Saturday, October 21, 2023

Predator Spyware: S’pore academic among at least 50 targeted by spyware campaign between Feb and June 2023: Report

×
The Straits TimesSPH Media Limited
INSTALL

S’pore academic among at least 50 targeted by spyware campaign between Feb and June: Report

The targets of the spyware campaign were sent links on social media platform X to what looked like legitimate news articles. PHOTO: ST FILE

SINGAPORE - A Singapore academic was among at least 50 targets of a foreign spyware campaign earlier in 2023, said Amnesty International in a report published on Oct 9.

It involved the sharing of malicious links on social media that seemingly redirected them to news articles, according to the report.

Dr Collin Koh Swee Lean, a senior fellow at the S. Rajaratnam School of International Studies’ (RSIS) Institute of Defence and Strategic Studies, was among a string of academics targeted between February and June.

Targets were sent links from an account called @Joseph_Gordon16 on social media platform X, formerly known as Twitter.

The report said the account likely had ties to Vietnam, despite the account claiming to be based in Singapore. X allows users to manually key in any location on their profiles.

The account has since been taken down.

Other targets selected included journalists, “academic researchers working on security issues in the South China Sea and Vietnam”, politicians in the European Parliament, Taiwan President Tsai Ing-wen, and several think-tanks and research organisations, said the report.

Get a round-up of the top stories to start your day

By signing up, you agree to our Privacy Policy and T&Cs.

People involved in international fishing regulations were also targeted. This group included senior political officials in the European Union, the United States and elsewhere.

The Predator spyware program was sent to these people and organisations. It was developed by the Intellexa group, which was founded in 2018 by former Israeli intelligence officer Tal Dilian, and sold by a network of European companies called the Intellexa Alliance.

The program can gain total access to all the data stored in or sent from a device, including photographs, location data, chat messages and recordings, without leaving a trace.

The spyware was distributed through embedded links in posts on X that were disguised as news articles on Hong Kong daily South China Morning Post’s (SCMP) website, but redirected those who opened the links to malicious websites which would install the program on their devices.

Although these links featured previews to legitimate SCMP articles, such as an April 10 story about Chinese forces monitoring a US warship passing near the Spratly Islands, a sign that they were fake was the shortened URLs used, such as “southchinapost.net”.

SCMP’s Web address is www.scmp.com

A screengrab of one of the links that would install spyware into a target’s device. The link preview, however, shows a legitimate South China Morning Post article. PHOTO: AMNESTY INTERNATIONAL

The Spratlys, a group of islands in the South China Sea, are claimed by Brunei, China, Malaysia, Taiwan, the Philippines and Vietnam.  

Dr Koh told The Straits Times that he did not know about the attempt to spy on him until after the Amnesty International report was published.

He did not recall clicking on any of the three links sent to him in April and May.

“As a matter of principle and habit, I click only on links shared by people I know on X, and not those shared by unknown accounts,” said the maritime security expert.

When contacted, RSIS said it did not know of the attempts to spy on Dr Koh, but tries to protect itself from such intrusions.

The think-tank and graduate school added that it has guidelines for social media usage. It periodically reminds staff to be careful and practise good social media habits, and to be vigilant when dealing with suspicious links, especially if these were shared by unknown accounts or sources.

The Ministry of Home Affairs said: “The Government has all along advised the public to be wary of e-mails, text messages and social media messages with suspicious URL links and to verify the authenticity of these messages before clicking on these links or attachments.”

ST has contacted SCMP for more information.

The findings in the report, dubbed the Predator Files, come after a year-long investigation based on confidential documents obtained by French investigative outlet Mediapart and German news outlet Der Spiegel.

Some 15 news outlets were involved, including the Washington Post, as well as analysts from Amnesty International’s Security Lab.

The media outlets discovered that 25 countries had bought the spyware, including Singapore. The report did not elaborate on whether the buyers were individuals, organisations or governments.

Other countries that were named as clients include Austria, Congo, Germany, Jordan, Kenya, Oman, Pakistan, Qatar, Switzerland, the United Arab Emirates and Vietnam.

Read the full story for $0.99/month

Save more than 90% on your subscription and get over 500 subscriber-only articles every month.

Unlock these benefits

  • Get subscriber-only articles on ST Web and app

  • Easy access on up to 4 devices

  • 2-week e-paper archive to ensure you never miss out on news that matters to you

Join ST's WhatsApp Channel and get the latest news and must-reads.

YOU MAY LIKE

No comments: