Skip to main content

Advertisement

Advertisement

User logins, passwords from S’pore govt agencies ‘on sale on dark web’

SINGAPORE — Hundreds of user logins and passwords from government agencies and educational institutions here were put up for sale on the dark web by hackers over the last two years, according to Russian cyber-security company Group-IB.

User logins, passwords from S’pore govt agencies ‘on sale on dark web’

In response to TODAY’s queries, a spokesman from the Smart Nation and Digital Government Group said that GovTech was alerted to the presence of leaked credentials “in illegal data banks” sometime in January.

SINGAPORE — Hundreds of user logins and passwords from government agencies and educational institutions here were put up for sale on the dark web by hackers over the last two years, according to Russian cyber-security company Group-IB.

Separately, a government agency here has put the number of leaked accounts on the dark web at as high as 50,000, but cautioned that the bulk of them were either outdated or fake.

The dark web is a part of the Internet which can only be accessed using special software, allowing users to remain anonymous and making it ideal for illicit activity.

And it is not only government accounts that are being advertised there. The Russian firm’s specialists also found that the details of more than 19,000 compromised Singapore bank payment cards — with a total underground market value of nearly US$640,000 (about S$862,000) — were put up for sale last year.

Read also

In a statement on Thursday (March 21), Group-IB said that its threat intelligence team found that the leaked user credentials belonged to organisations including the Government Technology Agency (GovTech), the Ministry of Education, the Ministry of Health (MOH), the Singapore Police Force, and the National University of Singapore’s learning management system

GOVTECH KNEW OF LEAK IN JANUARY

In response to TODAY’s queries, a spokesperson from the Smart Nation and Digital Government Group said that GovTech was alerted to the presence of leaked credentials “in illegal data banks” sometime in January.

These credentials comprised individuals’ email addresses and passwords. TODAY understands that the compromised data was not a result of any system breaches at the organisations involved.

GovTech said that its own investigations uncovered about 50,000 compromised accounts, but only 119 of them were still in use. The rest were either outdated or bogus government email addresses.

"As an immediate precautionary measure, all officers with affected credentials have changed their passwords. There are no other information fields exposed apart from the email address and password," added the spokesman.

"The credentials have been leaked, not from government systems, but from the use of these government email addresses for the officers’ personal and non-official purposes. Officers have been reminded not to use government email addresses for such purposes, as part of basic cyber hygiene."

Read also

Mr Dmitry Volkov, the chief technology officer and head of threat intelligence at Group-IB, said in the statement that the compromised information could either be sold on underground forums or used for spying or to conduct cyber attacks.

“Even one compromised account, unless detected at the right time, can lead to the disruption of internal operations or leak of government secrets,” he added. “Cyber criminals steal user accounts’ data using special spyware aimed at obtaining users’ authentication data.”

HACKERS IN IT FOR THE MONEY

Regarding the stolen bank card details, Group-IB said that as one of the major financial hubs in South-east Asia, Singapore is “drawing more and more attention of financially motivated hackers every year”.

Group-IB also noted that the number of leaked cards here went up by 56 per cent in 2018 compared to the year before.

Each record could fetch as much as US$50, especially if the cards are marked as “premium” ones, such as Platinum or Signature cards, the firm added.

Read also

SPATE OF DATA BREACHES

This revelation comes on the back of a spate of data breaches in recent months.

In June last year, Singapore suffered its worst-ever cyber attack when hackers broke into SingHealth's IT systems to steal the data of 1.5 million patients, including records of the outpatient medication given to Prime Minister Lee Hsien Loong.

In January this year, the MOH revealed that the medical records of 14,200 HIV-positive people were illegally disclosed online by deported American fraudster Mikhy Farrera Brochez, whose partner Ler Teck Siang used to work at the ministry.

Most recently, the authorities disclosed last week that there was a lapse in the handling of personal data belonging to more than 808,000 blood donors.

Related topics

dark web data breach cyber attack

Read more of the latest in

Advertisement

Popular

Advertisement

Stay in the know. Anytime. Anywhere.

Subscribe to get daily news updates, insights and must reads delivered straight to your inbox.

By clicking subscribe, I agree for my personal data to be used to send me TODAY newsletters, promotional offers and for research and analysis.

Aa