Singapore jails three foreign hackers who claimed they couldn't hack
Sophisticated hacking tools, hundreds of malware variants, and US$3 million in crypto payments tell a different story.
Singapore this week sentenced three foreign nationals to jail for hacking from a bungalow in an upscale area. This is where the story gets weird.
Ever read a story where something seems off? That was my initial reaction reading about three people jailed for hacking, yet claiming they never even tried hacking before arriving. And oh, the arrest netted half a million dollars in cash.
A strange tale
The story by the Straits Times this week highlighted three foreign hackers: Yan, Liu, and Huang, who were engaged by another foreigner, Xu.
They were arrested in September 2024, after first arriving in July 2022 on false work permits for a sales job and as construction workers, respectively.
In their defense, lawyers said they "lacked the essential technical skills to hack," failed to meet KPIs, and they never even tried hacking before coming to Singapore.
However, they were caught with sophisticated hacking tools, hundreds of advanced malware variants, and multiple virtual machines to conduct cyber-attacks. Xu also transferred some US$3 million of cryptocurrency as payment in September 2024, less than a week before their arrest after raids involving 150 officers.
Successful hackers
It is clear from the facts the three were very good at hacking and used Singapore as a base to conduct cybercrimes for commercial gains.
So yes, they were probably elite hackers housed here in style, and they made so much money they were paid a million USD each for about a year of work.
Singapore is taking a strong stance against foreigners who come here to commit cybercrimes, according to Minister Shanmugam in his speech on day one of the Singapore International Cyber Week (SICW) in October.
Specifically, he told the thousands of global attendees at the conference that Singapore will act against anyone carrying out malicious cyber activities from within its borders, no matter who or where their targets are.
Cross-border investigation
What's interesting was the claim from Yan, Liu, and Huang that they refrained from targeting Singaporean sites and avoided targeting websites of governments.
If so, how were they caught? My take is this only happened as a result of cross-border collaboration between governments.
With targets in Australia, Vietnam, and Argentina, their long list of victims probably kicked off lengthy investigations that ultimately ensnared them.
Still, it is worth noting that such efforts are extremely time-consuming and costly. Moreover, attacks originating from Singapore can be detrimental to its reputation. This likely contributed to the decision to clamp down hard.
