Is Computer Security Agency CEO talking thru his ass about stolen info?

In Internet, Media, Public Administration on 22/07/2018 at 10:32 am

I went WTF when I read this from the constructive, nation-building CNA:

Should you be worried?

In short, not really, said the authorities. CSA chief executive David Koh said the stolen information are “basic demographic data”.

“We are watching to see if anything appears on the Internet both in the open and in some of the less well-known websites,” he added, noting that this has occasionally happened in past data breaches.

“But considering the type of data that’s been exfiltrated, it is – from our professional experience – unlikely that these will appear, because there is no strong commercial value to these types of data.”


I repeat WTF. NRIC numbers were stolen as were names and addresses. Before this loss of info, we had been told by the PAP govt and private sector cyber security experts that the NRIC number is very important personal data and that when a criminal has access to our i/c number, address and name, lialat: could be vulnerable to all kinds of online crime. So this not true isit?

I had also read in an earlier CNA report

[C]ybersecurity expert, Mr Leonard Kleinman, pointed out that medical data contains a trove of information – from personally identifiable data to financial details – “that can be used to create a highly sought-after composite of an individual”.

Such pilfered data can fetch a high price on the dark Web, with each entry potentially selling for US$50 to US$100 more than stolen credit card data, said Mr Kleinman, who is the chief Cyber Security Advisor at RSA Asia Pacific and Japan.

“As it could contain any amount and level of information, healthcare institutions are among the most sought-after industries by criminals who can be motivated by a multitude of possible reasons,” he said.

The executive also cautioned that the fallout of such a hack may not be immediately felt either, as it could “take months” for the data to be first sold, then used.

“Given the nature of this attack, it is hard to say exactly what the end game is, especially when the attackers haven’t identified themselves,” Mr Kleinman added.

Darktrace Asia Pacific managing director Sanjay Aurora told Channel NewsAsia in an email that it can only speculate on the hacker’s motives, but medical information, like other kinds of personal data, can be easily monetised.

That said, beyond making a quick buck, Mr Aurora said a more “sinister reason” could be to cause widespread disruption and systemic damage to the healthcare service or to undermine trust in a nation’s competency to keep personal data safe.


So is the PAP govt downplaying the importance of the loss of info?

And if it is, why isn’t the constructive, nation-building media not signing from the same sheet?

  1. who gains from this “event” ? malaysia and local opposition ?

  2. As anyone who did NS in the same platoon as PM’s or DPM’s son can tell you, same NS but different implications. I did mine together with the 1st CDF’s son — not even the same platoon but same company, and the treatment we got was already miles better than other companies.

    The same “demographic” info loss has vastly different implications for the political elites & their families versus the common plebs. No one is under the illusion that simply knowing LHL’s NRIC & home address is going to get you very far, with the multiple security layers & keyman redflagging in all govt & financial institutions. Worse comes to worse, they have bodyguards & Gurkhas to keep out the riff-raff.

    E.g. When old fart was around, everybody knew his NRIC S0000003E and where he stayed … So what?!?

    As for the medications, this is more concerning to those in employment …. especially in jobs that excludes those with certain conditions … I mean you don’t want your pilot to have glaucoma or cataracts do you??

    Drugs will indicate whether got HIV/AIDS, severe hypertension, organ transplant, severe hyperlipidemia, hepatitis B/C, etc that will preclude one from certain jobs. The affected may be trying to hide these facts from their employers.

    At the end of the day, of course, the blasé rejoinder: You got the govt you voted for. Don’t complain.

  3. Oh how can I forget …. regarding drugs … will also reveal whether one has mental illness too … schiz, bipolar, severe depression, severe anxiety/PTSD etc. Companies here don’t take kindly to staff who try to hide them.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: