Man jailed for selling SingPass account details to syndicate

If you do not make the effort to think of a good password, you are inviting trouble from hackers, cyber security experts here warned.

This is especially crucial if the password is for your SingPass account, which can reveal sensitive information such as your Central Provident Fund (CPF) account, your address and how much you earn.

Yesterday, a former administrative assistant was jailed five years and two months for cracking the passwords of 293 SingPass account holders and selling the details to a China-based syndicate to produce sham Singapore visa applications.

This happened after James Sim Guan Liang, 39, realised that some people used their NRIC number as their SingPass password. (See report.)

Mr David Freer, vice-president of Intel Security's Asia Pacific Consumer business, said cyberattacks happen daily and it may be inevitable that your account is targeted.

To protect yourself, ensure that you use a strong password - one that has at least eight characters and contains numbers, symbols and upper and lowercase letters for best effect - and different ones for your various online accounts, he said.

Singapore

Jail, caning for man who sexually assaulted step-niece

Apr 18, 2024

Related Stories

Foreigner who bankrolled house purchases worth $6m fined $45,000

Cyclist in East Coast road rage likely affected by brain tumour

Pritam Singh appoints ex-state counsel to defend him in court over his alleged lies to Parliament

"The first line of defence for keeping your online data safe is your password. You should always use a complex and hard-to-guess password," he said.

Mr Freer added that passwords should be changed every three to six months.

In January, password management firm SplashData analysed more than 20 million passwords that were leaked globally over the last year and published the worst ones.

The list was topped by "123456", "password" and "qwerty" - the first six letters on the top row of a regular keyboard.

New entries on the list, now in its fifth year, include pop culture references like "star wars", "solo", and "princess", following the release of the latest Star Wars movie.

Mr Chooi Ker Ming, Fortinet Singapore's network security consultant, said hackers look for passwords that give the highest returns-on-investment.

"Instead of investing in a costly high-powered server for brute force password cracking, they usually do a scan with a general server and take out the easiest targets.

"The low-hanging fruits - accounts with the easiest-to-break passwords such as '1234567' or 'password' - are compromised first," he said.

This becomes especially dangerous if that account is your SingPass account, considered "very valuable" to hackers, said Mr Freer.

BLACK MARKET

"Through an illegally gotten password, cybercriminals are able to find out a person's address, how much he earns, how much money he has in his CPF account, who he is married to and more.

"Such information enables them to carry out more serious crimes, or sell the information within the black market," he said.

Mr Chooi also advised Internet users to use e-services that have a second layer of security such as two-factor authentication (2FA), a process involving a one-time password (OTP) that is randomly generated and delivered via SMS or through a token.

From July 5, SingPass users will require an OTP to transact with the CPF Board, Inland Revenue Authority of Singapore, Ministry of Manpower and Accounting and Corporate Regulatory Authority.

Said Mr Chooi: "With 2FA, you don't have to worry about password changes, since the OTP generated is valid for a particular transaction only."

The low-hanging fruits - accounts with the easiest-to-break passwords such as '1234567' or 'password' - are compromised first.

- Mr Chooi Ker Ming, Fortinet Singapore's 
network security consultant