Fathership

以色列间谍软件'Graphite'疑在新加坡使用

新加坡服务器频成间谍软件部署据点

|1 min read
以色列间谍软件'Graphite'疑在新加坡使用

来自六个国家的组织或实体疑似利用名为“Graphite”的以色列间谍软件,从WhatsApp等通讯应用中窃取数据。

多伦多大学人权研究实验室“公民实验室”(The Citizen Lab)的报告显示,使用该软件的国家包括澳大利亚、加拿大、塞浦路斯、丹麦、以色列和新加坡。

这一披露距Meta旗下WhatsApp声明已近两月。该公司曾通报约90名记者与公民社会成员,称其成为“Graphite”的攻击目标,而这些攻击已于2024年12月被成功阻断。

间谍软件开发者是谁?

“Graphite”由以色列公司Paragon Solutions研发。该公司成立于2019年,创始人包括前总理埃胡德·巴拉克(Ehud Barak)和以色列国防军8200信号情报部队前指挥官埃胡德·施内尔松(Ehud Schneorson)。这款监控工具能从WhatsApp等即时通讯应用中提取敏感数据。

Paragon宣称其产品旨在协助政府及执法机构捕捉犯罪分子与恐怖分子。

与NSO集团臭名昭著的“飞马”(Pegasus)软件——可完全劫持手机——不同,“Graphite”据称仅专注于窥探WhatsApp或Signal等应用。

运作机制揭秘

“Graphite”技术精妙绝伦,采用“零点击漏洞”发动攻击——用户无需点击可疑链接,仅安装WhatsApp便可能沦为猎物。

攻击者将目标用户拉入聊天群组并发送PDF文件。即使用户毫无动作,其WhatsApp仍会被悄然攻陷。

一旦得逞,“Graphite”能窃取聊天记录、追踪用户行踪甚至挖掘更多信息,而受害者却毫无察觉。

“公民实验室”与Meta(WhatsApp母公司)联手侦测并封堵此威胁,但此前意大利的受感染安卓设备已留下线索——如代号“BIGPRETZEL”——直指Paragon。苹果公司随后在iOS 18中修复了这一攻击路径。

间谍软件使用范围追踪

研究人员通过服务器与IP地址分析,绘制出“Graphite”的全球网络足迹,涉及澳大利亚、加拿大、塞浦路斯、丹麦、以色列及新加坡等地。

然而,使用VPN等代理服务器可能导致定位偏差。“公民实验室”指出:“由于结论基于DNS服务器的国家级定位,VPN及卫星互联网中转站等因素可能影响准确性。”

新加坡服务器频繁现身间谍软件部署

2018年,一次数据泄露暴露了疑似感染“飞马”间谍软件的5万多个电话号码。“公民实验室”调查发现,部分受感染手机位于英国、美国及新加坡。

当时,新加坡政府回应称知悉这些指控,但因未接获具体报告,无法核实其真实性。

2023年,“公民实验室”追踪到另一款以色列间谍软件“QuaDream”的疑似运营服务器,分布于保加利亚、捷克、匈牙利、加纳、以色列、墨西哥、罗马尼亚、新加坡、阿拉伯联合酋长国和乌兹别克斯坦等10国。

“QuaDream”可窃听通话、远程启用麦克风与摄像头、定位设备,并具备自毁功能,抹去一切痕迹,让用户无从察觉。

新加坡拒谈安全技术细节

根据《海峡时报》2023年报道,内政部兼国家发展部政务部长陈国明(Desmond Tan)于2022年被问及是否使用“QuaDream”时表示:“……肩负国家安全使命的机构必须倚靠多种情报能力,包括利用技术手段。”

“出于显而易见的原因,政府不能也不应公开讨论国家安全行动的具体细节或能力。”

内政部发言人强调,政府通常不会透露安全机构的工作方式:“我们的安全机构肩负维护新加坡安全、稳定与主权的重任。国家安全面临多元威胁,包括恐怖主义、外国颠覆、间谍活动及干预等。”

截至发稿,新加坡当局尚未对“Graphite”间谍软件事件置评。

Read next article ⬇️

Israel's spyware 'Graphite' allegedly used in Singapore

Singapore servers commonly used to deploy spyware

|4 min read
Israel's spyware 'Graphite' allegedly used in Singapore

Organisations or entities from six countries likely used Israeli spyware named "Graphite" to harvest data from Whatsapp and other messaging apps.

According to a report by The Citizen Lab, a human rights research laboratory based at the University of Toronto, the countries where the spyware was used included Australia, Canada, Cyprus, Denmark, Israel, and Singapore.

The development comes nearly two months after Meta-owned WhatsApp said it notified around 90 journalists and civil society members that it said were targeted by Graphite. The attacks were disrupted in December 2024.

Who created the spyware?

Paragon Solutions, founded in 2019 by Ehud Barak and Ehud Schneorson, a former commander of signals intelligence agency Unit 8200 of the Israel Defense Force (IDF), is the maker of a surveillance tool called Graphite that's capable of harvesting sensitive data from instant messaging applications such as Whatsapp.

Paragon pitches its tools as helping governments and law enforcement agencies to catch criminals and terrorists.

Unlike infamous tools like NSO Group’s Pegasus, which can hijack your entire phone, Graphite supposedly sticks to snooping on apps like WhatsApp or Signal.

How it works

Graphite’s tech is slick - using a zero-click exploit. What this means is that you don’t need to click a shady link—just having WhatsApp installed could be enough.

The target user is added to a chat group and a PDF will be sent. Even without clicking or doing anything, the user's Whatsapp will be exploited.

Once in, Graphite can grab your chats, track your moves, and more, all while you’re none the wiser.

The Citizen Lab worked with Meta (WhatsApp’s parent company) to spot and block it, but not before infected Android phones in Italy left clues—like the codename “BIGPRETZEL”—tying it to Paragon.

Apple has since addressed the attack vector with the release of iOS 18.

Tracing where the spyware was used

Researchers mapped Graphite’s digital fingerprints—its servers and IP addresses—across the internet. What they found was a sprawling network touching countries like Australia, Canada, Cyprus, Denmark, Israel, and Singapore.

It is important to note, however, that the use of a proxy server such as a VPN, may introduce inaccuracies.

"As our findings are based on country-level geolocation of DNS servers, factors such as VPNs and satellite Internet teleport locations can introduce inaccuracies," the Citizen Lab said in 2018.

Singapore servers commonly used to deploy spyware

In 2018, a data leak containing more than 50,000 phone numbers were suspected to be infected with the spyware Pegasus, also sold by an Israeli surveillance company. An investigation conducted by The Citizen Lab found that some of the phones suspected to be infected by the Pegasus spyware were in the UK, US and Singapore.

Back then, the Singapore Government said it is aware of these claims but cannot verify them as no reports have been filed.

In 2023, the Citizen Lab identified also traced suspected operating servers for the QuaDream spyware - another Israeli-made spyware - to 10 countries – Bulgaria, the Czech Republic, Hungary, Ghana, Israel, Mexico, Romania, Singapore, the United Arab Emirates and Uzbekistan.

The QuaDream spyware allowed third parties to record audio from phone calls and the microphone, take pictures through the device's cameras, and track the device's location. It also contained a self-destruct feature that would wipe any traces left behind by the spyware, leaving users none the wiser.

Singapore does not discuss specifics of technologies used

According to a 2023 CNA report, Minister of State for Home Affairs Desmond Tan, when asked if Singapore employs the QuaDream spyware back in 2022, he said then: "...agencies charged with the mission of safeguarding national security necessarily have to rely on a range of intelligence capabilities, including harnessing technology.

“For obvious reasons, the Government cannot and should not discuss specifics on any operational aspects or capabilities regarding our national security.”

A spokesman for the Ministry of Home Affairs said the Government does not generally provide details of how security agencies carry out their work.

“Our security agencies’ task is to keep Singapore safe, secure and sovereign,” he said.

“Serious threats to national security are varied, and include terrorism, and foreign subversion, espionage and interference,” he added.

As of publishing time, Singapore's authorities have not commented on the Graphite spyware.

Read next article ⬇️

Oracle Cloud massive hack - DSTA, OCBC in leaked list

MINDEF, OCBC announced a partnership with Oracle Cloud in March 2025. Days later, Oracle allegedly suffered the biggest hack of 2025 - 6M records for sale

|3 min read
Oracle Cloud massive hack - DSTA, OCBC in leaked list

Oracle announced last week (Mar 21) that it secured a significant contract with Singapore's Defence Science and Technology Agency (DSTA) to provide an **Oracle Cloud services for the Ministry of Defence (MINDEF) and Singapore Armed Forces (SAF). The Digital and Intelligence Service will also partner with Oracle to accelerate AI deployment for military missions.

In the same month, OCBC announced a partnership with Oracle to shift its finance operations to the cloud.

Just a day earlier (Mar 20), a user with the moniker "rose87168" posted on a hacking forum purportedly selling 6 million records extracted from Oracle Cloud's servers. The data included sensitive information such as encrypted credentials for authentication and other private keys of approximately 140K tenants.

It was the dubbed the biggest supply chain hack of 2025. The hacker claimed that the breach occurred 40 days ago in late February.

Hacker demanded ransom from Oracle in February 2025

A month before the hack, the hacker contacted Oracle with a demand for more than 200 million dollars in crypto coins.

Oracle refused to comply.

The hacker is currently coercing affected companies and organizations to pay for data removal, increasing financial and reputational risks.

Oracle initially denied the breach but investigations show leak is real

"There has been no breach of Oracle Cloud. The published credentials are not for the Oracle Cloud. No Oracle Cloud customers experienced a breach or lost any data," the company told BleepingComputer shortly after news organizations reported on the hack.

On Tuesday (Mar 25), the hacker shared a 10,000-line sample to further substantiate their claims. The sample alone contains data from 1,500+ unique organisations, indicating a significant breach.

The dataset includes a substantial number of personal email addresses, likely due to organisations allowing SSO-based authentication for their users and customers.

DSTA, OCBC among organisations listed in the data leak

Fathership has identified dsta.gov.sg and ocbc.com as being listed in the data leak. Even if the entity do not use Oracle as the primary cloud, if someone tried Oracle at some point, even as a trial use, the domain might be present in the list shared by the hacker.

The authenticity of the hack is debated. Some analysts question the hacker’s inability to decrypt the data, suggesting it might be outdated (e.g., from 2022 backups) or exaggerated.

As of now, it’s unresolved, with Oracle standing by its denial and the cybersecurity community urging affected organizations to rotate credentials, monitor systems, and engage Oracle for clarification.

Read next article ⬇️

Harpreet Nehal Singh met with Senior Leaders of PAP and Lee Kuan Yew between 2005 to 2006

From PAP aspirant to WP member - or mole?

|4 min read
Harpreet Nehal Singh met with Senior Leaders of PAP and Lee Kuan Yew between 2005 to 2006

Nearly two decades ago, Harpreet Nehal Singh — Harvard-educated, mentored by legal giant Davinder Singh, and bold enough to spar with Lee Kuan Yew on live television — sought entry into Singapore’s ruling elite.

Between 2005 to 2006, Harpreet met with the top brass of PAP's leadership - including multiple one-on-ones with Lee Hsien Loong, Tharman Shamugaratnam, S Jayakumar (then deputy prime minister) and the late Lee Kuan Yew.

As Jom confirms in a 2024 interview with Harpreet: “The cabinet deliberated” before rejecting him with the ambiguous, “There are different ways to contribute to this country.”

Now, at 59, Harpreet traded the establishment’s orbit for the opposition’s front line.

From PAP Aspirant to WP Member — or mole?

Harpreet's rejection didn’t end his political ambitions — he applied for an NMP role in 2007 but was again unsuccessful.

By the 2010s, Jom notes his growing disillusionment with PAP, mirrored by its declining vote share (75.3% in 2001 to 61.2% in 2020).

In 2021, he began volunteering with then - WP MP Leon Perera, and by 2023, he was seen in WP’s light blue uniform, engaging in walkabouts and Hammer newspaper sales.

The timing and context of Harpreet’s PAP meeting invite close to two decades ago invite speculation: was his rejection genuine, or a staged exit to position him as a long-term asset?

Meeting senior PAP leaders suggests trust — why entertain a high-profile candidate only to dismiss him without cause?

Harpreet is Establishment material

Harpreet’s resume screams establishment: Straits Times columns, elite circles, a career thriving in the PAP’s ecosystem.

His 2023 pivot to the WP feels dramatic—too dramatic, perhaps.

Jom quotes him decrying POFMA, Yale-NUS’s closure, and media control: “I don’t see this thing self-correcting.”

It’s a sharp but measured critique, never fully anti-establishment - almost as if he’s playing a part, staying within bounds set by unseen handlers. But it’s also rehearsed, polished — “carefully primed, bullet-proofed,” as Jom puts it.

Could Harpreet’s 2005-2006 encounter have been a directive to embed himself elsewhere, resurfacing in the WP as it gains traction ahead of the 2025 General Election?

The mole hypothesis

Here’s the theory: the PAP, masters of control, saw in Harpreet not a liability but an asset.

They let him simmer, maintaining his insider ties — think Davinder Singh’s mentorship, his establishment perch — while grooming him for a covert role.

That 2005-2006 meeting wasn’t a dead end — it was a starting line. He’s not hiding disillusionment; he’s concealing loyalty.

The WP’s growth threatens the PAP’s grip; who better to embed than a credentialed ally who can pass as a convert?

If he wins a seat, he’s not just a voice — he’s a listener, a conduit back to the ruling elite.

Jom calls him a potential “big fish” for the opposition, but what if he’s bait, dangling to keep the WP in check?

The PAP didn’t lose him — they deployed him.

Harpreet the Harpoon

Harpreet’s WP role is public: he’s been photographed with leaders like Pritam Singh and Sylvia Lim, and his March 18, 2025, Facebook post declares pride in the party, advocating “balanced politics.”

Yet, the PAP’s silence on his departure is telling — no rebuttal, no narrative.

His insider roots — mentored by Davinder Singh, a PAP stalwart — contrast with his late opposition turn at 59.

The WP’s rise (10 seats in 2020) makes it a target for monitoring; Harpreet, with his credentials, fits as a potential plant.

No hard proof exists — his 2005-2006 meeting’s details remain opaque — but the hypothesis lingers.

What’s 'Harpreet the Harpoon' burying? A directive, whispered by senior leaders, to infiltrate and report? A promise of reward if he pulls it off? He’s not the naive reformer Jom lionizes; he’s a chess piece, moved by the party he claims to oppose.

Evidence is thin, but the pattern fits: a man too connected to break free, too strategic to act on whim.

What’s next?

Harpreet’s next steps will clarify his intent.

If he contests in 2025 and wins, his parliamentary actions — loyalty to WP or subtle PAP alignment — could reveal more.

For now, his journey from a 2005-2006 PAP meeting to WP prominence is fact; whether it masks a mole’s agenda is conjecture.

The timeline holds: he met PAP leaders nearly two decades ago, was rebuffed, and now challenges them — or does he?

Read next article ⬇️

工人党若在2025年大选赢得更多议席,会否只是徒增喧嚣?

英雄还是烂摊子?更大的承诺,更大的问题?

|1 min read
工人党若在2025年大选赢得更多议席,会否只是徒增喧嚣?

新加坡最迟须在2025年11月举行大选,而工人党(WP)正高调造势,仿佛已准备好接管政权。

该党目前拥有10个议席(阿裕尼、盛港和后港),如今更瞄准其他选区如马林百列、东海岸、淡滨尼及白沙—榜鹅。随着新面孔涌现,包括资深律师哈普雷特·辛格(Harpreet Singh)的加入,坊间热议“蓝色浪潮(指工人党支持率的上升势头)”即将来袭。

但在欢呼声背后,工人党的执政表现却一团糟。我们真该给这些人更多话语权吗?且让我们深入分析。

工人党连胜势头强劲

工人党深谙胜选之道。2011年,陈硕茂助该党夺下阿裕尼集选区,震惊人民行动党(PAP)。

2020年,林志蔚(Jamus Lim)以“暖我的心房(warm my cockles,指感动人心)”的言论赢得盛港选区,此言至今仍被津津乐道。

如今,新晋党员哈普雷特·辛格·内哈尔(Harpreet Singh Nehal)——这位从知名律师转型的政坛新人——可能成为下一颗明星。他被发现活跃于马林百列选区,其履历令人瞩目(堪称法庭精英与草根战士的结合体)。

尽管行动党和新加坡前进党(PSP)也推出新人,但工人党团队更显亲民——少些官僚做派,多些“感同身受”的共鸣。

再夺四个集选区?根据2020年选举数据,该党在竞争选区得票率达50.49%,而东部地区饱受生活压力的家庭或许会转向工人党。但胜选是一回事,执政能力则是另一回事。

未来英雄还是危机暗涌?

真相如下:工人党包袱重重。

林志蔚虽魅力十足,但他关于不平等的“觉醒”言论更适合TikTok,难吸引只求鸡饭降价的基层选民。

党魁普里坦·辛格(Pritam Singh)因就拉希莎·汗(Raeesah Khan)事件向国会特权委员会撒谎,刚被罚款1.4万新元。这一污点令反对党领袖形象蒙尘。

2023年,梁文辉(Leon Perera)与妮可·Seah(Nicole Seah)的绯闻风波?比起严肃政治,更像肥皂剧情节。

这些并非偶然失误,而是判断力持续欠佳的体现。工人党绝非行动党那般纪律严明的“钢铁坦克”,反倒像一辆吱呀作响的破旧摩托。

工人党应获更多权力吗?

若工人党大胜(例如阿裕尼59%、盛港52%、东部两集选区51%,总议席超20席),这并非因其完美无缺,而是选民渴求变革。物价飞涨、住房压力、年轻世代不满现状——工人党正瞄准这些痛点。哈普雷特或许是助力,但他们的政策构想必须比失误更耀眼。

他们高呼公平,但能否在执政时不自乱阵脚?国会辩论或将更激烈,但也可能更失序。

关键结论

工人党虽有胜绩与豪言,但其光环正迅速褪色。哈普雷特等新面孔无法掩盖裂痕——执政能力不稳、领袖信誉存疑、丑闻接连不断。其竞选宣言固然可观,但带来的混乱恐得不偿失。

若你已厌倦行动党执政,大可支持工人党,但别期待奇迹——唯有更多的喧嚣罢了。

Read next article ⬇️

Japan’s cherry blossom season begins as first blooms appear in Tokyo

For centuries, sakura have shaped Japanese culture, frequently appearing in poetry and literature as a poignant emblem of life’s fleeting nature, mortality, and renewal.

|2 min read
Japan’s cherry blossom season begins as first blooms appear in Tokyo

Japan's cherry blossom experts on Monday (Mar 24) officially confirmed the initial blooming of the nation's beloved flower, marking the start of the joyous season in Tokyo.

A Japan Meteorological Agency (JMA) official closely inspected the Somei Yoshino specimen tree at Yasukuni Shrine in Tokyo, declaring that it bore more than five blossoms—the minimum threshold for the announcement.

According to the JMA, this year's bloom aligns with the average and is five days ahead of last year's schedule.

Known as "sakura," cherry blossoms are Japan’s cherished flower, typically reaching full bloom from late March to early April, coinciding with the beginning of the new academic and business year. Many locals celebrate by strolling or picnicking beneath the blooming trees.

Japan's cherry blossom

For centuries, sakura have shaped Japanese culture, frequently appearing in poetry and literature as a poignant emblem of life’s fleeting nature, mortality, and renewal.

Tokyo’s announcement follows unusually warm weather, with temperatures hovering around 19°C (66°F). Just a day earlier, on Sunday, the season’s first cherry blossom was confirmed in Kochi, a southwestern city on Shikoku Island.

The JMA monitors over 50 "benchmark" cherry trees nationwide. These trees typically bloom for about two weeks, from the first buds to the final petals falling, with their peak expected in roughly 10 days.

Sensitive to temperature shifts, cherry trees offer critical insights into climate change research. In recent years, Japan’s cherry blossom season has trended earlier than historical averages, raising questions about the potential effects of global warming.