SINGAPORE - A Singaporean cracked the passwords of about 300 SingPass account holders and sold these account holders' personal details to a China-based syndicate involved in sham Singapore visa applications for $1,500.
The Zhejiang-based syndicate successfully applied for 23 visas and 20 Chinese nationals entered Singapore using those visas.
Three were later found to have committed criminal offences while in Singapore. They have since been dealt with and repatriated, with the status of the rest unknown.
On Thursday (March 24), the Singaporean, former administrative assistant James Sim Guan Liang, 39, was jailed for five years and two months.
Agreeing with the prosecution's call for a deterrent sentence, District Judge Low Wee Ping told Sim: "As a result of your crime, some criminals made use of these SingPass passwords and our immigration and border protection system was breached."
"The sheer number of charges which have been preferred against you is staggering - 886."
Sim had earlier pleaded guilty to 73 charges and also admitted to another 813 counts for consideration in sentencing. Most of the offences committed come under the Computer Misuse Act.
Noting that Sim had unlawfully accessed the computer systems of the Media Development Authority (MDA) and the Central Provident Fund Board (CPF) 577 times to "harvest" information, the judge said: "It is no different from breaking into a home 577 times."
He added: "The SingPass system is a very vital part of our Singapore government info-technology infrastructure. The entire nation relies on it. For you to compromise this important system and expose hundreds of users to potential harm is unconscionable."
The case had also created "significant public disquiet", the judge noted, as people would have wondered if their SingPass accounts had also been breached, or had details disclosed.
Between March and May 2011, Sim spent hours making tens of thousands of log- in attempts from his home in Toa Payoh, after realising that people could use their NRIC number as their SingPass password. He keyed the SingPass log-in details into the e-services websites belonging to MDA and CPF.
To increase his chances of cracking the passwords, he would make changes to the last one or two digits of the SingPass ID and its alphabet suffix. Once successful, he would use the credentials to log onto a different government website to retrieve the account holder's personal particulars.
After compiling these details, Sim would e-mail them in batches to a person with the pseudonym "Lemon", to help the syndicate make a false statement to get a Singapore visa. Details from 293 SingPass accounts were unlawfully disclosed by Sim, who received $300 for each batch he gave to Lemon.
Sim became involved in the syndicate in 2006, after meeting Lemon at a gathering with members from a now-defunct social networking website. Lemon told Sim he could make some money by handing his NRIC over for a day.
Despite knowing that his credentials were being used in sham Singapore visa applications, Sim continued to supply them on several occasions and received $100 each time. When his NRIC number was rejected and could no longer be used, Lemon asked him to provide the SingPass credentials of others.
Sim admitted his involvement in the scheme, after Immigration and Checkpoints Authority officials detected numerous suspicious visa applications involving a common credit card. None of the other perpetrators associated with the Chinese syndicate has been identified.
Deputy Public Prosecutor Jeremy Lua asked for five to six years' jail to "send a clear message to like-minded individuals that such behaviour will not be tolerated". Sim's lawyer Louis Joseph asked for three years' jail. Sim will start serving his sentence on April 7.