Trends-CA

Jail for hackers tasked to probe ‘sites of interest’ in Singapore; laptops had info linked to foreign governments

Photo of admin-cdn admin-cdn14 hours ago
0 0 4 minutes read
Jail for hackers tasked to probe ‘sites of interest’ in Singapore; laptops had info linked to foreign governments

SINGAPORE: A man engaged three foreign hackers to come to Singapore to probe “sites of interest” for vulnerabilities, conduct penetration attacks and obtain personal information from the exploited systems.

Police arrested the trio – Chinese nationals Yan Peijian, Liu Yuqi and Huang Qin Zheng – in an operation in September 2024, and they were linked to an organised criminal group.

Yan’s laptop was later found to contain messages discussing vulnerable domains, which included five Australian, Argentinian and Vietnamese government sites.

Liu’s laptop contained a confidential e-mail between officers of Kazakhstan’s ministries of foreign affairs and industry and infrastructure development.

The prosecution said that Vanuatu citizen Xu Liangbiao, 38, had earlier engaged the trio, but he left Singapore on Aug 14, 2023, a day before the Singapore authorities arrested offenders linked to the S$3 billion (US$2.3 billion) money-laundering case. His current whereabouts are unknown.

On Nov 5, Liu, 33, was sentenced to two years, four months and four weeks’ jail, while Huang, 37, and Yan, 39, were each sentenced to two years, four months and one week in jail. Each man had pleaded guilty to four charges, including misusing a computer system and one linked to organised crime.

Deputy public prosecutors Hon Yi, Cheah Wenjie and Shaun Lim stated in court documents that the organised crime group did not directly target Singapore.

Defence lawyer Lee Teck Leng said the offenders did not achieve any real success in their hacking endeavours, adding: “Prior to their arrival in Singapore, they had never even tried hacking before. When they came to Singapore, they did not have any technical expertise to hack computers.”

In a statement on Nov 5, police said: “All three accused persons were found in possession of sophisticated hacking tools and malware, including PlugX-related malware and tools. The scale of their operations was extensive, with the accused persons collectively possessing hundreds of different remote access Trojans (RATs) and multiple virtual machines for conducting cyber attacks.”

A RAT is a type of malware that an attacker can use to gain administrative privileges and remote control of a target computer. Police said that PlugX is a sophisticated RAT associated with known advanced persistent threat groups typically linked to state-sponsored hackers.

The DPPs told the court that Yan had a background in information technology, while Liu had taught himself web design.

All three offenders knew Xu and accepted his offer to come to Singapore to work for him. In July 2022, Xu arranged for false work permit applications in the trio’s names.

Court documents stated that Yan’s work permit was applied for as a sales representative, while Huang’s and Liu’s work permits were applied for as construction workers.

The DPPs said: “(The trio) were not privy to the making of false applications on their behalf, as they assumed Xu, as their prospective employer, would handle the administrative details of their coming to Singapore.”

The trio came to Singapore on or before Sept 7, 2022, and went back to China in 2023 to celebrate Chinese New Year.

They were back in Singapore by May 2023, and in October that year, Xu tasked a subordinate to rent a property to accommodate them.

They later moved into a house in the Mount Sinai area, near Holland Road, and operated from there.

Xu was initially interested in online gambling sites and needed personal data from existing users of such platforms. This was because he wanted to try and advertise to these users, luring them to use whatever site that he might set up.

Later, he also became interested in obtaining illicit access to SMS service companies with a view to hijacking authentication systems. He then set his eyes on an SMS service company in China called Yi Mei, which was servicing two major gambling site operators.

The prosecutors said: “Xu therefore tasked (the trio) to probe sites of interest for system vulnerabilities, conduct penetration attacks and exfiltrate personal information from the exploited systems.

“This was for the purpose of conferring a financial benefit on Xu, who stood to gain should these objectives be fulfilled.”

As part of their job, the trio first gathered information on domain and sub-domain names linked to target organisations or websites.

They would then use open-source tools to scan for vulnerabilities and categorise those found according to their severity, ease of exploitation and usefulness to Xu’s objectives.

After that, they would set about exploiting these vulnerabilities, either by direct data extraction or by deploying RATs.

The trio would report on the vulnerabilities to Xu. Following his instructions, they would download compromised data including names, e-mails, phone numbers and site account credentials.

For instance, a document discovered on Huang’s computer contained names, addresses, phone numbers and billing information from a certain Philippine regional power company.

They also successfully managed to download traffic data from Yi Mei, revealing the volume of SMSes it sent out.

Court documents stated that the trio knew their actions were wrongful and they refrained from targeting Singaporean websites as they felt it was not right to do so while they were here.

They also attempted to refrain from targeting websites of governments, as they did not want to attract undue attention.

From early 2024, they paid around S$2,000 a month to maintain the front that they were legally employed in the jobs stated in their permits.

On Sept 5 that year, Xu transferred US$3 million (S$3.9 million) worth of cryptocurrency to Liu, as payment for their services since at least May 2023. The trio then agreed to split the bulk of the cryptocurrency among themselves.

On Sept 9, 2024, police conducted an operation, and the trio were arrested after officers raided the Mount Sinai house.

Among other things, the authorities found multiple RATs linked to a known hacking group called Shadow Brokers.

The DPPs said the group is known to be active since 2016 and has leaked vulnerabilities from the US National Security Agency.

On Nov 5, the prosecutors told the court: “While (the trio) were foot soldiers working for Xu, they possessed key skills and were the main engine of Xu’s illicit cyber operations.”

Lee, who represented Huang and Liu, said the offenders did not come to Singapore with any intention to commit crime, adding: “They tried to do some hacking. But they did not do that much hacking as a whole because they knew that they were really not up to the task, as they lacked the essential technical skills to hack.”

Yan’s lawyer, Kelvin Ong, told the court that the trio were “epic failures” who did not meet their “key performance indicators”. – The Straits Times/ANN

 

 

Photo of admin-cdn admin-cdn14 hours ago
0 0 4 minutes read
Photo of admin-cdn

admin-cdn

Related Articles

Raptors shut down Grizzles in resounding defensive win

Raptors shut down Grizzles in resounding defensive win

4 days ago
Tarot Cards Predictions Today, November 5, 2025: An unexpected twist ahead, these zodiac signs will face

Tarot Cards Predictions Today, November 5, 2025: An unexpected twist ahead, these zodiac signs will face

3 days ago
Mario Dumont revient sur son passage à «En direct de l’univers»

Mario Dumont revient sur son passage à «En direct de l’univers»

3 weeks ago
November 2025 Horoscope: Tarot Forecasts for All 12 Signs, Plus Design Tips To Attract Good Luck This Month

November 2025 Horoscope: Tarot Forecasts for All 12 Signs, Plus Design Tips To Attract Good Luck This Month

1 week ago

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button