Earthquake recorded in Segamat, says MetMalaysia

PETALING JAYA - A minor earthquake has been recorded in Jementah, Segamat in Johor, says the Malaysian Meteorological Department (MetMalaysia).

In a statement, it said the quake, measuring a magnitude of 2.7 on the Richter scale, occurred at 7.55pm on Nov 3, with its epicentre located at 2.5 degrees north and 102.8 degrees east, about 3km west of Segamat, with a depth of 10km.

“Tremours were also felt in Segamat and nearby areas,” MetMalaysia said in a Facebook post. THE STAR/ASIA NEWS NETWORK

Trio came from China on fraudulent work permits to hack websites for criminal, were found with government data

Laptops and cash seized in islandwide raids carried out by the Singapore Police Force (SPF) on Sep 9, 2024. (Photos: SPF)

 

SINGAPORE: Three men from Henan, China, came to Singapore for a job offer posed by a Ni-Vanuatu citizen and were later housed in a bungalow to perform hacking work into gambling websites and obtain illicit access to a Chinese SMS service company.

The men were later paid US$3 million (S$3.9 million) in cryptocurrency for their work.


 

A police raid of the Mount Sinai bungalow they were living in uncovered malware-related files on their devices, including remote access trojans (RATs) associated with plugX and a known hacking group, Shadow Brokers.

plugX is a sophisticated RAT associated with known advanced persistent threat or state-sponsored hacker groups, while the Shadow Brokers are a hacker group that has stolen and leaked tools and zero-day vulnerabilities from the United States' National Security Agency.

The leaking of one such zero-day vulnerability enabled the subsequent WannaCry ransomware attacks from 2017 onwards.

While the hackers attempted to avoid government sites, one of their laptops contained messages discussing vulnerable domains, including five Australian, Argentine and Vietnamese government domains, while another contained a confidential email between officers of Kazakhstan's Ministry of Foreign Affairs and Ministry of Industry and Infrastructure Development.

The three Chinese criminals are Yan Peijian, 39, Huang Qin Zheng, 36, and Liu Yuqi, 33.

On Wednesday (Nov 5), Yan and Huang were sentenced to 28 months and one week in prison, and Liu got 28 months and four weeks' jail.

When a prison sentence is imposed that combines months with four weeks or more, CNA reports the sentences as spelt out by the court as months vary in length.

THE CASE

Yan had a background in information technology, previously running a business creating websites for companies, while Liu taught himself web design.

In 2022, there were bad economic prospects in China as a result of the COVID-19 pandemic.

The trio, who knew each other, knew a 38-year-old Ni-Vanuatu citizen called Xu Liangbiao.

He made an offer for them to come to Singapore to work for him, and they agreed to it.

Xu arranged for false applications for work permits to be made for the trio through companies that they did not know about. Yan was to be a sales representative, and Huang and Liu were to be construction workers.

They entered Singapore on fraudulently obtained work permits, which they did not know at the time were false, as they assumed Xu would handle their administrative requirements.

In early September 2022, the trio came to Singapore and were taken to the premises of their supposed employers and briefed on the business for the purpose of being able to provide a cover story if they were ever asked about their employment.

They never worked at those companies. Instead, between September 2022 and May 2023, they were put up in accommodation at Xu's expense and did no work.

They returned to China for Chinese New Year in 2023 and returned to Singapore in May 2023.

This time, Xu asked them to work for him. He later tasked his subordinate Chen Yiren to rent a property to house the trio. Chen arranged for a bungalow in the Mount Sinai area to be rented for them, and the trio moved in.

Chen took charge of the logistics, including arranging for rental payments of S$33,000 in cash and getting moonlighting foreign workers to cook and clean at the home.

Through Chen, Xu also gave the trio money for day-to-day expenses, such as a sum of about S$52,000 seized from Yan during his arrest.

The trio were paid about S$2,000 in monthly salaries from early 2024 to maintain their false employment front.

Initially, Xu was interested in obtaining unfair advantages on gambling websites, as well as operating his own gambling sites.

He needed personal data from existing users of such sites so he could advertise to these users and lure them to use his website.

Later, he developed an interest in obtaining illicit access to SMS service companies, with a view to hijacking two-factor authentication systems. He set his eyes on an SMS service company in China, Yi Mei, which was serving two major gambling site operators.

The trio split up their roles, with Yan focusing on Linux-based systems, Huang on web systems and Liu on Windows systems.

They gathered information on domain and sub-domain names associated with target organisations or websites and used open-source tools to scan for vulnerabilities on these domains.

They would next categorise the vulnerabilities found according to their severity, ease of exploitation and usefulness to Xu's objectives.

They would then set about exploiting these vulnerabilities either through direct data extraction or by deploying RATs.








 

On discovering vulnerabilities, the men reported them to Xu. They would also download compromised data, including information such as names, emails, phone numbers, IP addresses and site account credentials.

In one instance, a document discovered on Huang's computer contained names, addresses, phone numbers and billing information from a Philippine regional power company. They also succeeded in downloading traffic data from Yi Mei that revealed the volume of SMSes it sent out.

To obtain the objectives set out by Xu, the trio also obtained malware off the internet and interacted with other hackers, sourcing from them zero-day vulnerabilities in the network architectures of the websites they targeted.

These are previously unknown vulnerabilities in software so dubbed because they can be exploited or attacked when the vendor has had "zero days" to create a solution.

The men regularly consulted a hacker called Sun Jiao, who was also in Singapore but operated independently of Xu, conducting his own hacking and data broking operations.

The trio also enlisted an unknown developer to create custom, centralised web-based software for their operations, but they were arrested before this was completed.

 

The trio split up their roles, with Yan focusing on Linux-based systems, Huang on web systems and Liu on Windows systems.

They gathered information on domain and sub-domain names associated with target organisations or websites and used open-source tools to scan for vulnerabilities on these domains.

They would next categorise the vulnerabilities found according to their severity, ease of exploitation and usefulness to Xu's objectives.

They would then set about exploiting these vulnerabilities either through direct data extraction or by deploying RATs.

On discovering vulnerabilities, the men reported them to Xu. They would also download compromised data, including information such as names, emails, phone numbers, IP addresses and site account credentials.

In one instance, a document discovered on Huang's computer contained names, addresses, phone numbers and billing information from a Philippine regional power company. They also succeeded in downloading traffic data from Yi Mei that revealed the volume of SMSes it sent out.

To obtain the objectives set out by Xu, the trio also obtained malware off the internet and interacted with other hackers, sourcing from them zero-day vulnerabilities in the network architectures of the websites they targeted.

These are previously unknown vulnerabilities in software so dubbed because they can be exploited or attacked when the vendor has had "zero days" to create a solution.

The men regularly consulted a hacker called Sun Jiao, who was also in Singapore but operated independently of Xu, conducting his own hacking and data broking operations.

The trio also enlisted an unknown developer to create custom, centralised web-based software for their operations, but they were arrested before this was completed.