Some Govt Log-In Credentials Including SPF & MOE Revealed To Be Selling in the Dark Web

For some reason, the word “dark” scares me.

Image: Giphy

It’s puzzling because it’s not like I’m afraid of the dark, but it automatically sends shivers down my spine when put before any word. For instance, the dark web.

Dark Web

I guess this is the part I face my fear of the dark.

(Awkward silence)

Image: Giphy

According to the definition expert Techopedia, “the Dark Web is comprised of websites that are visible to the public, but their IP address details are intentionally hidden. These websites can be visited by anyone on Internet, but it is not easy to find the server details on which the corresponding site is running, and it is difficult to track the one hosting the site.”

In addition, it is commonly used for “both black market and user protection.”

Yup, policemen access Dark Web from time to time to check for illegal activities.

A Treasure Trove

The Straits Times reported that accessing the Dark Web is legal but the same can’t be said about purchasing illicit items such as stolen information, hacking tools and drugs.

Gaining access to the dark Web is easier said than done; more often than not, you’d “have to be a regular contributor or referred by someone trusted by the circle.”

But the hassle is well worth it (if you’re planning something malicious).

The stuff you can find on the Dark Web is out of this world, sometimes, literally.

Government credentials up for sale on the Dark Web:

Freshly reported by The New Paper today, a number of local Government Agencies such as Government Technology Agency (GovTech), Ministry of Education, Ministry of Health, the Singapore Police Force and National University of Singapore had their user log-ins and passwords circulating on the Dark Web between 2017 and 2018.

This was brought to light by “Russian cyber-security company Group-IB, a partner of Interpol”, stated by The New Paper. The company is one of the top 7 which provide threat intelligence globally.

In an interview between The New Paper and the head of Group-IB’s Computer Emergency Response Team, Mr Alexander Kalinin said, “It is likely that these credentials are still on sale on underground forums… It is not unusual when a compromised account is used by cybercriminals to infiltrate an organisation’s internal network for the purpose of sabotage and espionage.”

Though, it is unclear if the local Government Agencies’ credentials have been taken advantage of.

Singapore Authorities take action

Upon receiving news of the information leak, Singapore Computer Emergency Response Team (SingCert) confirmed the information and took over the case from Group-IB.

Through a Smart Nation and Digital Government Group spokesman, The New Paper understands that “the credentials were not leaked from government systems, but from officers who used them for personal and non-official purposes.”

In response to this, the spokesperson mentioned that “Officers have been reminded not to use government e-mail addresses for such purposes, as part of basic cyber hygiene.”

Image: Giphy

Singapore undoubtedly has a strong military defence but much more can be done to strengthen our cyber defence in light of recent data breaches i.e. the blood donors’ and HIV patients’ data leak.

In any case, whoever you are, whatever you are…just change your password regularly.