*Edit on Mar. 21, 6.25pm: We have edited the article to reflect that passwords and credentials within government have not been stolen. Instead, government officers had used their government email addresses for personal and non-official purposes and had that information harvested.*

The Internet can be a dangerous place.

Hundreds of personal user IDs and passwords belonging to individuals working in multiple government organisations, along with the information of nearly 20,000 cards from local banks, have been harvested by hackers and put for up sale.

Singapore revealed to be a prime target

On Mar. 19, a report issued by Russian cyber-security company, Group-IB, revealed that Southeast Asia and Singapore in particular, was among the most actively attacked regions in cyberspace.

This is due to Singapore's reputation as a finance and cryptocurrency hub.

A total of 19,928 Singaporean bank cards were discovered for sale in the dark web in 2018, representing an increase of 56 per cent from 2017.

Group-IB elaborated that an underground market economy has since emerged over the sale of the compromised Singaporean bank cards.

The total underground market value of these cards was estimated at nearly US$640,000 in 2018.

Government accounts compromised

Group-IB also revealed that hundreds of personal accounts of government officers were harvested by hackers over the past two years.

These officers had used their government email addresses to sign up for personal and non-official purposes.

These officers belonged to the following organisations:

• GovTech
• Ministry of Education (MOE)
• Ministry of Health (MOH)
• Singapore Police Force (SPF)
• National University of Singapore (NUS)

One compromised account is enough to launch an attack

Dmitry Volkov, Chief Technical Officer and Head of Threat Intelligence of Group-IB, added that one compromised account was enough for hackers to launch an attack on government organisations.

Volkov explained:

"Users’ accounts from government resources are either sold on underground forums or used in targeted attacks on government agencies for the purpose of espionage or sabotage.

Even one compromised account, unless detected at the right time, can lead to the disruption of internal operations or leak of government secrets."

Additionally, public data leaks also provided a significant source of compromised government accounts for hackers.

Group-IB further highlighted that in its analysis of recent public data breaches, it had discovered 3,689 unique records (email & passwords) related to Singaporean government websites accounts.

Smart Nation's reply

A spokesperson from the Smart Nation and Digital Government Group told The Straits Times that GovTech had first been alerted to the issue in Jan. 2019.

They learned that an unspecified number of email credentials had been discovered in illegal databanks.

The spokesperson clarified that the compromised accounts were email accounts and passwords that had been provided by individuals, and stated that the response was:

"As an immediate precautionary measure, all officers with affected credentials have changed their passwords. There are no other information fields exposed apart from the email address and password."

In breaking down the numbers, the spokesperson stated that around 50,000 of the compromised accounts were government email addresses, of which the majority were outdated or bogus addresses.

However, 119 of those addresses still remained in use.

The spokesperson also clarified that the accounts had not been leaked from government systems, but rather, from the use of government email addresses for personal and non-official purposes by officers.

According to the spokesperson, the officers have been "reminded" not to use government emails for such purposes, as part of basic cyber-hygiene.

Related story:

Top image from Pixabay.