Singapore cyber-security firm blacklisted by the US along with those linked to Pegasus spyware

Computer Security Initiative Consultancy (Coseinc) was one of four companies blacklisted on Nov 3, 2021. PHOTO: COSEINC/FACEBOOK

SINGAPORE - A Singapore cyber-security company has been blacklisted by the US Department of Commerce for allegedly selling hacking tools that were used against individuals and organisations worldwide.

Computer Security Initiative Consultancy (Coseinc) was one of four companies blacklisted on Wednesday (Nov 3) for malicious cyber activities.

It was added to the blacklist alongside three other companies, including Israel's NSO Group and Candiru, which have been accused of developing and supplying the notorious Pegasus spyware.

The uncovering of the Pegasus spyware sparked global outrage after it was found to have been used against government officials, journalists and activists internationally.

The spyware could remotely tap phones, allowing malicious actors to turn on cameras and access data on the phone without the victims having any inkling on what was going on.

Pegasus was uncovered in 2016, but it was found to have been used from as early as 2012, and was reportedly still widely used in July this year.

A press release by the US Department of Commerce on Wednesday said Coseinc was blacklisted because it had trafficked in cyber hacking tools. The release did not provide details on the tools Coseinc had purportedly sold.

US Secretary of Commerce Gina Raimondo said: "The United States is committed to aggressively using export controls to hold companies accountable that develop, traffic or use technologies to conduct malicious activities that threaten the cyber security of members of civil society, dissidents, government officials and organisations here and abroad."

The other company blacklisted was Russia's Positive Technologies, which reportedly helped in Russian cyber attacks on the US.

Checks by The Straits Times show Coseinc was founded here in 2004 and touts itself as a cyber-security consultancy.

Its website said it is a Singapore-based, privately-funded company that is "dedicated to providing highly specialised information security services".

It has a registered address at the Citilink Warehouse Complex in Pasir Panjang, and lists Mr Joseph Quek Han Ming and Mr Thomas Lim Choon Beng as its directors.

Reuters reported that Mr Lim had allegedly previously offered to sell hacking tools to an Italian spyware vendor.

ST has contacted Coseinc for comment.

The sanctions imposed on Coseinc will significantly curtail its ability to do business with US entities.

In September, MP for Bukit Batok Murali Pillai asked in Parliament about the impact of Pegasus on the national security of Singapore and what steps were being taken to address this.

Minister for Home Affairs K. Shanmugam replied that such threats were not new, and that Singapore's security agencies have continually invested resources to guard against such threats to its systems.

He added that individuals can mitigate the risk of spyware and other malware by adopting good cyber hygiene practices, such as avoiding untrustworthy websites and not opening suspicious attachments.

Join ST's WhatsApp Channel and get the latest news and must-reads.