
Singapore personal data hack hits 1.5m - davidjgraph
https://www.bbc.co.uk/news/world-asia-44900507
======
SlowRobotAhead
Total side note...

But if you're into tech and haven't been to Singapore, I'd recommend going...
But know that it might make you apprehensive.

The backend structure to support that number of cameras alone, has to be
ridiculous. Every subway station is surrounded by 20 cameras, there are 3-5
looking at you as you enter, there are 20 more before you get to the platform
where there are 10 that can see you. There are poles on the street every 2-4
blocks that have 8-10 cameras around them. The further you get away from
downtown the more "relaxed" it is I'm sure but it was a pretty crazy place.

I had just figured with the amazing infrastructure they have that they also
would have world class security. But what do I know!?

~~~
weka
How would you recommend getting into it? Might be a viable avenue for me later
this year.

~~~
jpatokal
If you want to live in Singapore, you need to have a job offer. Every major IT
company (and many minors) has an Asian/SE Asian HQ there and they're
constantly hiring.

Winging it on your own is considerably more complicated, but feasible if
you're well paid and keen to start your own business, just look up EntrePass.

------
ValentineC
To give a sense of the scale: Singapore's resident population is 3.97m [1][2],
so this affects 37.8% of the resident population.

[1] [https://www.population.sg/population-
trends/demographics](https://www.population.sg/population-trends/demographics)

[2] I'd assume that fewer non-residents are affected because they're more
likely to go for a private healthcare option.

~~~
chaolam
I would question assumption [2]. For example, all Foreign Domestic Workers are
required to have 6-monthly medical examination [http://www.mom.gov.sg/passes-
and-permits/work-permit-for-for...](http://www.mom.gov.sg/passes-and-
permits/work-permit-for-foreign-domestic-worker/eligibility-and-
requirements/six-monthly-medical-examination)

------
kondro
Guess who implemented the My Health Record system for Australia?

~~~
Khaine
When I dabbled in this space I use to follow this blog[1], and found it very
informative for what was going on in the Australian eHealth space.

[1] [https://aushealthit.blogspot.com/](https://aushealthit.blogspot.com/)

------
noobermin
We have no details, but given the story and that workers from the company were
banned from internet usage, it sounds like it was a mix of technical and
social engineering.

~~~
ValentineC
> _given the story and that workers from the company were banned from internet
> usage_

I think the internet ban only happened after the fact. From the ST article
linked in the BBC article [1], it seems like the attack vector was malware
installed on one computer:

> Initial investigations showed that one SingHealth front-end workstation was
> infected with malware through which the hackers gained access to the data
> base. The data theft happened between June 27, 2018, and July 4, 2018.

[1] [https://www.straitstimes.com/singapore/personal-info-
of-15m-...](https://www.straitstimes.com/singapore/personal-info-
of-15m-singhealth-patients-including-pm-lee-stolen-in-singapores-most)

~~~
azernik
> I think the internet ban only happened after the fact.

That's exactly GP's point - that part of the response was to ban internet
usage indicates that employee internet usage was part of the attack vector.
(i.e. that one computer was probably infected through social-engineering
means)

------
7373737373
Are government systems like this usually insured?

~~~
stopyellingatme
You'd be surprised

------
chlvsl
This is why we cannot continue to allow the government to capture and store
private data on its citizens, no matter what country it is.

~~~
squirrelicus
Wait... But... I mean... Of all the companies I can imagine having a
legitimate interest in private information, the government seems to be at the
top of that list. Please help me understand your perspective.

~~~
chlvsl
That is the point. Obviously they have an interest, or they wouldn't be trying
to collect this information in the first place. Government has shown itself
time and time again to be less competent and more vulnerable than private
industry.

~~~
squirrelicus
If you want to make an argument about government incompetence then I'm usually
right there with you but... It seems like you're trying to fight an unwinnable
battle. They need your address, name, phone number, a list of associates,
employer, etc, at the very least so they can draft and tax you. This is an
inescapable part of being in a state.

I would rather prefer we make adjustments so that malicious possession of your
private information is less onerous. More solid identification and
authorization requirements, like a cryptographically secured ID card, instead
of "if you know the SSN and address you can screw somebody"

