bodyType

customContents

entityId

entityUuid

articlePageQuery

filter

article

articleBaseAdvertisingInfoArticle

articleListArticle

articleSeoArticle

helpersCheckIsPostiesArticle

hooksArticleAcknowledgementGateOverlayArticle

hooksTrackPageViewArticle

hooksContentInterestArticle

articleLinkingDataContent

hooksAmpRedirectArticle

articleSchemaContent

liveArticle

advertZone

sentiment

contentLock

topics

types

sections

moreOnThisArticles

urlAlias

commentCount

authorLocations

authors

corrections

sponsorType

displaySlideShow

multimediaEmbed

printHeadline

seriesContainer

socialHeadline

headline

flag

firstTopic

glossary

flattenTypeIds

publishedDate

additionalInfoBoxes

quizIds

images

image

relatedLinks

relatedNewsletters

__typename

createdDate

sponsor

paywallTypes

pdfFiles

seriesReverseOrder

series

disableOffPlatformContent

published

updatedDate

summary

subHeadline

body

keywords

readingTime

customTimezone

liveContents

Iris Deng

The State Courts of Singapore have slapped an engineer of Chinese internet giant Tencent Holdings with a S$5,000 (US$3,663) fine for hacking into a hotel’s Wi-fi server during his stay in the city state last month.
Zheng Dutao, 23, was handed the fine on Monday, in lieu of a 25-day prison sentence, for hacking into the Wi-fi system of a branch of the Fragrance Hotel chain where he stayed.
He pleaded guilty to one count of intentionally disclosing a password providing unauthorised access to data belonging to the budget hotel chain, according to a report by Yahoo News.
A fresh graduate, Zheng visited Singapore to attend a security conference and competition called HITB GSEC, held from August 27 to 31, as an individual participant, according to a statement from Tencent. The Shenzhen-based company did not provide the current employment status of Zheng.
Shanghai police investigate data leak of 130 million hotel clients available on dark web for 8 bitcoin
The investigation found that Zheng arrived on August 27 and checked into the Fragrance Hotel’s branch in Singapore’s Bugis shopping district.
The following day, Zheng said he looked to find possible vulnerabilities in his hotel’s Wi-fi system “out of curiosity”. Using Google search, he successfully found the hotel Wi-fi system’s default user identification and password.
After connecting to that system, Zheng executed scripts, decrypted files and cracked passwords over the next three days before gaining access to the database of the hotel’s Wi-fi server, according to Yahoo News. He also tried to access the Wi-fi server of Fragrance Hotel’s branch in the city’s Little India district, but failed.
Zheng posted the steps he performed to successfully hack that server on his personal blog, in which he made the passwords public without authorisation from the hotel. He also shared the blog post in a WhatsApp group chat.


The Cyber Security Agency of Singapore (CSA) discovered the blog post and notified the hotel’s management. CSA also asked Zheng to take down the post, which he did.
The hotel reported the hack to the police on September 1, according to Yahoo News. It said Zheng had been blogging about server vulnerabilities since 2014, but his blog post from Singapore was the first time he documented a vulnerability that he discovered.
At Zheng’s court hearing, his lawyer Anand Nalachandran said no actual harm was caused to the hotel. He requested the court to impose a fine of no more than S$5,000, taking into account Zheng being put in custody for several days, according to the report.
Under Singapore’s Computer Misuse Act, the maximum punishment for the offence of unauthorised disclosure of passwords involves a S$10,000 fine and three years in prison.
Singapore firms could have lost billions that would amount to six per cent of city state’s GDP through cyberattacks
Nalachandran did not immediately respond to a request for further comment about Zheng’s case.
The deputy public prosecutor for the case, Thiagesh Sukumaran, said Zheng appeared to have committed the offence out of curiosity, Yahoo News reported. While no “tangible harm” was caused, he said Zheng knew as a security professional the venerability he posted on a his blog could be “exploited by others for wrongful purposes”. He also asked the court for a fine of S$5,000.
The hotel hacking incident has received wide public attention in both Singapore and China amid a recent security breach at New York-listed Huazhu Hotels Group, which owns more than 10 hotel brands and manages more than 3,800 hotels across 382 mainland cities.
Massive hack attack on Singapore’s health records likely carried out by state-linked group. But who?
An investigation by Shanghai police resulted in the arrest of a suspect in the attempted sale last month of the personal data of about 130 million Huazhu clients via a Dark Web forum, where the asking price was 8 bitcoin or about US$56,000.
Singapore has also been hit by a series of cyberattacks on companies and public agencies. The city’s government said in July that 1.5 million health records were breached in an incident that occurred from June 27 to July 4, which repeatedly targeted the health records of Singapore Prime Minister Lee Hsien Loong.
Cyberattacks on companies in Singapore last year resulted in US$17.7 billion worth of economic damage, according to estimates by Frost & Sullivan in a study commissioned by Microsoft. That figure would account for six per cent of the city’s gross domestic product.


Malaysia’s home minister ridiculed after his WhatsApp account hacked

Mainland China accuses Taiwan of backing cyberattacks on 1,000 sensitive targets

China’s internet watchdog cracks down on false financial claims and stock touting online

FCC votes to bar Chinese labs from testing US tech if they’ve been deemed security risks

Cybersecurity

Tencent engineer slapped with fine for hacking hotel Wi-fi in Singapore

Zheng Dutao, an engineer of Tencent Holdings, was recently handed a S$5,000 (US$3,633) fine by the State Courts of Singapore for hacking into the Wi-fi system of a budget hotel in the city and documenting that security breach in his personal blog. Photo: Simon Song

Shanghai police investigate data leak of 130 million hotel clients available on dark web for 8 bitcoin

The personal data of 130 million clients of Huazhu Hotels Group has been stolen. Photo: Alamy Stock Photo

Massive hack attack on Singapore’s health records likely carried out by state-linked group. But who?

A cyberattack that breached 1.5 million health records in Singapore has been attributed to sophisticated attackers who may be state-linked, a Cabinet minister said Monday. File photo: Reuters

After Singapore medical data hack, Hong Kong’s Department of Health becomes latest cyberattack victim

Hong Kong’s Department of Health has become the latest victim of a cyberattack. Photo: Shutterstock

Department of Health. Photo: handout

Travel agent WWPKG’s shop in Jordan was closed after its company database has been hacked, with personal information of 200,000 customers at risk, the attacker has demanded a seven-figure ransom to be paid in bitcoins. 07NOV17 SCMP / Felix Wong

***ONE TIME USE ONLY, PLEASE CLEAR THE COPYRIGHTS BEFORE RE-USE - OTUO*** A 30-year-old suspect was arrested in connection with cyberattacks in which the computers to two travel agencies in the city were hacked and their clients' sensitive personal information held for ransom. 08JAN18 PHOTO: SCMPHOTO

Who carried out unprecedented Singapore cyberattack? Experts are pointing to ‘state actors’

Singaporean Prime Minister Lee Hsien Loong. Photo: AP

epa06900333 Singapore's Minister for Communication and Information S Iswaran (L) and Singapore's Minister of Health Gan Kim Yong (R) give a press conference on a recent breach of health data, in Singapore, 20 July 2018. According to media reports, hackers have gained access to health data of about 1.5 million people who had visited hospitals in Singapore between 2015 and 2018. EPA-EFE/MARK CHEONG/SPH SINGAPORE OUT EDITORIAL USE ONLY

Singapore firms could have lost billions that would amount to six per cent of city state’s GDP through cyberattacks

Cyber attacks on companies in Singapore could have amounted to US$17.7 billion in economic damage in 2017. Photo: Microsoft