Fathership

Israel's spyware 'Graphite' allegedly used in Singapore

Singapore servers commonly used to deploy spyware

|4 min read
Israel's spyware 'Graphite' allegedly used in Singapore

Organisations or entities from six countries likely used Israeli spyware named "Graphite" to harvest data from Whatsapp and other messaging apps.

According to a report by The Citizen Lab, a human rights research laboratory based at the University of Toronto, the countries where the spyware was used included Australia, Canada, Cyprus, Denmark, Israel, and Singapore.

The development comes nearly two months after Meta-owned WhatsApp said it notified around 90 journalists and civil society members that it said were targeted by Graphite. The attacks were disrupted in December 2024.

Who created the spyware?

Paragon Solutions, founded in 2019 by Ehud Barak and Ehud Schneorson, a former commander of signals intelligence agency Unit 8200 of the Israel Defense Force (IDF), is the maker of a surveillance tool called Graphite that's capable of harvesting sensitive data from instant messaging applications such as Whatsapp.

Paragon pitches its tools as helping governments and law enforcement agencies to catch criminals and terrorists.

Unlike infamous tools like NSO Group’s Pegasus, which can hijack your entire phone, Graphite supposedly sticks to snooping on apps like WhatsApp or Signal.

How it works

Graphite’s tech is slick - using a zero-click exploit. What this means is that you don’t need to click a shady link—just having WhatsApp installed could be enough.

The target user is added to a chat group and a PDF will be sent. Even without clicking or doing anything, the user's Whatsapp will be exploited.

Once in, Graphite can grab your chats, track your moves, and more, all while you’re none the wiser.

The Citizen Lab worked with Meta (WhatsApp’s parent company) to spot and block it, but not before infected Android phones in Italy left clues—like the codename “BIGPRETZEL”—tying it to Paragon.

Apple has since addressed the attack vector with the release of iOS 18.

Tracing where the spyware was used

Researchers mapped Graphite’s digital fingerprints—its servers and IP addresses—across the internet. What they found was a sprawling network touching countries like Australia, Canada, Cyprus, Denmark, Israel, and Singapore.

It is important to note, however, that the use of a proxy server such as a VPN, may introduce inaccuracies.

"As our findings are based on country-level geolocation of DNS servers, factors such as VPNs and satellite Internet teleport locations can introduce inaccuracies," the Citizen Lab said in 2018.

Singapore servers commonly used to deploy spyware

In 2018, a data leak containing more than 50,000 phone numbers were suspected to be infected with the spyware Pegasus, also sold by an Israeli surveillance company. An investigation conducted by The Citizen Lab found that some of the phones suspected to be infected by the Pegasus spyware were in the UK, US and Singapore.

Back then, the Singapore Government said it is aware of these claims but cannot verify them as no reports have been filed.

In 2023, the Citizen Lab identified also traced suspected operating servers for the QuaDream spyware - another Israeli-made spyware - to 10 countries – Bulgaria, the Czech Republic, Hungary, Ghana, Israel, Mexico, Romania, Singapore, the United Arab Emirates and Uzbekistan.

The QuaDream spyware allowed third parties to record audio from phone calls and the microphone, take pictures through the device's cameras, and track the device's location. It also contained a self-destruct feature that would wipe any traces left behind by the spyware, leaving users none the wiser.

Singapore does not discuss specifics of technologies used

According to a 2023 CNA report, Minister of State for Home Affairs Desmond Tan, when asked if Singapore employs the QuaDream spyware back in 2022, he said then: "...agencies charged with the mission of safeguarding national security necessarily have to rely on a range of intelligence capabilities, including harnessing technology.

“For obvious reasons, the Government cannot and should not discuss specifics on any operational aspects or capabilities regarding our national security.”

A spokesman for the Ministry of Home Affairs said the Government does not generally provide details of how security agencies carry out their work.

“Our security agencies’ task is to keep Singapore safe, secure and sovereign,” he said.

“Serious threats to national security are varied, and include terrorism, and foreign subversion, espionage and interference,” he added.

As of publishing time, Singapore's authorities have not commented on the Graphite spyware.

Read next article ⬇️

Japan’s cherry blossom season begins as first blooms appear in Tokyo

For centuries, sakura have shaped Japanese culture, frequently appearing in poetry and literature as a poignant emblem of life’s fleeting nature, mortality, and renewal.

|2 min read
Japan’s cherry blossom season begins as first blooms appear in Tokyo

Japan's cherry blossom experts on Monday (Mar 24) officially confirmed the initial blooming of the nation's beloved flower, marking the start of the joyous season in Tokyo.

A Japan Meteorological Agency (JMA) official closely inspected the Somei Yoshino specimen tree at Yasukuni Shrine in Tokyo, declaring that it bore more than five blossoms—the minimum threshold for the announcement.

According to the JMA, this year's bloom aligns with the average and is five days ahead of last year's schedule.

Known as "sakura," cherry blossoms are Japan’s cherished flower, typically reaching full bloom from late March to early April, coinciding with the beginning of the new academic and business year. Many locals celebrate by strolling or picnicking beneath the blooming trees.

Japan's cherry blossom

For centuries, sakura have shaped Japanese culture, frequently appearing in poetry and literature as a poignant emblem of life’s fleeting nature, mortality, and renewal.

Tokyo’s announcement follows unusually warm weather, with temperatures hovering around 19°C (66°F). Just a day earlier, on Sunday, the season’s first cherry blossom was confirmed in Kochi, a southwestern city on Shikoku Island.

The JMA monitors over 50 "benchmark" cherry trees nationwide. These trees typically bloom for about two weeks, from the first buds to the final petals falling, with their peak expected in roughly 10 days.

Sensitive to temperature shifts, cherry trees offer critical insights into climate change research. In recent years, Japan’s cherry blossom season has trended earlier than historical averages, raising questions about the potential effects of global warming.

Read next article ⬇️

以色列间谍软件'Graphite'疑在新加坡使用

新加坡服务器频成间谍软件部署据点

|1 min read
以色列间谍软件'Graphite'疑在新加坡使用

来自六个国家的组织或实体疑似利用名为“Graphite”的以色列间谍软件,从WhatsApp等通讯应用中窃取数据。

多伦多大学人权研究实验室“公民实验室”(The Citizen Lab)的报告显示,使用该软件的国家包括澳大利亚、加拿大、塞浦路斯、丹麦、以色列和新加坡。

这一披露距Meta旗下WhatsApp声明已近两月。该公司曾通报约90名记者与公民社会成员,称其成为“Graphite”的攻击目标,而这些攻击已于2024年12月被成功阻断。

间谍软件开发者是谁?

“Graphite”由以色列公司Paragon Solutions研发。该公司成立于2019年,创始人包括前总理埃胡德·巴拉克(Ehud Barak)和以色列国防军8200信号情报部队前指挥官埃胡德·施内尔松(Ehud Schneorson)。这款监控工具能从WhatsApp等即时通讯应用中提取敏感数据。

Paragon宣称其产品旨在协助政府及执法机构捕捉犯罪分子与恐怖分子。

与NSO集团臭名昭著的“飞马”(Pegasus)软件——可完全劫持手机——不同,“Graphite”据称仅专注于窥探WhatsApp或Signal等应用。

运作机制揭秘

“Graphite”技术精妙绝伦,采用“零点击漏洞”发动攻击——用户无需点击可疑链接,仅安装WhatsApp便可能沦为猎物。

攻击者将目标用户拉入聊天群组并发送PDF文件。即使用户毫无动作,其WhatsApp仍会被悄然攻陷。

一旦得逞,“Graphite”能窃取聊天记录、追踪用户行踪甚至挖掘更多信息,而受害者却毫无察觉。

“公民实验室”与Meta(WhatsApp母公司)联手侦测并封堵此威胁,但此前意大利的受感染安卓设备已留下线索——如代号“BIGPRETZEL”——直指Paragon。苹果公司随后在iOS 18中修复了这一攻击路径。

间谍软件使用范围追踪

研究人员通过服务器与IP地址分析,绘制出“Graphite”的全球网络足迹,涉及澳大利亚、加拿大、塞浦路斯、丹麦、以色列及新加坡等地。

然而,使用VPN等代理服务器可能导致定位偏差。“公民实验室”指出:“由于结论基于DNS服务器的国家级定位,VPN及卫星互联网中转站等因素可能影响准确性。”

新加坡服务器频繁现身间谍软件部署

2018年,一次数据泄露暴露了疑似感染“飞马”间谍软件的5万多个电话号码。“公民实验室”调查发现,部分受感染手机位于英国、美国及新加坡。

当时,新加坡政府回应称知悉这些指控,但因未接获具体报告,无法核实其真实性。

2023年,“公民实验室”追踪到另一款以色列间谍软件“QuaDream”的疑似运营服务器,分布于保加利亚、捷克、匈牙利、加纳、以色列、墨西哥、罗马尼亚、新加坡、阿拉伯联合酋长国和乌兹别克斯坦等10国。

“QuaDream”可窃听通话、远程启用麦克风与摄像头、定位设备,并具备自毁功能,抹去一切痕迹,让用户无从察觉。

新加坡拒谈安全技术细节

根据《海峡时报》2023年报道,内政部兼国家发展部政务部长陈国明(Desmond Tan)于2022年被问及是否使用“QuaDream”时表示:“……肩负国家安全使命的机构必须倚靠多种情报能力,包括利用技术手段。”

“出于显而易见的原因,政府不能也不应公开讨论国家安全行动的具体细节或能力。”

内政部发言人强调,政府通常不会透露安全机构的工作方式:“我们的安全机构肩负维护新加坡安全、稳定与主权的重任。国家安全面临多元威胁,包括恐怖主义、外国颠覆、间谍活动及干预等。”

截至发稿,新加坡当局尚未对“Graphite”间谍软件事件置评。

Read next article ⬇️

WP will win more in GE2025 but will it just be more noise?

Heroes or hot mess? Bigger promises, bigger problems?

|3 min read
WP will win more in GE2025 but will it just be more noise?

Singapore’s General Election is due by November 2025, and the Workers’ Party (WP) is hyping itself like it's ready to take over.

They’ve already got 10 seats—Aljunied, Sengkang, and Hougang—and now they’re eyeing more, like Marine Parade, East Coast, Tampines, and Pasir Ris-Punggol. With new faces popping up and a fancy Senior Counsel named Harpreet Singh joining the crew, people are buzzing about a “blue wave.”

But beyond the cheerleading, their track record’s a mess. Should we really give these folks a bigger mic? Let’s dig in.

WP has been on a winning streak

WP knows how to pull off a victory. In 2011, Chen Show Mao helped them snag Aljunied GRC, shocking the PAP.

In 2020, Jamus Lim’s charm won Sengkang with that “warm my cockles” moment we’re still quoting.

Now, Harpreet Singh Nehal—big-deal lawyer turned WP newbie—might be their next star. Spotted in Marine Parade, he’s got the resume to turn heads (think courtroom boss meets grassroots warrior).

Other parties like PAP and PSP are also bringing newbies, but WP’s crew feels like they’re ready to connect—think less suits, more “I get you” energy.

Four more GRCs? They pulled 50.49% in contested seats last time, and the east—full of stressed-out families—might bite. But winning’s one thing; delivering’s another.

Upcoming heroes or a brewing hot mess?

Here’s the tea: WP’s got baggage.

Jamus Lim’s a charmer, but his woke rants on inequality sound like a uni lecture—great for TikTok, less for heartlanders who just want cheaper chicken rice.

Pritam Singh, their leader, just got fined $14,000 for lying to a parliamentary committee about Raeesah Khan. That's a red flag and it’s not a great look for the Leader of the Opposition.

And 2023’s Leon Perera-Nicole Seah affair drama? More soap opera than serious vibes.

These aren’t one-off flubs; they’re a pattern of sloppy judgment. WP’s not the PAP’s well-oiled tank—they’re more like a rickety scooter.

So, should WP get more power?

If WP scores big—say, 20+ seats with wins like 59% in Aljunied, 52% in Sengkang, and 51% in a couple eastern GRCs—it’s less about them being flawless and more about the electorate wanting change. Skyrocketing costs, housing stress, young people over it—WP’s tapping that. Harpreet could be the boost they need, but their ideas have to shine brighter than their slip-ups.

They’re loud about fairness, but can they run the show without tripping over themselves? Parliament might get spicier, but it could also get sloppier.

The bottom line

WP’s got some wins and big talk, but their shine’s fading fast. New faces like Harpreet can’t hide the cracks—shaky delivery, sketchy leaders, and scandals that won’t quit. Their manifesto’s fine, but it’s not worth the chaos they drag in.

Root for them if you’re over PAP’s rule, but don’t expect miracles—just more noise.

Read next article ⬇️

工人党若在2025年大选赢得更多议席,会否只是徒增喧嚣?

英雄还是烂摊子?更大的承诺,更大的问题?

|1 min read
工人党若在2025年大选赢得更多议席,会否只是徒增喧嚣?

新加坡最迟须在2025年11月举行大选,而工人党(WP)正高调造势,仿佛已准备好接管政权。

该党目前拥有10个议席(阿裕尼、盛港和后港),如今更瞄准其他选区如马林百列、东海岸、淡滨尼及白沙—榜鹅。随着新面孔涌现,包括资深律师哈普雷特·辛格(Harpreet Singh)的加入,坊间热议“蓝色浪潮(指工人党支持率的上升势头)”即将来袭。

但在欢呼声背后,工人党的执政表现却一团糟。我们真该给这些人更多话语权吗?且让我们深入分析。

工人党连胜势头强劲

工人党深谙胜选之道。2011年,陈硕茂助该党夺下阿裕尼集选区,震惊人民行动党(PAP)。

2020年,林志蔚(Jamus Lim)以“暖我的心房(warm my cockles,指感动人心)”的言论赢得盛港选区,此言至今仍被津津乐道。

如今,新晋党员哈普雷特·辛格·内哈尔(Harpreet Singh Nehal)——这位从知名律师转型的政坛新人——可能成为下一颗明星。他被发现活跃于马林百列选区,其履历令人瞩目(堪称法庭精英与草根战士的结合体)。

尽管行动党和新加坡前进党(PSP)也推出新人,但工人党团队更显亲民——少些官僚做派,多些“感同身受”的共鸣。

再夺四个集选区?根据2020年选举数据,该党在竞争选区得票率达50.49%,而东部地区饱受生活压力的家庭或许会转向工人党。但胜选是一回事,执政能力则是另一回事。

未来英雄还是危机暗涌?

真相如下:工人党包袱重重。

林志蔚虽魅力十足,但他关于不平等的“觉醒”言论更适合TikTok,难吸引只求鸡饭降价的基层选民。

党魁普里坦·辛格(Pritam Singh)因就拉希莎·汗(Raeesah Khan)事件向国会特权委员会撒谎,刚被罚款1.4万新元。这一污点令反对党领袖形象蒙尘。

2023年,梁文辉(Leon Perera)与妮可·Seah(Nicole Seah)的绯闻风波?比起严肃政治,更像肥皂剧情节。

这些并非偶然失误,而是判断力持续欠佳的体现。工人党绝非行动党那般纪律严明的“钢铁坦克”,反倒像一辆吱呀作响的破旧摩托。

工人党应获更多权力吗?

若工人党大胜(例如阿裕尼59%、盛港52%、东部两集选区51%,总议席超20席),这并非因其完美无缺,而是选民渴求变革。物价飞涨、住房压力、年轻世代不满现状——工人党正瞄准这些痛点。哈普雷特或许是助力,但他们的政策构想必须比失误更耀眼。

他们高呼公平,但能否在执政时不自乱阵脚?国会辩论或将更激烈,但也可能更失序。

关键结论

工人党虽有胜绩与豪言,但其光环正迅速褪色。哈普雷特等新面孔无法掩盖裂痕——执政能力不稳、领袖信誉存疑、丑闻接连不断。其竞选宣言固然可观,但带来的混乱恐得不偿失。

若你已厌倦行动党执政,大可支持工人党,但别期待奇迹——唯有更多的喧嚣罢了。

Read next article ⬇️

Here's the full leaked private chat of US officials discussing Yemen attack

Surreal.

|3 min read
Here's the full leaked private chat of US officials discussing Yemen attack

On March 11, 2025, The Atlantic editor Jeffrey Goldberg was accidentally added to a Signal chat with Trump’s top national security team—Michael Waltz, JD Vance, Pete Hegseth, Marco Rubio, Tulsi Gabbard, and more.

Dubbed "Houthi PC small group," the chat laid bare plans for a U.S. strike on Yemen’s Houthi rebels.

On March 15, Hegseth posted specifics: “1415: Strike Drones on Target,” alongside F-18 and Tomahawk timelines.

Hours later, the attack killed 31.

How it happened

The story begins on March 11, 2025, when Goldberg received a connection request on Signal, an encrypted messaging app, from a user identified as Michael Waltz—President Donald Trump’s national security adviser.

On March 13, Waltz added him to a chat labeled "Houthi PC small group" (likely shorthand for Principals Committee), which included 18 members such as Vice President JD Vance, Defense Secretary Pete Hegseth, Secretary of State Marco Rubio, Director of National Intelligence Tulsi Gabbard, CIA Director John Ratcliffe, and other key figures.

Unbeknownst to the group, Goldberg silently observed as officials discussed operational details of an imminent U.S. military strike against Yemen’s Houthi militants, a group that had been attacking international shipping in the Red Sea.

On March 15, at 11:44 AM ET, Hegseth posted a "TEAM UPDATE" with precise timelines, including the launch of F-18 jets, MQ-9 drones, and Tomahawk missiles, as well as weather conditions and targeting information. Hours later, the strikes commenced, killing at least 31 people according to Yemen’s Houthi-run health ministry.

Goldberg, lacking security clearance, did not participate in the chat and later removed himself, a move that would have notified Waltz as the group creator—yet no one followed up.

On March 24, he published his initial account in The Atlantic, withholding some specifics to avoid endangering U.S. personnel.

The next day, after administration officials repeatedly claimed no classified information was shared, the magazine released a fuller transcript on March 26, arguing that the public deserved transparency given the administration’s denials.

Broader implications

The leak exposed more than just military plans. It revealed internal tensions, with Vance urging a delay to avoid “bailing out Europe” (which relies heavily on Red Sea shipping) and Hegseth decrying “European free-loading.”

European allies reacted with alarm, with anonymous officials decrying the “reckless” breach and anti-European rhetoric. Allies like Samar Ali warned that partners might hesitate to share sensitive intelligence with the U.S. moving forward.

Domestically, the incident revived debates over government transparency and accountability.

The National Security Council is reviewing the incident, but accountability remains uncertain.

Read the full chat log