SINGAPORE: When Russian media leaked a recording of a German military phone call earlier in March, Berlin said it was due to a participant dialling in through an "unauthorised connection" from a Singapore hotel.
The participant was here to attend the Singapore Airshow. The February event would have been a "field day" for Russian intelligence, and hotels where attendees were staying would have been targeted by "widespread wiretapping efforts", German defence minister Boris Pistorius said.
Singapore "inevitably" attracts intelligence operations given high-level events hosted in the country amid geopolitical tensions, according to international security experts.
But Singapore's hub reputation is unlikely to take a hit, they said.
Event organisers and hotels, meanwhile, confirmed to CNA that they provide security support ranging from coordinating with telcos to conducting sweeps for surveillance devices.
"Cyberespionage is happening all over the world because we are more connected than ever before," said Dr Alan Chong, senior fellow at the S Rajaratnam School of International Studies (RSIS).
"In terms of the geopolitical location of Singapore, to me it's no surprise. Since the Cold War, long before the digital age, we were already a base of operations by both the Communist powers and the Western powers."
Intelligence operations around the world will happen more frequently as cyberespionage makes remote spy activity possible even without an agent on site, said Dr Chong.
Mr Stephane Duguin, CEO of CyberPeace Institute, said high-profile events taking place amid political tensions carry risks.
"Singapore is one of the leading hubs when it comes to cyber," he said. "It is therefore not a surprise that this alters the risk profile."
Mr Benjamin Ang, RSIS senior fellow and head of the RSIS' Centre of Excellence for National Security, echoed this.
"Spying is as old as history, but current geopolitical tensions make it especially useful for governments to leak sensitive information that they have uncovered," he added.
Dr Shashi Jayakumar, executive director of SJK Geostrategic Advisory, agreed that events in Singapore attended by prominent officials would be "tempting" targets for intelligence services to try and surveil for high-value information.
In the case of the leaked German call, it discussed support for Ukraine against Russia's invasion, including the possible delivery of long-range Taurus cruise missiles to Kyiv.
Recurring high-level international meetings in Singapore include the biennial Airshow and annual Shangri-La Dialogue defence summit.
Singapore has also been trusted to host historic talks like the 2018 Trump-Kim summit between the US and North Korean leaders, and the 2015 Xi-Ma meeting between Chinese and Taiwanese presidents.
None of the experts thought that the German defence call leak would have a lasting, adverse effect on Singapore's international reputation as host of such high-level gatherings.
"There will be short-term risks, but then people will just shrug and move on. It can't be helped. It can happen anywhere," said RSIS' Dr Chong.
Dr Jayakumar said: "We have to accept that these sorts of things may happen from time to time in Singapore, given our role not just as a host of repute for MICE events, but also as a premier convening hub for defence and security related events.
"One must presume that episodes like these are also scrutinised closely by our own security services," he added. "But any follow-up would necessarily be behind the scenes. This is in the nature of how these agencies work."
Intelligence operations in Singapore pre-date the country's independence and have been carried out at high-level events to this day.
In 1960, the US Central Intelligence Agency offered then Prime Minister Lee Kuan Yew US$3.3 million to cover up an unsuccessful intelligence operation. The US confirmed the attempted bribery after Mr Lee revealed it in 1965.
During the Trump-Kim summit in June 2018, Singapore became the top cyberattack target in the world. Out of 40,000 cyberattacks during the two-day event, 88 per cent were launched from Russia and 97 per cent of these were targeted at Singapore, according to data collected by a US technology company.
In that same month, a cyberattack on the SingHealth group's database stole the information of patients including Prime Minister Lee Hsien Loong.
Singapore's government said the attack was "the work of an advanced persistent threat group" and that such groups are "usually state-linked".
In 2022, the Shangri-La Group suffered a data breach of guests' information across eight of its hotels in Asia. This happened between May and July, and coincided with the Shangri-La Dialogue held at the eponymous Singapore hotel that June.
Collapse Expand
The leaked German defence call was made over public video conferencing platform WebEx, though Berlin has defended its use in this instance as legitimate.
Instead, Germany's defence minister blamed the intercepted call on "individual user error" and described it as a "random hit in the scope of a broad-based approach".
Dr Jayakumar noted similar suggestions that the call was intercepted by chance in the course of larger-scale operations.
"Although there are many theories, we do not know and will probably never know, as the Germans have been keen to draw a veil over this (save to say that their own systems have not been compromised)," he said.
"We do not in fact know how targeted this compromise was. Russian intelligence services, like the services of all major powers, would have resources and capability to attempt to put the event under surveillance of a fairly large scale."
Singapore Airshow organiser Experia has procedures for data protection and data privacy.
But those holding meetings at the Airshow's Changi Exhibition Centre venue or on its sidelines will have to make their own assessments of the security and privacy measures they need, said Experia's managing director Mr Leck Chet Lam.
The International Institute for Strategic Studies (IISS), which organises the Shangri-La Dialogue, told CNA that maintaining high-quality cybersecurity is a "crucial" component of the event. But a spokesperson said it was "inappropriate" to provide details of security arrangements.
Mr Leonardo Hutabarat, head of solutions engineering for Asia Pacific and Japan at the LogRhythm security firm, said event organisers need to ensure secure networks and technology infrastructure at their venues.
Wi-Fi networks should be secured by strong passwords, network encryption and firewall protection, while electronic devices should be updated with the latest security patches.
He also suggested that event organisers devise ways for their security teams to quickly detect and respond to potential vulnerabilities and threats early on, before they escalate to full-scale attacks.
While the hotel where the German participant was staying has not been publicly identified, some partner hotels of the Singapore Airshow confirmed that they do provide security support to high-profile guests and events.
Crowne Plaza Changi Airport's manager Abdul Hafiq said the hotel works closely with guests' security teams for confidential meetings or sensitive discussions.
He added that the hotel has "robust" cybersecurity protocols, including advanced firewall protection and security software on hotel devices. It also trains staff on data privacy and cybersecurity best practices.
Millennium Hotels and Resorts' chief commercial officer Mr Saurabh Prakash said its measures include coordinating with telecommunications providers and vendors; strengthening IT infrastructure such as Wi-Fi and in-room control devices; and monitoring known cyber vulnerabilities.
The company also implements checks to secure communications lines in guest rooms and event spaces as well as sweeps for surveillance devices, among others.
Grand Mercure Singapore Roxy's general manager Ms Priscilla Ng said its safeguards include network segmentation and isolation protocols within the hotel's IT infrastructure.
But it's not enough for event organisers and venues to take precautions, as the onus is on individual users to act, said cybersecurity experts.
Mr Vitaly Kamluk, Kaspersky's director of global research and analysis in Asia Pacific, said accidental human error is the leading factor for cybersecurity incidents.
Such common mistakes include downloading malware, using weak passwords or not changing then frequently, visiting unsecured websites and using unauthorised systems to share data.
He pointed out that public Wi-Fi is inherently insecure as it does not require authentication to establish a network connection.
"This allows malicious actors to join the same network as their potential targets and possibly have direct interaction, allowing them break into poorly secured devices.
"As the event attracted many high-ranking individuals and was under high surveillance, the amount of resources dedicated to hacking the attendees could also be on the higher side," he said of the Airshow.
LogRhythm's Mr Hutabarat said one way to mitigate the risks of public Wi-Fi is to use a virtual private network (VPN).
With web conferencing, one mistake often made is the lack of validation, such as through a password, to authorise users to join meetings, he added.
"Nevertheless, it is recommended that virtual meetings involving any critical communication, especially those related to national policy, should be conducted through a covert channel instead."
Continue reading...
The participant was here to attend the Singapore Airshow. The February event would have been a "field day" for Russian intelligence, and hotels where attendees were staying would have been targeted by "widespread wiretapping efforts", German defence minister Boris Pistorius said.
Singapore "inevitably" attracts intelligence operations given high-level events hosted in the country amid geopolitical tensions, according to international security experts.
But Singapore's hub reputation is unlikely to take a hit, they said.
Event organisers and hotels, meanwhile, confirmed to CNA that they provide security support ranging from coordinating with telcos to conducting sweeps for surveillance devices.
"Cyberespionage is happening all over the world because we are more connected than ever before," said Dr Alan Chong, senior fellow at the S Rajaratnam School of International Studies (RSIS).
"In terms of the geopolitical location of Singapore, to me it's no surprise. Since the Cold War, long before the digital age, we were already a base of operations by both the Communist powers and the Western powers."
Intelligence operations around the world will happen more frequently as cyberespionage makes remote spy activity possible even without an agent on site, said Dr Chong.
Mr Stephane Duguin, CEO of CyberPeace Institute, said high-profile events taking place amid political tensions carry risks.
"Singapore is one of the leading hubs when it comes to cyber," he said. "It is therefore not a surprise that this alters the risk profile."
Mr Benjamin Ang, RSIS senior fellow and head of the RSIS' Centre of Excellence for National Security, echoed this.
"Spying is as old as history, but current geopolitical tensions make it especially useful for governments to leak sensitive information that they have uncovered," he added.
Dr Shashi Jayakumar, executive director of SJK Geostrategic Advisory, agreed that events in Singapore attended by prominent officials would be "tempting" targets for intelligence services to try and surveil for high-value information.
In the case of the leaked German call, it discussed support for Ukraine against Russia's invasion, including the possible delivery of long-range Taurus cruise missiles to Kyiv.
Related:
WILL IT HURT SINGAPORE'S IMAGE?
Recurring high-level international meetings in Singapore include the biennial Airshow and annual Shangri-La Dialogue defence summit.
Singapore has also been trusted to host historic talks like the 2018 Trump-Kim summit between the US and North Korean leaders, and the 2015 Xi-Ma meeting between Chinese and Taiwanese presidents.
None of the experts thought that the German defence call leak would have a lasting, adverse effect on Singapore's international reputation as host of such high-level gatherings.
"There will be short-term risks, but then people will just shrug and move on. It can't be helped. It can happen anywhere," said RSIS' Dr Chong.
Dr Jayakumar said: "We have to accept that these sorts of things may happen from time to time in Singapore, given our role not just as a host of repute for MICE events, but also as a premier convening hub for defence and security related events.
"One must presume that episodes like these are also scrutinised closely by our own security services," he added. "But any follow-up would necessarily be behind the scenes. This is in the nature of how these agencies work."
Known instances of intelligence gathering in Singapore
Intelligence operations in Singapore pre-date the country's independence and have been carried out at high-level events to this day.
In 1960, the US Central Intelligence Agency offered then Prime Minister Lee Kuan Yew US$3.3 million to cover up an unsuccessful intelligence operation. The US confirmed the attempted bribery after Mr Lee revealed it in 1965.
During the Trump-Kim summit in June 2018, Singapore became the top cyberattack target in the world. Out of 40,000 cyberattacks during the two-day event, 88 per cent were launched from Russia and 97 per cent of these were targeted at Singapore, according to data collected by a US technology company.
In that same month, a cyberattack on the SingHealth group's database stole the information of patients including Prime Minister Lee Hsien Loong.
Singapore's government said the attack was "the work of an advanced persistent threat group" and that such groups are "usually state-linked".
In 2022, the Shangri-La Group suffered a data breach of guests' information across eight of its hotels in Asia. This happened between May and July, and coincided with the Shangri-La Dialogue held at the eponymous Singapore hotel that June.
Collapse Expand
WHAT MEASURES DO EVENT ORGANISERS, VENUES TAKE?
The leaked German defence call was made over public video conferencing platform WebEx, though Berlin has defended its use in this instance as legitimate.
Instead, Germany's defence minister blamed the intercepted call on "individual user error" and described it as a "random hit in the scope of a broad-based approach".
Dr Jayakumar noted similar suggestions that the call was intercepted by chance in the course of larger-scale operations.
"Although there are many theories, we do not know and will probably never know, as the Germans have been keen to draw a veil over this (save to say that their own systems have not been compromised)," he said.
"We do not in fact know how targeted this compromise was. Russian intelligence services, like the services of all major powers, would have resources and capability to attempt to put the event under surveillance of a fairly large scale."
Singapore Airshow organiser Experia has procedures for data protection and data privacy.
But those holding meetings at the Airshow's Changi Exhibition Centre venue or on its sidelines will have to make their own assessments of the security and privacy measures they need, said Experia's managing director Mr Leck Chet Lam.
The International Institute for Strategic Studies (IISS), which organises the Shangri-La Dialogue, told CNA that maintaining high-quality cybersecurity is a "crucial" component of the event. But a spokesperson said it was "inappropriate" to provide details of security arrangements.
Mr Leonardo Hutabarat, head of solutions engineering for Asia Pacific and Japan at the LogRhythm security firm, said event organisers need to ensure secure networks and technology infrastructure at their venues.
Wi-Fi networks should be secured by strong passwords, network encryption and firewall protection, while electronic devices should be updated with the latest security patches.
He also suggested that event organisers devise ways for their security teams to quickly detect and respond to potential vulnerabilities and threats early on, before they escalate to full-scale attacks.
Related:
While the hotel where the German participant was staying has not been publicly identified, some partner hotels of the Singapore Airshow confirmed that they do provide security support to high-profile guests and events.
Crowne Plaza Changi Airport's manager Abdul Hafiq said the hotel works closely with guests' security teams for confidential meetings or sensitive discussions.
He added that the hotel has "robust" cybersecurity protocols, including advanced firewall protection and security software on hotel devices. It also trains staff on data privacy and cybersecurity best practices.
Millennium Hotels and Resorts' chief commercial officer Mr Saurabh Prakash said its measures include coordinating with telecommunications providers and vendors; strengthening IT infrastructure such as Wi-Fi and in-room control devices; and monitoring known cyber vulnerabilities.
The company also implements checks to secure communications lines in guest rooms and event spaces as well as sweeps for surveillance devices, among others.
Grand Mercure Singapore Roxy's general manager Ms Priscilla Ng said its safeguards include network segmentation and isolation protocols within the hotel's IT infrastructure.
Related:
WHO IS ULTIMATELY RESPONSIBLE?
But it's not enough for event organisers and venues to take precautions, as the onus is on individual users to act, said cybersecurity experts.
Mr Vitaly Kamluk, Kaspersky's director of global research and analysis in Asia Pacific, said accidental human error is the leading factor for cybersecurity incidents.
Such common mistakes include downloading malware, using weak passwords or not changing then frequently, visiting unsecured websites and using unauthorised systems to share data.
He pointed out that public Wi-Fi is inherently insecure as it does not require authentication to establish a network connection.
"This allows malicious actors to join the same network as their potential targets and possibly have direct interaction, allowing them break into poorly secured devices.
"As the event attracted many high-ranking individuals and was under high surveillance, the amount of resources dedicated to hacking the attendees could also be on the higher side," he said of the Airshow.
LogRhythm's Mr Hutabarat said one way to mitigate the risks of public Wi-Fi is to use a virtual private network (VPN).
With web conferencing, one mistake often made is the lack of validation, such as through a password, to authorise users to join meetings, he added.
"Nevertheless, it is recommended that virtual meetings involving any critical communication, especially those related to national policy, should be conducted through a covert channel instead."
Continue reading...