Singapore among six governments suspected of using Israeli spyware, Citizen Lab report claims

A new report by Citizen Lab names Singapore as one of six governments suspected of using spyware from Israeli firm Paragon Solutions. The report, published on 19 March 2024, links Paragon’s Graphite spyware to infrastructure in Singapore, Australia, Canada, Cyprus, Denmark, and Israel. Citizen Lab, a research group at the University of Toronto, identified the spyware’s presence by mapping its server infrastructure. Using digital fingerprints, researchers found Graphite-linked servers hosted at telecom providers in the suspected countries, suggesting potential deployment by government agencies. These revelations come in the wake of a January 2024 alert from WhatsApp, which notified around 90 users—some of them in Italy—that they had been targeted by Graphite. WhatsApp’s parent company, Meta, later confirmed that forensic markers associated with the spyware, codenamed "BIGPRETZEL," were found on infected Android devices. The findings raise fresh concerns about the growing global spyware industry and the use of such tools by democratic governments.

How Graphite spyware works

According to Citizen Lab, Graphite spyware operates by targeting specific applications rather than the device’s entire operating system. This approach makes it harder to detect through conventional forensic methods. One known attack method involves adding a target to a WhatsApp group chat, exploiting a vulnerability in how PDFs are processed. This technique allows the spyware to execute its code and compromise the device without any user interaction. The spyware has been linked to multiple victims, including Italian NGO worker Beppe Caccia. His Android device was found to be infected with Graphite, compromising at least two unidentified apps. Another activist, David Yambio, received an Apple notification warning that his iPhone had been targeted by mercenary spyware. However, forensic analysis did not conclusively link the attack to Paragon, underscoring the challenges of detecting and attributing spyware activity. Citizen Lab notes that the targeted approach of Graphite—infecting specific apps rather than the entire operating system—may make it harder for forensic investigators to find evidence. However, this method also gives app developers more visibility into spyware operations.

Paragon’s response and denial

John Fleming, executive chairman of Paragon Solutions, responded to Citizen Lab’s findings by stating that the organisation provided limited and potentially inaccurate information. However, he did not specify which details were incorrect or confirm whether Singapore and the other identified countries were customers of Paragon spyware. Fleming reiterated that Paragon “licenses its technology to a select group of global democracies.” However, the lack of transparency surrounding these transactions raises concerns about whether the spyware is being used solely for legitimate law enforcement purposes or for politically motivated surveillance.

Singaporean authorities' silence on surveillance concerns

The Singaporean government has previously faced questions about its potential use of surveillance technologies, but official responses have been absent. In December 2024, The Online Citizen (TOC) sent an email to Home Affairs Minister K Shanmugam seeking clarification on the government’s surveillance practices, particularly regarding opposition members. The email, sent on 3 December 2024, inquired about potential monitoring of political opponents, referencing concerns raised during the perjury trial involving Workers' Party (WP) chief Pritam Singh and former WP MP Raeesah Khan. Former WP cadre member Yudhishthra Nathan testified during the trial that party members had deleted messages out of fear that “some external force or party would be able to read these messages if, for example, Raeesah Khan’s phone had been hacked.” Nathan also described an atmosphere of fear within WP, where members switched off their phones and stored them outside meeting rooms to prevent potential surveillance. Similar concerns arose when the party met with its disciplinary panel, with phones being left outside the office. In his email, TOC’s Chief Editor Terry Xu posed five key questions to the Minister of Home Affairs, including whether the Singapore government had ever used surveillance tools like Pegasus or FinSpy, and what safeguards were in place to prevent unauthorised monitoring of opposition figures. To date, no response has been received from Singaporean authorities.

The broader history of spyware use in Italy

Citizen Lab’s report also details the broader history of mercenary spyware operations in Italy, a country where multiple hacking firms have previously operated. Hacking Team, an Italian spyware company, was famously exposed in 2015 when hackers leaked internal documents revealing its sale of surveillance tools to governments, including repressive regimes. Italian authorities later launched investigations into the company’s activities. The continued presence of spyware in Italy underscores the challenges of regulating the industry. While companies like Paragon claim to sell only to democratic governments, the lack of oversight makes it difficult to prevent misuse.

The growing call for spyware regulation

The rise of spyware use in democratic nations like Singapore, Canada, and Australia has led to increased scrutiny from regulatory bodies and civil rights organisations. The United States has already blacklisted NSO Group, another Israeli spyware vendor, and discussions continue on whether similar action should be taken against Paragon Solutions. Meanwhile, tech companies like Apple and Meta have intensified their efforts to detect and block spyware operations. For Singapore, the absence of government responses to inquiries about surveillance fuels speculation about its potential use of spyware. The unanswered questions from TOC highlight broader concerns about transparency and state surveillance in the country. As Citizen Lab researchers concluded in their report: “You can’t abuse-proof mercenary spyware.” Even when spyware is marketed as a tool for law enforcement, the risks of political misuse remain high. Without transparency and accountability, the line between lawful surveillance and political espionage remains dangerously blurred.