Wait... But... I mean... Of all the companies I can imagine having a legitimate interest in private information, the government seems to be at the top of that list. Please help me understand your perspective.
That is the point. Obviously they have an interest, or they wouldn't be trying to collect this information in the first place. Government has shown itself time and time again to be less competent and more vulnerable than private industry.
If you want to make an argument about government incompetence then I'm usually right there with you but... It seems like you're trying to fight an unwinnable battle. They need your address, name, phone number, a list of associates, employer, etc, at the very least so they can draft and tax you. This is an inescapable part of being in a state.
I would rather prefer we make adjustments so that malicious possession of your private information is less onerous. More solid identification and authorization requirements, like a cryptographically secured ID card, instead of "if you know the SSN and address you can screw somebody"
We have no details, but given the story and that workers from the company were banned from internet usage, it sounds like it was a mix of technical and social engineering.
> given the story and that workers from the company were banned from internet usage
I think the internet ban only happened after the fact. From the ST article linked in the BBC article [1], it seems like the attack vector was malware installed on one computer:
> Initial investigations showed that one SingHealth front-end workstation was infected with malware through which the hackers gained access to the data base. The data theft happened between June 27, 2018, and July 4, 2018.
> I think the internet ban only happened after the fact.
That's exactly GP's point - that part of the response was to ban internet usage indicates that employee internet usage was part of the attack vector. (i.e. that one computer was probably infected through social-engineering means)
But if you're into tech and haven't been to Singapore, I'd recommend going... But know that it might make you apprehensive.
The backend structure to support that number of cameras alone, has to be ridiculous. Every subway station is surrounded by 20 cameras, there are 3-5 looking at you as you enter, there are 20 more before you get to the platform where there are 10 that can see you. There are poles on the street every 2-4 blocks that have 8-10 cameras around them. The further you get away from downtown the more "relaxed" it is I'm sure but it was a pretty crazy place.
I had just figured with the amazing infrastructure they have that they also would have world class security. But what do I know!?
If you want to live in Singapore, you need to have a job offer. Every major IT company (and many minors) has an Asian/SE Asian HQ there and they're constantly hiring.
Winging it on your own is considerably more complicated, but feasible if you're well paid and keen to start your own business, just look up EntrePass.
I know they should have more world class security like us in the US. Something as significant as the leaking of millions of people's information, that is unheard of in the west.
25 comments
[ 3.0 ms ] story [ 68.1 ms ] thread[1] https://aushealthit.blogspot.com/
I would rather prefer we make adjustments so that malicious possession of your private information is less onerous. More solid identification and authorization requirements, like a cryptographically secured ID card, instead of "if you know the SSN and address you can screw somebody"
I think the internet ban only happened after the fact. From the ST article linked in the BBC article [1], it seems like the attack vector was malware installed on one computer:
> Initial investigations showed that one SingHealth front-end workstation was infected with malware through which the hackers gained access to the data base. The data theft happened between June 27, 2018, and July 4, 2018.
[1] https://www.straitstimes.com/singapore/personal-info-of-15m-...
That's exactly GP's point - that part of the response was to ban internet usage indicates that employee internet usage was part of the attack vector. (i.e. that one computer was probably infected through social-engineering means)
But if you're into tech and haven't been to Singapore, I'd recommend going... But know that it might make you apprehensive.
The backend structure to support that number of cameras alone, has to be ridiculous. Every subway station is surrounded by 20 cameras, there are 3-5 looking at you as you enter, there are 20 more before you get to the platform where there are 10 that can see you. There are poles on the street every 2-4 blocks that have 8-10 cameras around them. The further you get away from downtown the more "relaxed" it is I'm sure but it was a pretty crazy place.
I had just figured with the amazing infrastructure they have that they also would have world class security. But what do I know!?
You want to come as a tourist or..? I just completed my first year here in SG, maybe I can answer specific questions?
Winging it on your own is considerably more complicated, but feasible if you're well paid and keen to start your own business, just look up EntrePass.
[1] https://www.population.sg/population-trends/demographics
[2] I'd assume that fewer non-residents are affected because they're more likely to go for a private healthcare option.