Photo from theVineDC

Yesterday (11 July), multinational cybersecurity and anti-virus provider Kaspersky said in a press released that their experts have uncovered new versions of the advance malicious surveillance tool ‘FinSpy’.

The new version implants function on both iOS and Android devices, monitoring activity on almost all popular messaging services including encrypted ones like WhatsApp and Telegram. Kaspersky noted that the malware is also better than hiding their traces than ever before.

FinSpy enables the almost unlimited monitoring of activities on a device from geolocation to incoming and outgoing messages, contacts, media, and data from popular communication applications such as WhatsApp, Facebook Messenger and Viber. The latest version of this malware extends the surveillance functionality to include even services that are considered ‘secure’ such as Telegram, Signal or Threema.

The basic functionality of the malware includes almost unlimited monitoring of the device’s activities: such as geolocation, all incoming and outgoing messages, contacts, media stored on the device, and data from popular messaging services like WhatsApp, Facebook messenger or Viber. All the exfiltrated data is transferred to the attacker via SMS messages or the HTTP protocol.

FinSpy is a product by German company FinFisher which, according to a WikiLeaks, “produces and sells computer intrusion systems, software exploits and remote monitoring systems that are capable of intercepting communications and data from OS X, Windows and Linux computers as well as Android, iOS, BlackBerry, Symbian and Windows Mobile devices.”

Singapore company with ties to the government has purchased FinTech spyware

Back in September 2014, a Wikileaks media release noted that a Singapore company was one of several which have allegedly purchased “weaponised German surveillance malware” for use. The company in question is PCS Security Pte Ltd (PCS) which was incorporated in 1998 and headed by Singaporeans.

According to Wikileaks, PCS had apparently spent some €3,166,560 (approximately S$5.1 million at the time) in 2012 on the licences for the malware products. Some of the products they purchased include FinSpy, FinIntrusion, and FinUSB Suite.

Based on the licenses that PCS purchased in 2012, up to 500 devices can be monitored using the system, enabling them to record online activities and logging usernames and passwords. The FinIntrusion product even records all accounts logged into public wi-fi networks.

PCS declares on its website that it prides itself “in delivering value-added systems with our domain expertise and experience in Homeland Security and Infocomm Security.”

“We have the expertise and capability to deliver cutting-edge technology solutions for our Customers in the Government, trade and the commercial sector,” it said.

According to official records, PCS itself is fully owned by another outfit – the Phoenix Co-operative Society but not much is known about the co-operative. In 2010, Phoenix Co-operative Society was one of four co-operatives which were given an exemption under Section 97 of the Co-operative Societies Act. In effect, the chairman, secretary and treasurer of exempted co-operatives do not have to be elected by members of the management committee or members of the society.

The other three exempted co-operatives are the Singapore Police Co-operative Society Limited, Singapore Prison Service Multi-Purpose Co-operative Society Limited and Industrial and Services Co-operative Society Limited – all three are under the purview of the Ministry of Home Affairs.

We also note that former Internal Security Department (ISD) officer, Sim Poh Heng was a director at Phoenix in the early days of the PCS and that it is likely it was named after the Phoenix Park Complex where the ISD used to be located.

Not only that, based on leaked customer request forms we can see that PCS was actively using the spyware program.

When TOC reported on PCS being named by WikiLeaks back in 2014, we reached out to the police, Attorney General’s Chambers, the Ministry of Communications and Information, and several ministers – Mr Yaacob Ibrahim, Mr Zaqy Mohammad and Mr Baey Yam Keng – on the government’s knowledge of the purchase.

The only replies we received were from the police and the Attorney’s General Office suggesting that we seek advice from a legal counsel instead and referred us to Legal Aid. No one else responded to our queries.

The important questions that remain today:
1) Is PCS Security still in possession of the spyware
2) Did they use the spyware in any way and
3) is there any legal oversight on the usage of such software given that a private limited company in Singapore is in possession of it? Given that there is no exemption by law for a private contractor to hold onto illegal software as in the case of firearms.

Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments
You May Also Like

【武汉冠状病毒】新加坡今日无新病例

根据卫生部文告,本地迄今累计确诊武汉冠状病毒病例,维持在89例,今日(23日)无新增病例。 今日有两名病患(第九例和第64例)出院;至于其余38名仍留院病患情况大多稳定或有起色,惟仍有五人需待在加护病房。 第八和第九位确诊患者,分别为年龄56岁的中国籍夫妇。他们在上月19日抵达狮城,24日出现相关症状,27日前往陈笃生医院治疗。直至上月28日确诊。 第64例为50岁的男公民,德士司机,近期未到过中国。 另一方面,碧山民众俱乐部健身房Gymmboxx,于昨日获卫生部通知,该俱乐部其中一名会员为确诊病例。为此俱乐部立即关闭直至另行通知,同时进行消毒。 相信上述病患是第89病例,41岁男性永久居民,近期未到过中国,他是在22日早上确诊。 他上一次到该健身房是在本月6日。入院前也曾前往Affinity Equity Partners公司上班,并待在实龙岗8道的住处。

PV’s Simon Lim questions why news of SNEC mistakenly giving its staff member 5 doses of COVID-19 vaccine was hidden from public for weeks

An employee at the Singapore National Eye Centre (SNEC) had been wrongly…

TOC Feature: Better things to come for S'pore football? Really?

By Shankar Selvam and Gangasudhan The defence of the Malaysian Soccer League…