NTU student hacked Kopitiam cards for free food, drinks and cigarettes

Tee Chin Yue hacked four Kopitiam cards more than 130 times, and used the ill-gotten credit to top-up more than 180 Singtel pre-paid SIM cards in exchange for cash. ST PHOTO: WONG KWAI CHOW

SINGAPORE (THE NEW PAPER) - He started by hacking stored value cards for hostel air-conditioning at Nanyang Technological University (NTU).

Realising he could take his exploits further, Tee Chin Yue, an NTU student at the time, hacked four Kopitiam cards more than 130 times, and used the ill-gotten credit to top up more than 180 Singtel pre-paid SIM cards in exchange for cash.

In total, his unauthorised transactions caused a loss of $80,800 to Kopitiam.

On Monday (March 9), Tee, 25, was convicted after pleading guilty to one charge under the Computer Misuse and Cybersecurity Act.

A similar charge was taken into consideration.

Tee, a Malaysian, had come to Singapore to study on an Asean scholarship.

He began his hacking spree in 2015, while pursuing a computer engineering degree at NTU.

While staying at the hostel, he researched how to hack stored value cards for free air-conditioning.

Around August that year, he realised he could also modify Kopitiam cards to get food and cigarettes for free.

He would change the last four digits of the hacked cards to avoid detection.

He soon discovered he could use the hacked cards to top up Singtel pre-paid SIM cards.

Tee saw this as a business opportunity and began offering discounted top-ups through online marketplace Carousell.

As an example, he would charge others $8 to top up $10 in their Singtel cards.

He received about $34,000 from Carousell users this way.

Some time in 2016, he discovered his hacked cards no longer worked. Afraid he would get caught, he threw them away.

Unknown to him, Kopitiam and the police were investigating after a police report was made on Dec 12 that year.

Tee was arrested on July 24, 2017.

He has since made full restitution to Kopitiam, and has graduated from NTU.

On Monday, Deputy Public Prosecutor David Koh urged the court to jail Tee for at least 14 months.

He said the accused used his expertise as a computer science major to exploit the system and in an attempt to cover his tracks.

DPP Koh added that Tee was motivated by greed and should receive little sympathy.

But Tee's lawyer, Mr Edmond Pereira, asked the court to call for a report to determine his client's suitability for probation.

He said Tee deserved a second chance, and had written about a solution to the loophole as part of his final-year thesis.

Tee's work superior at Trusted Services, a subsidiary of Temasek Management Services, also wrote a character reference letter, saying he would like to keep him in his employ regardless of the sentence handed to Tee.

District Judge Eddy Tham said he would like more time to consider the appropriate sentence, and adjourned sentencing for next month.

Tee is out on bail of $10,000 and expected to be back in court on April 1.

For hacking the cards, he can be jailed for up to three years, or fined up to $10,000, or both.

Join ST's WhatsApp Channel and get the latest news and must-reads.