SINGAPORE — The Home Team Science and Technology Agency (HTX) has awarded a limited tender of S$17.7 million to a company headquartered in Israel for its forensic software licenses and services.
The limited tender, entitled “Entreprise level agreement for cellebrite forensic software licenses and services for (5+5) years” was awarded by HTX to Cellebrite Asia Pacific Ltd on 19 December.
The reason given for the tender being limited to the company was that the “products and services can only be provided by a particular supplier”.
HTX is a statatory board established in December 2019 under the Ministry of Home Affairs (MHA), said to better secure Singapore with its science and technology capabilities.
It states on its website that it leverages on the latest technologies and in-depth specialisations to integrate a full range of science and technology (S&T) capabilities — such as Digital and Information Forensics — in homeland security to keep Singapore safe and secure.
The winning tenderer is one of the fourteen offices that Israesli company, Cellebrite operates. It is a digital forensic intelligence company known for its phone-hacking technology.
The Universal Forensic Extraction Device (UFED) that it supplies, allows users to break into password-protected phones and retrieve all the information they contain.
This technology does not allow remote hacking and requires physical access to the phone.
In some cases, it has been used to extract the contents of devices seized during illegal examinations of journalists and human rights advocates such as Uganda, Botswana, India, and Saudi Arabia.
Even after Cellebrite said it withdrew from China and Hong Kong, an Intercept investigation has found, police on the mainland continued to buy the company’s UFED, products, which allow officers to break into phones in their possession and siphon off data.
Signal, an open-source encrypted private messenger, shared details of the UFED after its creator, Moxie Marlinspike, got hold of a Cellebrite kit containing two key pieces of Windows software, the UFED and Physical Analyser.
On its website, HTX shared that it is in the midst of developing DIGEST, a Digital Evidence Search Tool, which aims to automate the forensic processing of voluminous data, to complement the Forensic Kiosk.
HTX explains that the system works by ingesting the data required to be examined. Once the data has been processed, the officer is notified and will be able to access DIGEST at any time to review the data via a user-friendly interface and generate a customised report.
It is very unlikely a warrant is required for the Police to access data in the devices that were seized, as it can even access data from the COVID contact tracing system when it was not told to the public that the police could.
Spyware used by Govt, Police or GLC?
While UFED is limited to accessing data from physical devices, TOC has earlier reported the acquistion of FinFisher by PCS Security Pte Ltd (PCS), a company under Phoenix Co-operative Society in Singapore, back in 2014.
According to Wikileaks, PCS Security Pte Ltd apparently spent some 3,166,560 euros (around 5.1 million Singapore dollars) in 2012 on the licences for the malware products.
Based on the licenses which were purchased by PCS Security Pte Ltd, up to 500 target computers can be monitored using the spying system, recording the online activities of the user as well as logging all usernames and passwords. Installation of the spying system can be easy as just plugging a USB stick into the computer with little or no technical knowledge.
Perhaps a more sinister product purchased is the FinIntrusion which allows agents using the software to record all accounts logged in to public wi-fi access networks such as in hotel lobbies, libraries, etc.
Another product, FinSpy allows the almost unlimited monitoring of activities on a device from geolocation to incoming and outgoing messages, contacts, media, and data from popular communication applications such as WhatsApp, Facebook Messenger and Viber. The latest version of this malware extends the surveillance functionality to include even services that are considered ‘secure’ such as Telegram, Signal or Threema.
The new version implants function on both iOS and Android devices, monitoring activity on almost all popular messaging services including encrypted ones like WhatsApp and Telegram. Kaspersky noted that the malware is also better than hiding their traces than ever before.
In 2010, Phoenix Co-operative Society was one of four co-operatives which were given an exemption under Section 97 of the Co-operative Societies Act. In effect, the chairman, secretary and treasurer of exempted co-operatives do not have to be elected by members of the management committee or members of the society.
The other three exempted co-operatives are the Singapore Police Co-operative Society Limited, Singapore Prison Service Multi-Purpose Co-operative Society Limited and Industrial and Services Co-operative Society Limited – all three are under the purview of the Ministry of Home Affairs.
We also note that former Internal Security Department (ISD) officer, Sim Poh Heng was a director at Phoenix in the early days of the PCS and that it is likely it was named after the Phoenix Park Complex where the ISD used to be located.
Not only that, based on leaked customer request forms we can see that PCS was actively using the spyware program.
There has not been any statement from the Singapore Government in response to previous queries about the purchase of FinFisher by the Singapore company and whether the Government has been using the spyware in Singapore.