SINGAPORE: Three Singaporeans have been charged over unauthorised attempts to change residential addresses on an online service provided by the Immigration and Checkpoints Authority (ICA).
Ng Wei Chang, Yuen Mun Fei and Koh Hong Yan appeared in a district court on Friday morning (Jan 17).
Each faces a single charge under the Computer Misuse Act.
Ng, 30, was charged with unauthorised disclosure of an access code for an unlawful purpose.
He is accused of abetting the disclosure of a six-digit PIN to gain access to data held in the ICA e-service to illegally change the registered addresses of unknown individuals without their knowledge.
He allegedly did this sometime on or around Oct 1, 2024.
Yuen, 38, was charged with transmitting Koh's user identification, password and one-time password for the national digital identity service in November 2024.
These credentials were allegedly to be used in committing an offence under Section 3(1) of the Computer Misuse Act, which covers unauthorised access to computer material.
Koh, 26, was charged with disclosing his SingPass user identification, password and one-time password to Yuen for an unlawful purpose on Dec 16, 2024.
For these offences, the punishment for a first-time offender is a jail term of up to three years, a fine of up to S$10,000 (US$7,300), or both.
The prosecutor said the offences were believed to be syndicated, and asked for the trio to be remanded for a week for the police to conduct a raid and investigations.
All three have been remanded with permission to be taken out for investigations, and will return to court on Jan 24.
The issue of attempts to illegally change other people's home addresses came to light on Jan 11 when the ICA announced that it had identified about 80 such cases.
The attempts were made through an option on the e-service that allows the residential address to be changed by a proxy.
The e-service was suspended on Jan 11 and partially restored on Jan 14, with this proxy option removed.
Seven suspects have been arrested, and are believed to be responsible for at least 30 cases of attempted unauthorised address changes.
The perpetrators succeeded in changing the addresses in about 75 per cent of the attempts, ICA said. They used stolen or compromised Singpass accounts to change the addresses.
The perpetrators would have previously acquired the NRIC number and NRIC date of issue of the victims, to enter these into the e-service, said ICA.
The e-service would then send a verification PIN mailer to the registered address set by the perpetrator, who could access the mailer to confirm the change.
Once the victim's residential address was changed, it was used to set a new password for the victim's Singpass account by requesting a new Singpass PIN to be mailed there.
"It is likely that the perpetrators are using stolen or compromised Singpass accounts and letterboxes of third parties to generate more mule accounts to use for scams and other cybercrimes," ICA said.
Continue reading...
Ng Wei Chang, Yuen Mun Fei and Koh Hong Yan appeared in a district court on Friday morning (Jan 17).
Each faces a single charge under the Computer Misuse Act.
Ng, 30, was charged with unauthorised disclosure of an access code for an unlawful purpose.
He is accused of abetting the disclosure of a six-digit PIN to gain access to data held in the ICA e-service to illegally change the registered addresses of unknown individuals without their knowledge.
He allegedly did this sometime on or around Oct 1, 2024.
Yuen, 38, was charged with transmitting Koh's user identification, password and one-time password for the national digital identity service in November 2024.
These credentials were allegedly to be used in committing an offence under Section 3(1) of the Computer Misuse Act, which covers unauthorised access to computer material.
Koh, 26, was charged with disclosing his SingPass user identification, password and one-time password to Yuen for an unlawful purpose on Dec 16, 2024.
For these offences, the punishment for a first-time offender is a jail term of up to three years, a fine of up to S$10,000 (US$7,300), or both.
The prosecutor said the offences were believed to be syndicated, and asked for the trio to be remanded for a week for the police to conduct a raid and investigations.
All three have been remanded with permission to be taken out for investigations, and will return to court on Jan 24.
Related:
ABUSE OF ICA'S E-SERVICE
The issue of attempts to illegally change other people's home addresses came to light on Jan 11 when the ICA announced that it had identified about 80 such cases.
The attempts were made through an option on the e-service that allows the residential address to be changed by a proxy.
The e-service was suspended on Jan 11 and partially restored on Jan 14, with this proxy option removed.
Seven suspects have been arrested, and are believed to be responsible for at least 30 cases of attempted unauthorised address changes.
The perpetrators succeeded in changing the addresses in about 75 per cent of the attempts, ICA said. They used stolen or compromised Singpass accounts to change the addresses.
The perpetrators would have previously acquired the NRIC number and NRIC date of issue of the victims, to enter these into the e-service, said ICA.
The e-service would then send a verification PIN mailer to the registered address set by the perpetrator, who could access the mailer to confirm the change.
Once the victim's residential address was changed, it was used to set a new password for the victim's Singpass account by requesting a new Singpass PIN to be mailed there.
"It is likely that the perpetrators are using stolen or compromised Singpass accounts and letterboxes of third parties to generate more mule accounts to use for scams and other cybercrimes," ICA said.
Continue reading...