Cyberespionage is taking place all over the world and Singapore — being one of the hubs for hosting high-profile trade exhibitions and conferences — “inevitably” attracts intelligence operations, a report said on Friday.
“Cyberespionage is happening all over the world because we are more connected than ever before,” said Dr Alan Chong, senior fellow at the S Rajaratnam School of International Studies.
Chong’s comments came after Russian media earlier this month leaked a recording of a German military phone call that Berlin said was due to a participant dialling in through an “unauthorised connection” from a Singapore hotel during the February Singapore Airshow.
“In terms of the geopolitical location of Singapore, to me it’s no surprise. Since the Cold War, long before the digital age, we were already a base of operations for both the Communist and the Western powers,” Channel News Asia quoted Chong as saying.
Intelligence operations around the world will happen more frequently as cyberespionage makes remote spy activity possible even without an agent on site, he said.
The report said event organisers and hotels have confirmed providing security support — ranging from coordinating with telcos to conducting sweeps for surveillance devices. The German participant was in Singapore to attend the Singapore Airshow.
The February event would have been a “field day” for Russian intelligence and hotels where the attendees stayed would have been targeted by “widespread wiretapping efforts”, German Defence Minister Boris Pistorius said.
In the leaked call, discussions were held on support for Ukraine against Russia’s invasion, including the possible delivery of the long-range Taurus cruise missiles to Kyiv.
Singapore “inevitably” attracts intelligence operations given high-level events hosted in the country amid geopolitical tensions, according to international security experts.
But Singapore’s reputation is unlikely to take a hit, they said. Stephane Duguin, CEO of CyberPeace Institute, said high-profile events taking place amid political tensions carry risks. “Singapore is one of the leading hubs when it comes to cyber,” he said.
“It is, therefore, not a surprise that this alters the risk profile,” Channel News Asia quoted Duguin as saying.
Benjamin Ang, S Rajaratnam School of International Studies senior fellow and head of the its Centre of Excellence for National Security, echoed Duguin.
“Spying is as old as history but current geopolitical tensions make it especially useful for governments to leak sensitive information that they have uncovered,” he added.
Dr Shashi Jayakumar, executive director of SJK Geostrategic Advisory, agreed that events in Singapore attended by prominent officials would be “tempting” targets for intelligence services to try and surveil for high-value information.
Singapore intelligence officers open up as it seeks to recruit more diverse talent.
Recurring high-level international meetings in Singapore include the biennial Airshow and the annual Shangri-La Dialogue defence summit. Singapore has also been entrusted with hosting historic talks such as the 2018 Donald Trump-Kim Jong Un summit between the US and the North Korean leaders, and the 2015 meeting between the Chinese and the Taiwanese presidents.
None of the experts thought that the German defence call leak would have a lasting, adverse effect on Singapore’s international reputation as host of such high-level gatherings.
“There will be short-term risks but then people will just shrug and move on. It can’t be helped. It can happen anywhere,” said Chong.
Jayakumar conceded, “We have to accept that these sorts of things may happen from time to time in Singapore, given our role not just as a host of repute for Meetings, Incentives, Conventions and Exhibitions (MICE) events but also as a premier convening hub for defence and security related events.”
“One must presume that episodes like these are also scrutinised closely by our own security services,” he added. “But any follow-up would necessarily be behind the scenes. This is in the nature of how these agencies work.”
Intelligence operations in Singapore pre-date the country’s independence and have been carried out at high-level events to this day.
In 1960, the US Central Intelligence Agency offered the then-prime minister Lee Kuan Yew USD 3.3 million to cover up an unsuccessful intelligence operation. The US confirmed the attempted bribery after Lee revealed it in 1965.
During the Trump-Kim summit, Singapore became the top cyberattack target in the world. Out of 40,000 cyberattacks during the two-day event, 88 per cent were launched from Russia and 97 per cent of those were targeted at Singapore, according to data collected by a US technology company.
During that same month, a cyberattack on the SingHealth group’s database stole the information of patients, including Prime Minister Lee Hsien Loong. Singapore’s government said the attack was “the work of an advanced persistent threat group” and that such groups are “usually state-linked”.
In 2022, the Shangri-La Group suffered a data breach of guests’ information across eight of its hotels in Asia. This happened between May and July, and coincided with the Shangri-La Dialogue held at the eponymous Singapore hotel that June. The latest leaked German defence call was made over public videoconferencing platform WebEx, though Berlin has defended its use in this instance as legitimate. Instead, Germany’s defence minister blamed the intercepted call on “individual user error” and described it as a “random hit in the scope of a broad-based approach”.
Jayakumar noted similar suggestions that the call was intercepted by chance in the course of larger-scale operations. “Although there are many theories, we do not know and will probably never know, as the Germans have been keen to draw a veil over this (save to say that their own systems have not been compromised),” he said.
“We do not in fact know how targeted this compromise was. Russian intelligence services, like the services of all major powers, would have resources and capability to attempt to put the event under surveillance of a fairly large scale,” he added.
Singapore Airshow organiser Experia said it has procedures for data protection and data privacy.
But those holding meetings at the Airshow’s Changi Exhibition Centre venue or on its sidelines will have to make their own assessments of the security and privacy measures, said Experia’s Managing Director Leck Chet Lam.
The International Institute for Strategic Studies, which organises the Shangri-La Dialogue, maintains high-quality cybersecurity is a “crucial” component of the event. But an International Institute for Strategic Studies spokesperson was quoted by Channel News Asia as saying it was “inappropriate” to provide details of security arrangements.
Leonardo Hutabarat, head of solutions engineering for Asia Pacific and Japan at the LogRhythm security firm, said event organisers need to ensure secure networks and technology infrastructure at their venues.
WiFi networks should be secured by strong passwords, network encryption and firewall protection while electronic devices should be updated with the latest security patches.
He also suggested that event organisers devise ways for their security teams to quickly detect and respond to potential vulnerabilities and threats early on, before they escalate to full-scale attacks.
While the hotel where the German participant was staying has not been publicly identified, some partner hotels of the Singapore Airshow confirmed that they do provide security support to high-profile guests and events.
Abdul Hafiq, the manager at Crowne Plaza Changi Airport, said the hotel works closely with guests’ security teams for confidential meetings or sensitive discussions. He added that the hotel has “robust” cybersecurity protocols, including advanced firewall protection and security software on hotel devices. It also trains staff on data privacy and cybersecurity best practices.
Saurabh Prakash, the chief commercial officer at Millennium Hotels and Resorts, said its measures include coordinating with telecommunications providers and vendors, strengthening IT infrastructure such as WiFi and in-room control devices, and monitoring known cyber vulnerabilities.
It also implements checks to secure communications lines in guest rooms and event spaces as well as sweeps for surveillance devices, among others.
Priscilla Ng, the general manager at Grand Mercure Singapore Roxy, said its safeguards include network segmentation and isolation protocols within the hotel’s IT infrastructure.
But it’s not enough for event organisers and venues to take precautions, as the onus is on individual users to act, said cybersecurity experts.
Vitaly Kamluk, Kaspersky’s director of global research and analysis in the Asia Pacific, said accidental human error is the leading factor for cybersecurity incidents. Such common mistakes include downloading malware, using weak passwords or not changing them frequently, visiting unsecured websites and using unauthorised systems to share data.
He pointed out that public WiFi is inherently insecure as it does not require authentication to establish a network connection.
“This allows malicious actors to join the same network as their potential targets and possibly have direct interaction, allowing them to break into poorly secured devices,” he said.
“As the event attracted many high-ranking individuals and was under high surveillance, the amount of resources dedicated to hacking the attendees could also be on the higher side,” he said of the airshow.
LogRhythm’s Hutabarat said one way to mitigate the risks of public WiFi is to use a virtual private network (VPN).
With web conferencing, one mistake often made is the lack of validation, such as through a password, to authorise users to join meetings, he added.
“Nevertheless, it is recommended that virtual meetings involving any critical communication, especially those related to national policy, should be conducted through a covert channel instead,” he was quoted as saying by Channel News Asia.