malware by Wikileaks since last week , but the company has yet to respond.

While TOC investigates further on PCS Security Ltd, let’s look at the capability of the malware and items said to be purchased by PCS.  

In the information released by Wikileaks, the licences purchased by PCS Security Pte Ltd from Finfisher are FinSpy, FinIntrusion, FinUSB Suite and FinUSB.

FinSpy is described by the software company as a field-proven remote monitoring solution that allows monitoring of mobile and security-aware targets that regularly change location, use encrypted and anonymous communication channels and travel inter-nationally.

When FinSpy is installed on a computer system, the surveillance system can be remotely controlled and accessed as soon as it is connected to the Internet, no matter where in the world the system is located.

However, users will need to obtain FinSpy licenses from Finfisher as information is routed through Finfisher’s server before reaching the users’ terminal.

From the information provided by Wikileaks, it is surmised that PCS purchased licenses to monitor up to 500 targets in 2012.

The FinFly USB provides an easy-to-use and reliable way of installing Remote Monitoring Solutions on computer systems when physical access is available to the agents.

Once the FinFly USB is inserted into a computer, it automatically installs the configured software with little or no user-interaction and does not require IT-trained agents when being used in operations. The FinFly USB can be used against multiple systems before being returned to the agent’s headquarters.

FinIntrusion Kit described as an up-to-date and covert operational kit that can be used for most common IT intru­sion operations in defensive and offensive areas.

The kit comes as a portable covert tactical unit that includes many common IT intrusion devices, all necessary adapters and antennas which can be used with the purchased malware.

FinUSB Suite is a flexible product that enables law enforcement agencies to quickly and securely extract forensic information from computer systems without the requirement of IT trained agents.

The suite consists of a headquarter notebook and ten encrypted USB dongles. They look just like any common USB stick and are easy to use, as they are pre-programmed to search exactly the data that is needed. The user interface makes it easy to configure the dongle’s operational options and to decrypt and analyse the gathered data.

FinFisher malware is said to be able to operate under all major desktop and mobile operating systems, namely Windows, OS X, Linux, Android, iOS, BlackBerry, Symbian, and Windows Mobile.

TOC asked a local network administrator, Chong Kai Xiong, about his thoughts on this surveillance system.

“FinFisher is extremely intrusive, much more so than the average spyware. It runs on every platform imaginable and collects literally everything there is to collect on infected devices. Contact lists, emails, chat messages, webcam videos, screenshots, keystrokes, you name it.
“In this information age where many people live out their lives online, the use of FinFisher against anyone is a criminal breach of privacy.
“And like all forms of malware, FinFisher requires software exploits or plain deception for delivery to the target person’s device(s). This raises a whole host of other legal and ethical issues.”

TOC sent emails to the Attorney General Chambers last week about the legality of such software and the act of hacking into one’s computer using such software but we have yet to receive any replies from them.

Subscribe
Notify of
6 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
You May Also Like

LTA to stop issuing physical road tax discs from 15 February 2017

Land Transport Authority (LTA) has reminded the public that it will stop…

Future media: Evolution of a discerning public

~by: Howard Lee~ When the Singapore Press Club closed its forum discussion…

【冠状病毒19】新增六入境病例 四人是水手

根据卫生部文告,本地在8月13日中午12时,新增102例确诊,91例都是住宿舍工作准证持有者,六例入境病例,五例社区病例。 入境病例其中两人是新加坡人,分别在本月1日和11日,从阿联酋和菲律宾返国。入境后即履行居家通知,并接受冠病检测。 其余四人是菲律宾水手,与早前确诊的同船水手有关联,他们都是在本月8日乘船从印度入境新加坡。抵境后都没有下船,因出现症状而在船上接受检测。 至于社区病例方面,包括一名本地永久居民以及四名工作证件持有者,国籍分别是孟加拉、印度、缅甸和马来西亚。他们都未出现症状,而是在当局积极检测下发现。 与此同时,也有216人康复出院,康复人数增至5万0736人。

The Mandatory Death Penalty is not the same as the Death Penalty

Yvonne Ho / Like many Singaporeans, I was in favour of the…