SingHealth cyber breach

Hackers were likely trying to get sensitive info on PM Lee: Experts

They point to possibility that state actors were behind attack, given level of sophistication and resources needed

Hackers who accessed the personal particulars and medication data of Prime Minister Lee Hsien Loong were likely trying to obtain what they hoped would be sensitive information to use against him, political and cyber-security experts said.

They added that state actors could well have been behind the attack, in which repeated attempts were specifically made to locate PM Lee's records.

The Prime Minister's information, along with that of 1.5 million other SingHealth patients, was copied and exported illegally in the worst-ever data breach in Singapore. This included their name, NRIC number, address, gender, race and date of birth.

For 160,000 of these individuals, including PM Lee, information about the medication they had been prescribed was also stolen.

Dr Shashi Jayakumar, head of the S. Rajaratnam School of International Studies' (RSIS) Centre of Excellence for National Security, said there was a strong possibility that the cyber attack was state sponsored, given that the Government said it was "targeted", "carefully planned" and "not the work of casual hackers or criminal gangs".

"Some states are certainly very capable in this regard," he said, adding that it could also be a "state actor working in concert with a criminal enterprise, both with their own aims in mind".

MP Cedric Foo, chair of the Government Parliamentary Committee for Communications and Information, including Smart Nation, said cyber attacks against Singapore were not uncommon.

Describing it as a new form of spying, he said the objective of such attacks was to get diplomatic advantage over another country.

On who the attackers could be, Mr Benjamin Ang of RSIS said it might be "any state who wishes ill of Singapore, or wants an advantage over Singapore, or just wants to collect sensitive information that could be useful one day".

A spokesman for Bitglass, which offers cloud computing services to protect sensitive corporate data, singled out China, Russia and the United States as being "more notorious for their creation of malware than others", though he did not say if he thought they were responsible for the SingHealth attack.

Mr Joseph Gan, president and co-founder of digital security firm V-Key, said the sophistication of the attacks points to a level of capability likely to have been attained through state funding, and noted: "The tools and techniques needed to stay so stealthily hidden would require a huge amount of resources."

When asked at a press conference yesterday, Cyber Security Agency chief executive David Koh said there was no evidence the stolen information "has been used in any other transactions". Nor has it been put on sale or made available on the Internet, he added.

Mr Ang, who leads the Cyber and Homeland Defence Programme at the Centre of Excellence for National Security, said personal information of high-ranking government officials would be interesting to other states and criminals who could sell it to other countries.

Some information could be sensitive or potentially embarrassing or harmful to confidence, he added. For instance, if attackers discover a previously unknown medical condition, they could use the information to blackmail the Prime Minister or reveal the information to dent Singaporeans' confidence in him, he said.

Blackmail and reputational damage aside, another use for the data could be to build a complete digital identity of PM Lee, said Mr Foo Siang-tse, managing director of Singapore-based cyber security services provider Quann. He added: "From an attacker's perspective, having a complete digital identity allows the attacker to impersonate individuals for access to other systems."

Mr Gan said: "Singapore is a well-connected digital hub, and we punch above our weight internationally. So, we should expect that a number of nation states would be interested to gather information on us."

Join ST's Telegram channel and get the latest breaking news delivered to you.

A version of this article appeared in the print edition of The Straits Times on July 21, 2018, with the headline Hackers were likely trying to get sensitive info on PM Lee: Experts. Subscribe