James Sim Guan Liang, 39, pleaded guilty on Monday (Jan 25) to “harvesting” the login credentials of 293 SingPass users over four months from January to May 2011.
Sim faced more than 800 charges and pleaded guilty to 73 charges, including 69 under the Computer Misuse and Cybersecurity Act. Another 813 charges will be taken into consideration during his sentencing.
Sim first became involved in what prosecutors called “syndicated identity trafficking” in 2006, when he handed his NRIC to a friend known as “Lemon”, who paid Sim S$100 for each occasion Sim allowed his identity card to be used to sponsor visa applications for Chinese nationals who wanted to come to Singapore.
This went on for two years, after which Sim gave “Lemon” his SingPass login details to allow “Lemon” to continue the sham visa applications. But after multiple applications, Sim’s NRIC number was rejected, and “Lemon” asked Sim to provide the login details of other SingPass users.
‘HARVESTED’ SINGPASS ACCOUNTS BY GUESSING PASSWORDS
Sim “experimented” with random NRIC numbers and managed to guess the passwords of users who had also used their NRIC numbers as their passwords.
Sim successfully “harvested” the login details of hundreds of SingPass users in this manner, and would then forward the details of these users, including their names and addresses, to “Lemon”, who in turn would use them in the sham visa applications.
Prosecutors said Sim attempted “tens of thousands” of times to gain access to SingPass accounts.
IP ADDRESS GAVE HIM AWAY
Sim’s offences came to light when the Immigration and Checkpoints Authority (ICA) detected multiple suspicious visa applications involving a common credit card made via an IP address located in China. Further investigations revealed the SingPass details of the purported “sponsors” had been compromised.
Officers from ICA and the Criminal Investigation Department then identified a series of successful SingPass logins from a single IP address – Sim’s.
The SingPass details “harvested” by Sim had been used to sponsor sham visa applications of Chinese nationals who wanted to come to Singapore. Twenty Chinese nationals subsequently entered Singapore on visas which had been unknowingly sponsored by users whose SingPass credentials had been compromised.
Out of the 20 Chinese nationals who successfully arrived in Singapore, three were found to have committed crimes here. They were repatriated after serving jail terms for offences such as assisting an unlicensed money lender and engaging in vice-related activities.