27.7 C
Wednesday, March 29, 2023

Singapore Man Jailed For Stealing Singpass

NP_20160325_RLPASS25_1210038On the off chance that you don’t attempt to think about a decent secret word, you are welcoming inconvenience from programmers, digital security specialists here cautioned.


This is particularly vital if the secret key is for your SingPass account, which can uncover delicate data, for example, your Central Provident Fund (CPF) account, your location and the amount you gain.

Recently, a previous clerical specialist was imprisoned five years and two months for breaking the passwords of 293 SingPass account holders and offering the subtle elements to a China-based syndicate to create sham Singapore visa applications.

This happened after James Sim Guan Liang, 39, understood that a few individuals utilized their NRIC number as their SingPass watchword. (See report.)

Mr David Freer, VP of Intel Security’s Asia Pacific Consumer business, said cyberattacks happen day by day and it might be unavoidable that your record is focused on.


To secure yourself, guarantee that you utilize a solid secret key – one that has no less than eight characters and contains numbers, images and upper and lowercase letters for best impact – and distinctive ones for your different online records, he said.

The primary line of barrier for keeping your online information safe is your secret word. You ought to dependably utilize a mind boggling and difficult to-speculation password,he said.

Mr Freer included that passwords ought to be changed each three to six months.

In January, secret word administration firm SplashData broke down more than 20 million passwords that were spilled all around in the course of the most recent year and distributed the most noticeably bad ones.

The rundown was topped by12345, secret word and qwerty – the initial six letters on the top line of a general console.


New sections on the rundown, now in its fifth year, incorporate popular society references like star wars, solo, and princess, taking after the arrival of the most recent Star Wars film.

Mr Chooi Ker Ming, Fortinet Singapore’s system security advisor, said programmers search for passwords that give the most elevated rates of profitability.

Rather than putting resources into an exorbitant powerful server for savage power secret word breaking, they normally do an output with a general server and take out the most effortless targets.

The low-hanging natural products – accounts with the most effortless to-break passwords, for example, “1234567” or “secret word” – are traded off first,he said.

This turns out to be particularly perilous if that record is your SingPass account, considered extremely profitable to programmers, said Mr Freer.

Bootleg market

Through an illicitly gotten secret key, cybercriminals can discover a man’s location, the amount he wins, the amount of cash he has in his CPF account, who he is hitched to and that’s only the tip of the iceberg.

Such data empowers them to complete more genuine wrongdoings, or offer the data inside of the bootleg market, he said.

Mr Chooi additionally exhorted Internet clients to utilize e-benefits that have a second layer of security, for example, two-element verification (2FA), a procedure including a one-time watchword (OTP) that is haphazardly produced and conveyed by means of SMS or through a token.

From July 5, SingPass clients will require an OTP to execute with the CPF Board, Inland Revenue Authority of Singapore, Ministry of Manpower and Accounting and Corporate Regulatory Authority.


Said Mr Chooi: With 2FA, you don’t need to stress over secret key changes, subsequent to the OTP created is legitimate for a specific exchange as it were.

The low-hanging organic products – accounts with the simplest to-break passwords, for example, “1234567” or “secret word” – are traded off first.

– Mr Chooi Ker Ming, Fortinet Singapore’s 
network security expert

About the case

Previous clerical specialist James Sim Guan Liang, 39, was sentenced to five years and two months’ prison yesterday to crack SingPass records and offering them to a China-based syndicate.

He confronted 886 charges, for the most part under the Computer Misuse Act, and confessed to 73 of them in January. The rest were mulled over.

Court papers said he burned through a large number of hours on his PC to break the passwords of 293 SingPass accounts.

Every one of his casualties had utilized their NRIC number as their watchword.

The Chinese syndicate he sold the accreditations to utilized the data to apply for sham visas for outsiders to enter Singapore. Some of them later perpetrated violations here.

Recently, District Judge Low Wee Ping said in sentencing that the quantity of charges were stunning and he couldn’t see Sim as a first-time wrongdoer despite the fact that this was his first brush with the law.


Taking note of that Sim had unlawfully gotten to the PC frameworks of the Media Development Authority (MDA) and the Central Provident Fund Board (CPF) 577 times to reap data, the judge said: It is the same as breaking into a home 577 times.

- Advertisement -
- Advertisement -
Latest News


Hi! I'm a 29 yo male and my biggest weakness is insurance ladies. I swoon over them just like...
- Advertisement -