SINGAPORE, March 11 — Last week, a Russian media outlet leaked an audio recording of a confidential conversation between a group of senior German military officials, one of whom was staying in a Singapore hotel during the biennial Singapore Airshow during the call.
One of the officials, who is reportedly a general, had dialled into an online call on the web-conferencing platform Webex after using the wireless internet service provided by the hotel. The German authorities later established that the call was wiretapped by Russian security services.
In the midst of tensions in Europe due to the Russia-Ukraine war, the spilling of military secrets from a member of the North Atlantic Treaty Organisation (Nato) military alliance was seen as a human error.
The case has also raised questions here about the potential risks of using an unsecured network for official communication and how to ward off potential threats.
Miguel Berger, Germany's ambassador to the United Kingdom, said to British broadcaster BBC last week: "I think that's a good lesson for everybody: Never use hotel internet if you want to do a secure call."
Cybersecurity experts who spoke to TODAY last Friday (March 8) said that even though this incident was a targeted attack on the German military and did not negatively affect Singapore's national security, they warned of the need for everyone to be vigilant and not to take Singapore's cybersecurity measures for granted.
Kenny Yeo, director of cybersecurity practice Frost & Sullivan and its head of Asia Pacific, said: "(Singaporeans) are big users of technology, with high levels of mobile phones and connected devices, but even as this level of digital usage increases, our level of digital risk awareness must also increase."
TODAY takes a closer look at the alleged wiretapping incident that happened on Singapore soil, the various ways that bad actors can gain access to the data of someone using public Wi-Fi networks, as well as how internet and mobile gadget users can guard against such occurrences.
What happened
On March 1, Russia's state-run RT channel published a 38-minute-long audio recording in which German Air Force chief Ingo Gerhartz discussed highly sensitive military issues with three other high-ranking officials.
In the call, the group talked about the debate over Germany's possible delivery of long-range Taurus cruise missiles to aid Ukraine in their war against Russia, and also touched upon details of their allies' — Britain and France — operations in Ukraine.
In his investigation into the leak, German defence minister Boris Pistorius on March 5 found that one of the officials had dialled into the Webex call using either his mobile phone or the hotel’s Wi-Fi network, instead of using a secure line as would be expected for such calls.
RT identified the official as Brigadier General Frank Grafe, who was in Singapore for the Airshow that was held from February 20 to 25.
The first four days of the show were reserved for trade and military delegations which saw many high-ranking military officials in attendance, making it a target for possible surveillance by Russian security services.
The fact that such a high-level call was conducted on a widely-used platform like Webex also raised eyebrows in Western media, but German authorities have said that the officials used a secure, certified version of it.
Pistorius has insisted that German communication systems “have not been compromised”, but the incident has since sparked concerns about the threat of data leaks due to the use of unsecured networks.
How hackers gain access to data using unsecured networks
Using Webex or any other web-conferencing platforms that use end-to-end encryption to conduct conferences is generally safe as the applications are designed in a way that “protect you even when connected to a public Wi-Fi network”, said Kevin Reed, the chief information security officer of cybersecurity and data protection firm Acronis.
“Whether a public Wi-Fi network was used or not is actually not relevant, because even if you had used a public network to connect to an application on your mobile phone or laptop, the communication would be encrypted on the platform itself,” he said.
One possible explanation of how the call could have been wiretapped was if one of the participants had dialled into the call using his mobile phone, which created an unencrypted link between the phone and the platform for hackers to intercept the call.
“This traffic between your telephone and the gateway is not encrypted and so that's one of the opportunities for the eavesdropper then to listen in on your conversation,” Reed said.
Senior consultant at cybersecurity company Infinity Forensics Ali Fazeli said that another possibility would be through the setting up of a rogue Wi-Fi access point which can allow cybercriminals to intercept communication between a device and a website and steal data.
A rogue Wi-Fi access point is an unauthorised wireless access point created without the consent of the original network administrator. How this works is that the rogue access point will masquerade as a legitimate access point with the same name and security settings, luring users to connect to it where hackers would then steal their data.
For example, if an individual wishes to connect to a Wi-Fi network, they would have to select an access point to connect to. The rogue access point would then send a stronger signal to the user’s device, which would cause the device to automatically connect to it.
“If you connect to this fake network and not the actual access point, whatever you’re sending or receiving is going to go through this network and this way, (the hacker) can collect all your data,” Fazeli explained.
“By connecting to the fake access point, they can decrypt your data. It is also possible for them to install malicious apps or malware on your devices (with this method),” he said.
How to guard against such threats?
While public Wi-Fi networks are generally safe and useful because of their ease of access, cybersecurity experts said that when sending sensitive information, users should take note to ensure the network is strongly encrypted to avoid running the risk of having confidential data stolen by cybercriminals.
To ensure safety and privacy when connecting to a public Wi-Fi network, Reed said that users should first make sure that the software on all their devices should be updated to the latest version.
“The first thing is to update your software on your mobile phone or on your computer and make sure that you are using the latest software so that it has all the best protections in place,” he said.
Users should also use a virtual private network (VPN) to encrypt their network traffic when sending or receiving sensitive data over public networks so that cybercriminals are unable to access it, Fazeli said.
A VPN helps to establish a protected network connection when using a public network. Connecting to a VPN can encrypt a user’s network traffic and prevent data leakage when sending or receiving important information, providing an “added layer of security”.
Fazelialso suggested that users connect to a 4G or 5G mobile network on their devices instead of public access networks if possible, noting that they provide better signal, faster speed and a more secure connection than Wi-Fi.
Should users still need to connect to a public network, Fazeli said users should turn off the automatic Wi-Fi connection feature to prevent their devices from connecting to rogue access points without their knowledge and ask for the official Wi-Fi username and password.
“You can request from a coffee shop, hotel or any public space to provide the username and password to (the Wi-Fi network). And if you want to use any kind of communication applications, make sure you're using an end-to-end encrypted one such as WhatsApp or Telegram,” Fazeli said.
But even with such cybersecurity measures, Reed said the onus is still on users to be more discerning when connecting to a network.
Should a warning appear saying that the connection is not secure, or the security certificate does not match, individuals should disconnect from the network.
“I think that the important takeaway here is that despite the many cybersecurity efforts, we see that offensive cyber operations can still happen. The internet is ambiguous, and so there is a need to protect (ourselves) wherever we are,” Reed said. — TODAY