"A Timeline of Singapore and Spyware" 8 February 2022

Recent years have seen a drastic rise in news coverage on states' use of spyware, which has drawn controversy because of its use against not only national security threats, but also civilian targets such as activists and journalists.

Across these stories, a small but recurring thread is Singapore's presence in leaks and coverage of controversial spyware firms — from FinFisher to Hacking Team to Ability to QuaDream. This article compiles these instances in a single accessible timeline:

2013: Internet monitoring device used in Singapore

A 2013 Citizen Lab report revealed that Packetshaper was used in Singapore. Packetshaper is a device created by US-based company Blue Coat Systems that is capable of monitoring web traffic and filtering the internet...

2015: Singapore company listed as client of FinFisher

A Wikileaks release listed Singapore company PCS Security as a client of FinFisher. FinFisher is a German firm that sells spyware exploiting bugs in popular software such as iTunes or Microsoft Word to take control of or extract information from a target device...

2015: Singapore listed as client of Hacking Team

A Singapore government body (the Infocomm Development Agency) was listed as a customer in the leaked data of surveillance tech company Hacking Team. This Italy-based firm marketed itself as providing "effective, easy-to-use offensive technology to the worldwide law enforcement and intelligence communities" — but a Citizen Lab report points to links between Hacking Team and the government agencies of 21 mostly non-democratic or authoritarian states...

2017: Singapore reportedly a client of Ability Inc.

Ability Inc, an Israeli surveillance company specialising in cellphone snooping technologies, faced a leak and lawsuits over its misconduct...According to Forbes, clients in Singapore spent 5 to 7.5 million USD on Ability's technology...

2018: Pegasus and the NSO Group

A 2018 Citizen Lab analysis found suspected Pegasus spyware infections in 45 countries, including Singapore. The Israeli spyware firm behind Pegasus, NSO Group, became subject to intense media scrutiny in 2021, after revelations that Pegasus was used against journalists, activists and politicians by government agencies across the globe...

2021: Singapore user(s) targeted by Candiru

A Microsoft investigation found over 100 victims of Candiru, and identified at least one victim located in Singapore...

2021: Singapore firm COSEINC blacklisted by US

A Singapore-based cybersecurity firm, COSEINC, was blacklisted by the US in 2021. COSEINC was blacklisted alongside high-profile firms that have drawn intense controversy over their surveillance of politicians, journalists and activists...

2021: Singapore journalists potentially targeted by cyber mercenaries

Singapore journalists Kirsten Han and Terry Xu shared on social media that they received a security notice from Facebook, warning them "that a sophisticated attacker may be targeting your Facebook account."..

2022: Singapore reportedly a client of spyware firm QuaDream

A Reuters investigation found that another spyware firm had been exploiting the same flaw in Apple's software used by NSO Group's Pegasus spyware. The firm, QuaDream, is a smaller Israeli firm that also develops hacking tools intended for government clients...