From...

May 6, 1999
Web posted at: 9:09 a.m. EDT (1309 GMT)

by David Legard

SINGAPORE (IDG) -- The Singaporean Internet service provider SingNet has admitted that over the past week it carried out scans on the computer systems of 200,000 subscribers without their knowledge.

The scans, which were detected by a subscriber who had fitted her computer with antihacking software, were performed to prevent a recurrence of a March incident where hackers were able to obtain passwords from 17 subscribers, SingNet said. The scans were carried out by computer experts from the Ministry of Home Affairs, which had helped crack the March hacking case.

MORE COMPUTING INTELLIGENCE
	IDG.net home page
PC World home page
FileWorld find free software fast
Make your PC work harder with these tips
Reviews & in-depth info at IDG.net
		IDG.net's desktop PC page
		IDG.net's portable PC page
IDG.net's Windows software page
IDG.net's personal news page
Year 2000 World
Questions about computers? Let IDG.net's editors help you
Subscribe to IDG.net's free daily newsletter for computer geniuses (& newbies)
Search IDG.net in 12 languages
News Radio
	Fusion audio primers
	Computerworld Minute

The admission drew some angry comment in online newsgroups about privacy violations, with contributors urging SingNet subscribers to switch ISPs.

In a statement released last week, Paul Chong, chief executive officer of Singapore Telecommunications' multimedia division, which runs SingNet, said there had been no invasion of customers' privacy and that the ISP had customers' best interests at heart.

Looking for security loopholes

Chong said that SingNet regretted not informing customers before the exercise, but said the ISP did not want to alert hackers or to unduly alarm its customers. The scanning program is not a hacking tool and has no ability to enter any computer system; rather, it is a defensive measure to look for security loopholes, Chong said.

The scan checked computer systems' vulnerability to so-called Trojan horse attacks, SingNet said. A Trojan horse lets a hacker capture passwords and gain access to a person's PC and data.

The Singaporean ISP used NetBus and Back Orifice scanning software, which was detected by a law student with Jammer antihacking software installed on her system, local press reported.

Alarmed, the student contacted SingNet, which said it was responsible for the intrusion, press reports added. Back Orifice was developed last year by hacker group Cult of the Dead Cow.

SingNet said it had discovered 900 computers infected with Trojan horse viruses during the week, and would inform owners by e-mail.

Stopped scanning

The ISP has stopped scanning while it seeks subscribers' views on preventive scanning measures, SingNet said. The ISP said it will call upon the independent National Internet Advisory Committee to certify that its scanning exercises are unobtrusive.

Two other Singaporean ISPs, Cyberway and Pacific Internet, responded by placing gaudy advertisements on their Web sites for virus-detection software such as Jammer, Private Desktop, NukeNabber, and Anti-Gen.