Wednesday, December 9, 2009

On internet security in Singapore

According to a recent report by computer security expert, McAfee, Singapore has the 10th riskiest internet domains in the world.

This means that if you surf to a Singapore-registered website which ends with “.sg”, the chances of your computer contracting some form of malware is very high. According to McAfee, Singapore’s risky websites rose appreciably from 0.3% last year to 9.1% this year, although, McAfee found that the dangers appear to be of a moderate level rather than severe level. Interestingly, McAfee highlighted Chinese pharmacy spam sites in Singapore as a main cause of risk.

In comparison, Malaysia’s domains (.my) were ranked relatively safe at #80 out of 104 domains with a rating of only 0.3% risk, while Japan’s domains (.jp) were established to be the safest country domains with a rating of only 0.1% risk.

According to McAfee, when scammers and hackers register their malicious websites, they look for registrars with:
  • lack of regulation

  • ease of registration

  • lowest price
Given that Singapore’s domains (.sg) are ranked among the top 10 riskiest internet domains in the world, presumably, scammers and hackers view that there is little regulation involved in registering the .sg domains, and they are easy as well as cheap to register.

Now, why should dangerous internet domains be an important concern for Singapore? Well, a bad reputation for Singapore websites could negatively affect legitimate businesses in Singapore who intend to rely on e-commerce. Internet users may not trust websites ending with .sg for fear of contracting malware or succumbing to scams. In fact, if Singapore’s standing as a reliable and trustworthy place in the internet world is lowered, the potential impact is global.

So, does Singapore have laws against computer crimes such as websites with malware? Yes, in fact, it does. The main legislation is the Computer Misuse Act which was passed in 1993. There are a variety of activities which are considered offences under the Act, such as:
  • unauthorised access to, or modification of, computer material

  • unauthorised use or interception of computer service

  • unauthorised obstruction of use of computer

  • unauthorised disclosure of access code
The penalties for committing these offences are severe, especially if damage is caused, ranging up to fines of S$50,000 and jail terms of 10 years. If the offences involve threats to national security, the penalties can be enhanced up to fines of S$100,000 and jail terms of 20 years.

So, on the face of it, Singapore appears to have adequate laws against computer crimes. But are these laws being enforced? Well, the main agency tasked to tackle computer crimes, is the Technology Crime Division of the Criminal Investigation Department of the Singapore Police Force. This division conducts investigation, forensic examination and prosecution into technology-related offences committed under the Computer Misuse Act, such as hacking and unauthorised access to account.

Is the Technology Crime Division doing enough to counter scammers and hackers in Singapore? At present, this author is unable to find specific statistics on how many scammers and hackers have been successfully prosecuted under the Computer Misuse Act. Admittedly, it is a difficult job to fight computer crime and to bring elusive scammers and hackers before the law. Even with a dedicated unit like the Technology Crime Division, the evidence of Singapore’s poor security ranking for internet domains indicate that many scammers and hackers do thrive in Singapore.

What else can Singapore do? Well, the key may lie in making it difficult for scammers and hackers to register their domains. The .sg domains are registered by SGNIC’s accredited registrars, such as SingNet. Perhaps, for a start, these registrars can require domain applicants (as well as current domain owners) to furnish more detailed information and proof of identity. And whenever news of malicious domains is notified to the registrars, the registrars should act quickly to investigate and disable such domains, as well as report them to the police. In this respect, SGNIC may also consider providing an easy website form for users to report malicious Singapore websites.

Update: Local media picked up on this news on 18 December 2009.

1 comment:

  1. This means that if you surf to a Singapore-registered website which ends with “.sg”, the chances of your computer contracting some form of malware is very high.
    Website design and development singapore |
    Website design and development dubai