Photo from theVineDC

Yesterday (11 July), multinational cybersecurity and anti-virus provider Kaspersky said in a press released that their experts have uncovered new versions of the advance malicious surveillance tool ‘FinSpy’.

The new version implants function on both iOS and Android devices, monitoring activity on almost all popular messaging services including encrypted ones like WhatsApp and Telegram. Kaspersky noted that the malware is also better than hiding their traces than ever before.

FinSpy enables the almost unlimited monitoring of activities on a device from geolocation to incoming and outgoing messages, contacts, media, and data from popular communication applications such as WhatsApp, Facebook Messenger and Viber. The latest version of this malware extends the surveillance functionality to include even services that are considered ‘secure’ such as Telegram, Signal or Threema.

The basic functionality of the malware includes almost unlimited monitoring of the device’s activities: such as geolocation, all incoming and outgoing messages, contacts, media stored on the device, and data from popular messaging services like WhatsApp, Facebook messenger or Viber. All the exfiltrated data is transferred to the attacker via SMS messages or the HTTP protocol.

FinSpy is a product by German company FinFisher which, according to a WikiLeaks, “produces and sells computer intrusion systems, software exploits and remote monitoring systems that are capable of intercepting communications and data from OS X, Windows and Linux computers as well as Android, iOS, BlackBerry, Symbian and Windows Mobile devices.”

Singapore company with ties to the government has purchased FinTech spyware

Back in September 2014, a Wikileaks media release noted that a Singapore company was one of several which have allegedly purchased “weaponised German surveillance malware” for use. The company in question is PCS Security Pte Ltd (PCS) which was incorporated in 1998 and headed by Singaporeans.

According to Wikileaks, PCS had apparently spent some €3,166,560 (approximately S$5.1 million at the time) in 2012 on the licences for the malware products. Some of the products they purchased include FinSpy, FinIntrusion, and FinUSB Suite.

Based on the licenses that PCS purchased in 2012, up to 500 devices can be monitored using the system, enabling them to record online activities and logging usernames and passwords. The FinIntrusion product even records all accounts logged into public wi-fi networks.

PCS declares on its website that it prides itself “in delivering value-added systems with our domain expertise and experience in Homeland Security and Infocomm Security.”

“We have the expertise and capability to deliver cutting-edge technology solutions for our Customers in the Government, trade and the commercial sector,” it said.

According to official records, PCS itself is fully owned by another outfit – the Phoenix Co-operative Society but not much is known about the co-operative. In 2010, Phoenix Co-operative Society was one of four co-operatives which were given an exemption under Section 97 of the Co-operative Societies Act. In effect, the chairman, secretary and treasurer of exempted co-operatives do not have to be elected by members of the management committee or members of the society.

The other three exempted co-operatives are the Singapore Police Co-operative Society Limited, Singapore Prison Service Multi-Purpose Co-operative Society Limited and Industrial and Services Co-operative Society Limited – all three are under the purview of the Ministry of Home Affairs.

We also note that former Internal Security Department (ISD) officer, Sim Poh Heng was a director at Phoenix in the early days of the PCS and that it is likely it was named after the Phoenix Park Complex where the ISD used to be located.

Not only that, based on leaked customer request forms we can see that PCS was actively using the spyware program.

When TOC reported on PCS being named by WikiLeaks back in 2014, we reached out to the police, Attorney General’s Chambers, the Ministry of Communications and Information, and several ministers – Mr Yaacob Ibrahim, Mr Zaqy Mohammad and Mr Baey Yam Keng – on the government’s knowledge of the purchase.

The only replies we received were from the police and the Attorney’s General Office suggesting that we seek advice from a legal counsel instead and referred us to Legal Aid. No one else responded to our queries.

The important questions that remain today:
1) Is PCS Security still in possession of the spyware
2) Did they use the spyware in any way and
3) is there any legal oversight on the usage of such software given that a private limited company in Singapore is in possession of it? Given that there is no exemption by law for a private contractor to hold onto illegal software as in the case of firearms.

Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments
You May Also Like

Takeover of AWARE – “Please sit up and pay attention.”

Editor of Glass Castle, Jolene, addresses the takeover of AWARE.

探讨异议课程被批鼓励示威 亚菲言:最好的方式是让学生提出疑问

近日,耶鲁—国大学院临时取消一门名为《新加坡的异议与抵抗》的课程。课程由新加坡知名剧作家亚菲言执导,与参与学生探讨本土的公民抗命模式。原计划于本月本月27日至10月5日进行,结果在开课前两周就却被喊停。 耶鲁—国大学院校长陈大荣教授解释,课程“未批判性地接触多元观点,这对于探讨围绕在异议周边的政治、社会和伦理议题,去做作妥当的学术检视是需要的”。 虽然课程被喊停了,不过Singapore Matters 脸书专页,制作成视频抨击有关课程,指该课程有意鼓励学生进行示威运动,尤其宣传暴力示威。 视频中声称,该课程意图向学生传达公民抗命行动,例如试图透过倡导政治议题而不谨守规范、课堂设计并不区分和平、合法抵抗以及如今日香港的暴力抵抗其之间的区别。 Singapore Matters 脸书专页,向来以关注新加坡大小事为宗旨,其舆论则倾向支持建制派并打压反对党和维权人士的言论。 亚菲言:引导学生反思本土抗争运动 然而,亚菲言于脸书上澄清,当初该课程设计,旨在引导学生从不同角度思考新加坡的抗议行动,例如抗议的意义、以及为何媒体需要将抗议组织或人士设定为“麻烦者”、他们又是为谁制造了麻烦,并非如视频中说的教导学生如何组织公共示威,并指控将课程与香港的政治动荡画上等号是不符合他当初的意愿。 他解释,“其中最好的了解方式就是和抗议者面对面,让学生能亲自向他们提出疑问。”…