Malaysian hacker jailed in US


By JOSEPH KAOS Jr  joekaosjr@thestar.com.my

WASHINGTON: A US District judge sentenced a Malaysian to 10 years in prison for hacking into the US Federal Reserve and other banks.
United States - Federal Reserve System

Lin Mun Poo, a Malaysian citizen, had admitted earlier this year to hacking into the US central bank, various private financial institutions and possessing stolen bank card and credit card numbers, officials said.

According to AFP, he also admitted to hacking into a Fed computer server and installing a malicious software code there.

Lin, who is from Ipoh, travelled to the United States in October last year “for the purpose of selling stolen credit card and bank card numbers” but a purchaser was in fact an undercover US agent, according to prosecutors.

When he was arrested, Lin held over 122,000 stolen bank card and credit card numbers.

The US Justice Department said Lin’s “cybercrime activities also extended to the national security sector”, including hacking into the computer system of a Pentagon contractor that provides systems management services for military transport and other military operations.

“Today’s sentence sends the message to hackers around the world that the United States is no place to conduct their business,” US Attorney Loretta Lynch said in a statement on Friday.

Dhillon Andrew Kannabhiran, founder and chief executive officer of hackers community Hack in The Box, said the stiff 10-year sentence was meant to deter hackers from hacking into government networks.

“Details of the case are not clear to me, but you can argue that 10 years for computer crime is harsh by any standards,” Dhillon told The Star.

“It’s definitely a sentence which is meant to send a message.”

Dhillon said the hacker was “asking for trouble”.

“Hacking is a tool. Just like a knife can be used by a chef to prepare a meal or to stab someone. It is your motives that sets you apart. People who use their skills to commit financial fraud are not hackers, but just criminals,” he said.

Lin, according to a fellow hacker, deserved his punishment.

“Most hackers have the skills to breach a computer security system. But once you use your skills for malice, then you have committed a crime,” said a computer security consultant who wished to be identified as Sam.

“If you are caught, you deserve to be punished like any other criminal.”

Sam said most people with hacking expertise, like himself, were hired by companies to “test” their computer security system.

“Most of us use our skills to make a decent, legitimate living.”

Related post: 

How to check if a Web site is safe?


How to check if a Web site is safe

http://www.cnet.com/av/video/embed/player.swf

Have you been phished? Whether you use a Mac, Windows, or Linux, iOS or Android, there’s a real strong chance that somebody has sent you an e-mail or text message in an attempt to get at your personal information. Data means money, and you’re a big ol’ dollar sign to the bad guys.

The best recommendation I can offer is to browse smart. That means you ought to always double-check the URL of your banking site, social networking site, and e-mail site before you log in. Most browsers, including Firefox, Chrome, and Internet Explorer, now include a color-change on the left side of the location bar to indicate that the site has been verified as legitimate. It’s always a good idea to type in the URL by hand, and to never follow links from an e-mail. Also, checking for HTTPS instead of the less-secure HTTP is a good idea, although HTTPS isn’t foolproof.

But what about that link to some ostensibly hilarious video your best friend just posted to Twitter? There are several services you can use to verify a link. Google Safe Browsing is a good place to start. If you type in that URL, you can then enter in a site name or an IP address to find out if it has hosted malware in the past 90 days.

Another similar service is hpHosts. Enter a site into the search box and its database will tell you if the site has been used to distribute malware or phishing attacks. HpHosts gives you more-detailed information than Google Safe Browsing, if you’re into that kind of thing. Two other excellent services are Norton Safe Web, from Symantec, and Unmasked Parasites. Pop in the URL, and you’re good to go. Or if the site comes back as unsafe, don’t go.

Many security suites come with browser add-ons to check links you click on the fly, and those work fairly well at scanning your search results and adding icons to indicate if a link is safe or not. If you don’t have a suite, AVG LinkScanner (download for Windows | Mac)is a free add-on that works with both Windows and Mac, and AVG’s free Mobilation Android app (download) or Lookout Mobile Security (download) will block malicious links on your Android device.

Sadly, iPhone and iPad users are out of luck. Even though phishing over social networking has been proven to work on iOS devices that haven’t been jailbroken, Apple doesn’t allow such link-checking apps. Feel free to recommend your favorite in the comments below.

Newscribe : get free news in real time

Mother of all scams – Many fall for Bukit Aman scam,Syndicates clone caller IDs of enforcement agencies


Many fall for Bukit Aman scam

By AUSTIN CAMOENS austin@thestar.com.my 24/8/11

PETALING JAYA: We have heard of the Nigerian 419 scam, the AL-Globo lottery scam, but the Bukit Aman scam must surely be the mother of all scams.
Part of Bukit Aman's police facilities, as see...Image via Wikipedia
A syndicate posing as police officers from Bukit Aman has been ripping off unsuspecting victims of hundreds of thousands of ringgit by claiming that they are being investigated for alleged money laundering.

Their latest victim is an elderly woman who lost about RM260,000.

Relating the ordeal, the woman who only wanted to be known as Margeret, in her 60s, said she received a phone call on Aug 18 from a man claiming to be a police inspector from Bukit Aman.

She said the “officer” told her that she was being investigated by the Hong Kong police over dealings with two drug dealers there.

“The officer told me that if I did not cooperate fully with police investigations, I would be extradited to Hong Kong to face charges for the offence,” she told The Star yesterday.

Margeret said the officer then passed to her the number of a senior police investigator in Hong Kong to verify the matter.

“I called the number given and a man claiming to be a police officer warned me that I was being investigated together with 28 other people for alleged dealings with drug dealers there,” she said, adding that the man told her to cooperate fully with the police here.

She said she then received another call from a senior police inspector in Bukit Aman who asked her to transfer all her money into an account provided by them.

“They said this was to help them verify that the funds were not linked to drug dealers in Hong Kong,” she said, adding that she transferred a total of RM260,000 from five separate banks to the police here.

Margeret said the officer told her to transfer any additional funds she had to facilitate police investigations failing which she would be arrested.

“I told them that I had an additional RM128,000 in a fixed deposit account in Temerloh, but I could not withdraw the money until the next day.”

Fearing something was amiss, she lodged a police report with the Mentakab police.

Federal Commercial Crimes Investigations Department (CCID) deputy director Deputy Comm Datuk Tajuddin Md Isa said police were investigating the case and appealed to the public to contact Bukit Aman to verify the calls.

Syndicates clone caller IDs of enforcement agencies

By AUSTIN CAMOENS and RASHITA A. HAMID newsdesk@thestar.com.my

PETALING JAYA: Syndicates are using special technology to dupe unsuspecting victims into believing they are being called by real law enforcement agencies.

The Voiceover Internet Protocol (VoIP) technology is used to replicate phone numbers of the police, Bank Negara and other government agencies.

“The victims do not know they are being duped as the caller ID is identical to the real number of the relevant authority,” Federal head of CyberSecurity and Multimedia Investigation Division Asst Comm Mohd Kamaruddin Md Din told The Star, referring to reports on the Bukit Aman scam.

VoIP is a family of technologies, communication protocols and transmission techniques for the delivery of voice communications and multimedia sessions over Internet Protocol (IP) networks, such as the Internet.

The modus operandi of the syndicate involved in the Bukit Aman scam was to tell victims that they were being investigated by Hong Kong police for money-laundering activities.

“The syndicate then tells the victims that they must transfer all their savings into an account which is provided by the syndicate in order to verify that the funds are not linked to any cases,” ACP Kamaruddin said, adding that victims were told the money would be transferred back to their accounts once Bank Negara had completed investigations.

He said there had been 76 such cases reported nationwide amounting to losses of more than RM3.05mil between January and June this year.

ACP Kamaruddin advised the public to immediately contact the relevant authorities if they received such calls.

He said there had been a total of 367 cases involving bogus police, bank and government officials between January and June this year, resulting in losses of more than RM10mil.

“Last year, there was a total of 996 cases amounting to about RM17.4mil in losses,” he said, adding that in most cases the money could not be retrieved as the syndicates operated from outside the country.

Hackers, not all hack for the heck of it! Who are the anonymous hackers? Beware of Seduction!


By HARIATI AZIZAN sunday@thestar.com.my

Some do it for fun or fame, others to make a political statement. But a bigger number of hackers are now doing it for money.

THEY brought down the CIA website and attacked Sony, Nintendo and a few tech companies with links to FBI and the US Senate. They wanted to expose the online weaknesses of these entities, “for the Lulz”, they bragged.

But what is grating the American authorities and security experts most about the group who carried out the cyber attacks, Lulz Security, an offshoot of the notorious activist hacker group Anonymous, is that they used basic hacking “tools” available for free online.

One irate network security expert, Paul Ducklin of Sophos, even branded them “a bunch of schoolboys” who did something as intellectually challenging as “boasting in the playground about who’s got the hottest imaginary girlfriend”.

Beware: A hacker group threatening to attack Malaysian government websites.

It sounds like sour grapes to me, laughs a local IT student and part-time hacker who only wants to be known as “W”.

“This is the democratisation power of technology; it is now easy for anyone to start hacking,” he says.

Technological advancement has inadvertently lowered the bar for hacking, concurs Nigel Tan, the Asia-South principal consultant at online security company Symantec Corporation (Malaysia).

“In the past you have to write the programme yourself. Now there are toolkits available online, and you can create your own malware easily using these toolkits,” he says.

Symantec believes that the availability of these kits are likely responsible for the increase of malicious attacks on the Internet.

As its recent Internet Security Threat Report showed, there were more than 286 million new cyber threats last year, compared with 120 million in 2008.

But you don’t really need statistics to show how rampant cyber attacks are growing.

Since last December, the world has been bombarded by a flurry of hacking incidents the highest-profiled possibly being the hacking of PayPal, MasterCard, and Visa by Anonymous in support of WikiLeaks’ Julian Assange.

In March, the database of marketing group Epsilon was rampaged and millions of email addresses were stolen. In April and May, Sony’s PlayStation network was attacked, more than once, exposing some 77 million users’ data.

And in the past three weeks, the security of the International Monetary Fund, CitiBank, the Spanish police, Google, the CIA and our own government websites was breached.

While many of the hackers prefer to remain in the dark corners of the Internet, there seems to be an increase of groups like Lulz and Anonymous who want to grab their 15 minutes of fame for their hacking activities.

New breed

In their claim to fame, Lulz went as far as to open up a hotline to get public suggestions for their next target. The hotline number is said to spell out LULZSEC and callers are reportedly greeted by a male voice heavily tinged with a French accent, which then apologetically explains that “Pierre Dubois and Francois Deluxe” are unavailable because they are “up to mischief on the Internet”.

The group is obviously relishing the limelight, publicly taunting the authorities, not even bothering to hide (or purposely exhibiting) their telephone area code.

Despite their pop cultural references they use the Guy Fawkes masks popularised by the comic book and movie V for Vendetta for their public image Anonymous is less playful.

The “hacktivist” group’s activities are self-proclaimed as acts of political activism. In its attack on the Malaysian government websites, for instance, Anonymous announced that it was a protest against the Government’s decision to block a few file-sharing websites, which they claim is an infringement of Malaysians’ human rights.

The open stance aside, the real identities of these two groups are difficult to detect, as international security personnel who have been tasked to trace them are discovering.

Anonymous, which has been around for almost a decade, for one, is a loose group made up of an indefinite number of members.

As one admirer was quoted: “If you claim you are a member of Anonymous, then you are a member.”

There is a cautionary tale on the web of how one man, HBGary Federal chief executive officer Aaron Barr declared war on Anonymous, only to find himself at their mercy.

In February, Barr had claimed that he had successfully uncovered the real identity of the group’s top honchos and announced that he would expose them. Before he knew it, his website was hacked and his database compromised. Important files were deleted while his phone system was crosswired.

Anonymous also took control of the company’s email, leaking confidential business emails and dumping thousands of others. The whole attack cost HBGary Federal million-dollar losses and he retracted his claims.

As Anonymous announced later, the company was taken down by five of its members, which included a 16-year-old girl, another slap in Barr’s already burning face.

A young Malaysian hacker who only wants to be known as Ahmad shares that many of his peers look up to Anonymous not only because of their political activism but also their technical prowess.

Says the IT student, “It is now easy to hack into different systems, but it is not easy to cover your tracks. Anonymous is master at it.”

Ahmad, however, concedes that he finds it strange that Anonymous has targeted Malaysia. “Sure, they have clearly stated their intentions, but I am still trying to wrap my mind around what it has to do with them. Why is Malaysia important to them?”

W believes that the web may be the final frontier for activism, as promoted by Anonymous and the growing breed of hactivists. “In the last few years, the Internet has been a useful tool for activists to get their message out and to mobilise supporters. Maybe now it is time to carry out their activism campaign in cyberspace itself.”

When asked if he had taken part in the recent Anonymous-initiated cyber attack on Malaysian government websites, Ahmad profusely denies any involvement, but he admits that he and his friend have hacked into other websites before.

“We like to challenge each other, as a test of our IT skills. Many of us do it for fun, just to see if we can get in. We don’t steal the data or do any other harm. We have also hacked for classroom lessons’ after being assigned tasks of hacking into a few websites to learn about cybersecurity,” he reveals.

For many young hackers, he says, many do it to get noticed by security firms.

“It is still a new area and there are not many professional’ hackers those who work with security firms to hack into their systems after they install it to ensure that the systems are really secure. Then there are companies who hire hackers to test the security of new programmes. Our hacking activities are like our auditions or resumes,” he shares.

Symantec’s Tan, however, alerts that while these so-called harmless “fun hacking” and hacktivism activities appear to be growing, a bigger number of hackers are doing it for money lots of it.

“I believe that in the last few years, there was a major shift in hacking those who are doing it for fame or fun have decreased. Now hackers are doing it for money. It is big business. Those who are making a big noise are the minorities; more prevalent are those who are involved in the underground economy activities. They are more quiet and targeted in their attacks and would rather keep below the radar so that they can continue their work longer,” he cautions.

Who do the anonymous hackers represent?

THE STAR SAYS

THE flap over the hacker attack of the Malaysian Government’s portal has come and gone as swiftly as the click of a mouse.

However, the scale of the problem and the magnitude of the issues around it remain considerable.

To avoid unnecessary confusion, it is important to spell out the issues at stake before dwelling on the justness or otherwise of any particular motive.

In this specific instance, the hackers in the collective international identity of Anonymous had targeted the official websites of a sovereign nation.

Since it was not an attack on a political party or individual personalities but on an entire country’s online representation, the hackers are culpable of anything from vandalism to subversion.

The attack was also not against any sinister policy of the Government but rather against its obligated move to block file-sharing websites that allow unlawful downloading of films and music.

Thus Anonymous is merely a group of selfish persons seeking to benefit personally from the work of professional artistes at the latter’s expense.

Their motivation was therefore neither just nor defensible.

They are an accessory to illegal and unethical activities, if not also guilty of those activities themselves.

The fact that Malaysia became the first country in the region to block file-sharing websites does not detract from the rights and wrongs of the issues.

A country such as Malaysia has been besieged by various parties clamouring for better enforcement of laws against copyright piracy.

Whatever the record of such enforcement on the street, the clampdown on illegal file-sharing websites is certainly a plus especially when most infringements these days are being committed this way.

At the same time, for a government to resist Internet censorship despite the temptations is definitely commendable.

Attempts to liken Anonymous to Wikileaks are also grossly misplaced.

Wikileaks did not try to deface or destroy websites or to steal official secrets, but only to relay information of public interest to the public domain against the wishes of governments claiming to work for the public.

If hackers had any righteous values or morals, they would have applied their skills to attack websites spewing race hatred and child pornography, among others.

They fact that they do not, and that they have had to remain anonymous, speak volumes about their lack of scruples.

Seduction on the web

LIKE the spider luring the fly into his web, hackers are “seducing” their victims and luring them to their websites.

A major way for cybercriminals to obtain confidential data is by creating fake websites to host malicious software (malware) or to trick you into providing this information (phishing), says Nigel Tan, the Asia-South principal consultant at online security company Symantec Corporation (Malaysia).

Symantec’s study shows that spikes in hacking and phishing occur during major events in the world, like the recent British Royal Wedding or the tsunami tragedy in Japan.

Hackers take advantage of these events to get people to click on links to their fake websites so that they can steal people’s confidential information.

“It is human nature to get the latest update of an important global event or to see pictures of a tragedy. Hackers exploit this by sending emails with links for pictures or stories on the event or tragedy,” he says.

“When someone clicks on the link, they will be taken to the fake website where their confidentiality will be compromised or their computer may be affected.”

However, it remains a challenge to determine whether a website is genuine or fake other than the obvious spelling and grammatical errors (many fake websites are rush jobs) or shoddy infrastructure and programming.

Worse, sometimes you can go to a trusted website which has links to websites or advertising that may not be genuine and contain malware or phishing mechanisms.

Sometimes, all you have to do is to click the link and you will taken to a website that will affect your computer.

“We call this drive-by download,’” says Tan.

Password

Password is another easy prey for cyber criminals. With many websites out there now requiring users to register, most people are resorting to using personal information like date of birth or address as their password. Worse, people are increasingly using the same password for everything.

“It is understandable that people will not remember if they use different passwords, but the danger of using the same password for everything is that once a website or your email is compromised by a hacker, they will have access to everything else.”

Fortunately, it is not too difficult to strengthen your password, says Tan, advising people to use at least eight letters in a combination of capital letters, small letters, numbers and symbols.

If you use the same password, you can have variations on it by adding different letters or numbers or symbols, the significance of which should only be understood by you.

“Another effective safeguard is to segmentise your passwords by having one set of password for communication, another set for websites and another for banking and shopping online,” he elaborates.

Technology has also enabled hacking activities to be more targeted, so like those living in big houses in affluent areas who are targeted by burglars, those with bigger bank accounts or higher profiles, for instance, will be more susceptible to cyber attacks and need to be more vigilant on the Net.

Botnet alert

Another growing threat is hackers using our identity or computer to launch an attack.

Citing the recent gov.my hacking as an example, Tan says that while an individual may not be a direct focus target of most hackers, they may be a part of the attack without realising it.

The more common modus operandi is for hackers to use our personal information to get access to their target website. A method that is growing rampant is to control our computer to do their dirty work.

Explains Tan: “Now, hackers do not create malware to crash the computer, they want it to be alive. What they do is to plant malware called botnets (which are like sleeper spies) that will stay quietly in the background in your computer until they are activated by the Master to hack into official websites or to send spam emails that will phish information or crash a website.”

For example, if a hacker wants to spam people, they will just activate the malware they have planted in the different computers around the world and something like a pyramid scheme will be at work (the number of spams spread exponentially).

“The computer owner may not be doing anything but his or her computer will be hard at work. This trend is growing, especially now with broadband; so many people are connected 24 hours a day, even when they are asleep,” says Tan.

It is thus vital that people ensure that their computers are well-protected.

“One thing to remember is that although it is getting easier for cyber criminals and hackers to attack us, it is also getting easier for us to protect ourselves. The problem is that people just don’t do it,” he notes, adding that it is also important to ensure that your software and programmes are up-to-date as older computers with outdated software are the most prone to attacks.

Ultimately, he stresses, it boils down to common sense.

“Typically, you won’t walk into a dark alley or you won’t give a stranger your IC number, so you should not do the same on the Net,” says Tan.

 

 

Related Stories:

Tackling cyber piracy needs careful planning; Hackers mainly locals

Malaysia Websites hacked but not whacked after threatened; time to build secured websites!

Beware of criminal hackers
Meet the good hackers

Tackling cyber piracy needs careful planning; Hackers mainly locals


Friday Reflections – By B.K. Sidhu

So much has been said and written about the blocking of sites and hacking the past few days.

But one phrase that keeps popping up is “freedom of information.” The blocking of sites is seen as going against freedom of information even though it is part of the fight against piracy.

Over the past few days some businessmen in the country have received calls from their counterparts abroad asking if Malaysia was indeed coming on strong on censorship of the Internet.

Internet has become such a powerful tool for many people, be it for work, education, play and entertainment. Sending the wrong message can of course trigger a lot of thoughts of safety to stability especially when we as a country need foreign direct investments.

The question here is not about what the Domestic Ministry or Malaysian Communications & Multimedia Commission (MCMC) can or cannot do. It is about why they blocked the sites and why those particular sites.

When it is done without proper explanation, it only creates mayhem and doubts in people’s minds. One must remember that a lot of people the world over download stuff for free and anyone who has a broadband connection can assume that free downloads is a given because he is paying for the connection.

Then the question of enforcement comes to play. If you want to fight piracy on the web then fight it on the streets too, why allow pirated DVDs to be sold but sites are blocked.

If there are roadblocks then there should be on both ends or else the question of who we are protecting – the copyright holders or someone else – will arise.

To recap – the telecoms industry regulator, MCMC, ordered ISPs to block 10 file sharing sites at the request of the Domestic Ministry in the name of fighting piracy. These sites are used for file sharing to download music, songs, games, homework, and to do business.

One ISP did as it was told by the regulator but little did they know that they would get so much flak for that action. To explain, it posted the MCMC letter. This letter was meant to be confidential to the ISPs but it landed on the net and was circulated widely.

It did not take much time for the cyber community to retaliate over the blocking of sites and to vent their frustrations they lambasted the Government via the net. To them it was a privacy intrusion and against the MSC Malaysia Bill of Guarantees which states that the Government will not censor the Internet.

So angry were they that a Facebook account – “1M Malaysians Don’t Want Block File Sharing Websites” – was created for people to air their grouses. “What they did was akin to using a mega bomb to kill one terrorist,” someone said of the blocking of the 10 sites.

The sites were blocked because there was an element of pirated content and according to some experts, this is a lucrative business especially for certain parties as they host the free content but some do charge VPN services to “cloak” the content.

Ironically, the IP addresses of those sites were from the same place and 40% of IP transit traffic out of Malaysia is said to land there and the blocking action could have hurt someone’s rice bowl.

The whole blocking episode and all the grouses caught the eye of hackers who threatened to hack government sites in retaliation.

They did so on Wednesday night and 41 sites were compromised. This is not the first block or hack, and it would not be last in the Internet era. Internet has both good and bad sides. It is up to the policy makers to take heed of what the users want; don’t brush them aside as social media has somewhat become an avenue for people to air their grouses.

Today they can block 10, 20 or even 30 sites, but there will be an equal number of proxy sites which will offer free downloads. So while an explanation is needed for the blocking of sites, there also is a need to take Internet users on an educational journey to explain what is legal and illegal, what is piracy and what is downloadable, what is cyber security and how to safeguard.

One cannot assume everyone knows all that.Also, not many are willing to pay for content because there is free content out there.

Without a well thought out plan on how to tackle piracy, any effort will be futile and users will be left frustrated.

Deputy news editor B.K. Sidhu is glued to The World Is Flat.

90% of hackers attacking govt, private websites are locals

PUTRAJAYA: Ninety per cent of the hackers who attacked 200 government and private websites in the past four days were locals, said Science, Technology and Innovation Minister Datuk Seri Dr Maximus Ongkili on Friday.

He said the police and the relevant agencies were now in the process of identifying them.

“We have come to know that most of the hackers were locals, not from, abroad,” he told a press conference here.

He said this when asked to comment on the group calling itself ‘Anonymous’, which claimed to be based abroad and threatened the attack the government’s official portal, http://www.malaysia.gov.my.

Maximus said that as the head of the ministry that promoted the safe use of the Internet and handled the infrastructure that dealt with cyber security, he appealed to Malaysians to use the Internet professionally for education and the development of the country.

“Because you cannot go very far when you want to do criminal activities within cyberspace itself,” he added.

Asked whether the Cabinet had made any decision to form a special task force to solve this problem, he said he could not confirm that yet. – Bernama

Related Stories:

Malaysia Websites hacked but not whacked after threatened; time to build secured websites!

Hackers, not all hack for the heck of it! Who are the anonymous hackers? Beware of Seduction!

Govt won’t filter Net despite attacks, says DPM
DPM: Govt takes serious view of hacker issue

Malaysia Websites hacked but not whacked after threatened; time to build secured websites!


Warning: The graphic with Anonymous’ threat that was posted online.

Two hackers disrupt 51 Malaysian government Websites, and 40 others

Thursday, 16 June 2011

A woman browses the Internet at a cyber cafe in Kuala Lumpur. (File photo)

By LIAU Y-SING AND NILUKSI KOSWANAGE REUTERS KUALA LUMPUR

A woman browses the Internet at a cyber cafe in Kuala Lumpur. (File photo)

Fifty-one Malaysian government Websites were hacked into overnight but no personal or financial data was compromised, government officials said on Thursday, as the nation became the latest target of a cyber-war waged by online activists.

The Southeast Asian country has a vibrant Internet culture that has gained a mass following in an environment where the mainstream media is tightly controlled.

The government has in the past charged bloggers with sedition, often detaining suspects for long periods without trial.

 In the attacks, 91 websites were hit including 51 government Websites, the industry regulator, the Malaysian Communications and Multimedia Commission, said on Thursday.

Access to 76 of the 91 Websites attacked since shortly before midnight on Wednesday had been recovered, it said.

The attacks followed a warning by Internet vigilante group Anonymous, which said it would attack the government’s official portal to punish it for censoring WikiLeaks, the Website that aims to expose governments and corporations by leaking secret documents.

“Most government-related Websites are (now) accessible to the public and have either not been affected by the service outages or have recovered from the attacks,” the commission said.

It did not name the sites which were attacked but targets included the government’s online portal http:www.malaysia.gov.my, and the Web pages of the fire and emergency services department http://www.bomba.gov.my and the land public transport commission http://www.spad.gov.my.

Malaysian police chief Ismail Omar told Reuters no personal or financial data had so far been stolen but the authorities were trying to determine the extent of the attacks.

It was not immediately clear if the attacks were launched by Anonymous or other hackers.

Anonymous is a grouping of global activists lobbying for Internet freedom who frequently try to shut down the Websites of businesses and other organizations that they oppose.

The activists gained prominence when they temporarily crippled the websites of MasterCard and Paypal that cut off financial services to WikiLeaks.

A spate of cyber attacks on multinational firms and institutions, from the US Central Intelligence Agency to Citigroup to the International Monetary Fund, has raised concerns that governments and the private sector may struggle to defend themselves against hackers.

In an earlier Internet posting, Anonymous said Malaysia’s censorship of films and television shows and its blocking of file-sharing Websites amounted to a denial of human rights.

The communication commission last week banned 10 file-sharing sites and ordered Internet service providers such as Telekom Malaysia and Maxis to block access.

The restrictions have outraged ordinary Malaysians, and several people took to Twitter to express support for the cyber-attacks.

“Now to count how many sites have gotten whacked so far,” said a tweet posted by Rhyden. “I knew the government’s IT defence team was pathetic.”

(Additional reporting by Razak Ahmad; Editing by Nick Macfie)

IT defence team pathetic

The activists gained prominence when they temporarily crippled the websites of MasterCard and Paypal that cut off financial services to WikiLeaks.

A spate of cyber attacks on multinational firms and institutions, from the US Central Intelligence Agency to Citigroup to the International Monetary Fund, has raised concerns that governments and the private sector may struggle to defend themselves against hackers.

In an earlier Internet posting, Anonymous said Malaysia’s censorship of films and television shows and its blocking of file-sharing websites amounted to a denial of human rights.

The communication commission last week banned 10 file-sharing sites and ordered Internet service providers such as Telekom Malaysia and Maxis to block access.

The restrictions have outraged ordinary Malaysians, and several people took to Twitter on Thursday to express support for the cyber attacks.

“Now to count how many sites have gotten whacked so far,” said a tweet posted by Rhyden. “I knew the government’s IT defence team was pathetic.”

The country has a vibrant Internet culture that has gained a mass following in an environment where the mainstream media is tightly controlled. The government has in the past charged bloggers with sedition, often detaining suspects for long periods without trial.

- Reuters

Websites hacked before deadline set by hacker group

Update by SUBASHINI SELVARATNAM bytz@thestar.com.my, Thu June 16, 2011

PETALING JAYA: Local websites have been hacked ahead of the deadline set by a foreign-based hacker group, Anonymous, that said it would attack the Malaysian Government portal at 3.30am today.

On the micro-blogging site Twitter yesterday evening, there were reports that 27 sites in total had been hacked.

But these were not named and there was no confirmation from the authorities as to the accuracy of the tweets.

Among the sites known to have been hacked was the Sabah Tourism website, www.sabahtourism.com. The defaced site was spotted early yesterday by the chief executive of a company that organises security conferences.

“A portion of the website was deleted when I saw it,” said Dhillon Andrew Kannabhiran, who heads Hack In The Box (M) Sdn Bhd. “I had just returned from an overseas trip.”

The Sabah Tourism website has since gone offline.

F-Secure Corporation (M) Sdn Bhd, a computer security software company, corroborated Dhillon’s account.

Goh Su Gim, its security adviser for Asia, said the Sabah Tourism site was compromised.

“Worse still, the data from 392 user accounts were stolen from the site and released to the public,” he said.

The data that was posted online were e-mail addresses and passwords.

On the webpage where the hackers posted the data, they claimed they had the details of more than 3,400 users from the Sabah Tourism site, but they were only exposing the 392.

The hackers also claimed to be Anonymous members and that they meant no harm, and only wanted to show the vulnerability of this site.

According to Dhillon, the www.tourmalaysia.com.my site was also hacked and defaced yesterday. He had checked the site after viewing the hacked Sabah Tourism website. It was defaced with words that included “Deface by Kambeng Merah: Credit to DarkJawa.”

Another website hacked was www.cidb.gov.my, which belongs to the Construction Industry Development Board (CIDB).

It was defaced with a long message that scolded the Government for censoring the Internet. However, a while later, the site was back to normal.

Dhillion said he believed these sites may not have been hacked by Anonymous.

“The hacker group is into co-ordinated attacks and keeps to its word when it comes to launching its attacks,” he said. “These are likely independent hackers taking advantage of the publicity.”

CyberSecurity Malaysia, responsible for the nation’s borders in cyberspace, confirmed that several websites were hacked. But it declined to say how many and which were the sites.

“At present, we are not able to elaborate further,” said Lt Col (Rtd) Datuk Husin Jazri, chief executive officer of CyberSecurity.

He said rectification works were being conducted by the relevant authorities to address the situation.

Anonymous had threatened to hack the www.malaysia.gov.my portal to protest against the Government’s censorship of the Internet and because Malaysia had blocked 10 filesharing sites.

These sites were among the most visited by Malaysians to illegally download movies.

Related Story:

Tackling cyber piracy needs careful planning; Hackers mainly locals

Hackers, not all hack for the heck of it! Who are the anonymous hackers? Beware of Seduction!

Foreign-based hacker group plans to strike websites

PETALING JAYA: A hacker group has threatened to attack the www.malaysia.gov.my website.

The group, which calls itself Anonymous, will launch the attack at 3.30am Wednesday and has named it “Operation Malaysia.”

It posted the threat in a graphic on the website i.imgur.com/PTFWh.png Tuesday.

Several local hackers, when contacted said at minimum the government portal would be defaced and at worse it would be brought down.

But they said the worst would be that the hackers pry personal, credit card or financial data from a government website, or an e-payment concessionaire such as MyEG.

Mikko Hypponen, chief research officer at the F-Secure Corporation a computer security software company based in Helsinki, Finland tweeted about the threat at 4.42am Malaysian time yesterday.

Several hours later, Anonymous announced its reasons for wanting to attack the government portal, which were posted in an open letter that started with “Greetings, Malaysia …” on a website and in a video on YouTube.

It said it was acting against what it claimed were various acts of censorship by the Malaysian Government and also because of the recent move to block file-sharing sites in Malaysia.

Anonymous also accused the Government of censoring films and TV shows, and for restricting the Internet which it said was a basic human right.

“We fear that if you make further decisions to take away human freedom, we are obligated to act fast and have no mercy,” the group said in its statement.

On YouTube, a video featured a digitally-generated voice that read out the group’s message.

There had been an uptick in such “hacktivism” in recent weeks, where hacker groups targeted various organisations for political purposes.

Recently, the hacker group launched attacks on Turkish Government websites for alleged Internet censorship. Following that incident, Turkey arrested 32 people, suspected to be Anonymous members.

Related Stories:

Hackers, not all hack for the heck of it! Who are the anonymous hackers? Beware of Seduction!

Tackling cyber piracy needs careful planning; Hackers mainly locals

Time to build better – and secure – websites

Star Says………..

CYBERSPACE can be a worrisome place for nations and everyone else because there are no physical borders to block. Anywhere really is everywhere in the vast World Wide Web.

A hacker who is physically on the other side of the planet can at the same time be as near as the computer next to you, or even on your own computer, on the Internet.

So it is disconcerting to read about websites, especially those belonging to the Government, being compromised. This just rams the message home – i.e. distance is no safety factor.

It’s even worse to learn about these sites getting hacked almost as soon as they’re launched, like as the 1Malaysia Pengguna Bijak (1MPB) portal was recently. And before that, the portal had gone down just after it went online.

Some of these government websites were easily hacked due to poor construction – such errors being the equivalent of leaving the back door to your home ajar in the real world.

Malaysia has already been plagued by several embarrassing incidents – involving what could be a dearth of construction skills, a widespread tidak apa attitude or, more disappointing, attempts to cheat – where parts of prominent buildings collapsed.

It seems that even in cyberspace, Malaysia cannot get away from such incidents. Case in point: the 1MPB portal going down because it had 3.5 million hits instead of the estimated 300,000 to 400,000 after its launch.

Wouldn’t that be like saying a new bridge collapsed because the construction company thought only 300,000 to 400,000 vehicles would cross it on the first few days, when 3.5 million actually showed up?

Ridiculous, right? Poor planning, too. That excuse would not hold up in the real world, but it seems to be frequently used and accepted by some when it comes to cyberspace matters.

Especially painful is that it cost the taxpayers RM1.4mil to build the 1MPB portal. For that amount of money, we expect an equally huge amount of skilled programming work and very strong network security.

Instead, several vulnerabilities in the coding of the portal were exploited, and the hackers were able to extract usernames, e-mail addresses, encrypted passwords and other information, which could be used for identity-theft activities.

Which brings up the question of how vulnerable the other portals and websites are. What if hackers breach really important sites like that of the Inland Revenue Board? Or that of the Employees Provident Fund? It’s one thing to hack into a site and deface it, quite another if the public loses money or personal data from such attacks.

So, are our portals and websites up to scratch? We are about to find out. And soon, because a hacker group has said that it will hack into malaysia.gov.my, the official portal of the Malaysian Government, at 3.30am tomorrow.

The group, named Anonymous, said it would hack the portal because the telecommunications industry watchdog in Malaysia – the Malaysian Communications and Multimedia Commission – had ordered several file-sharing websites to be blocked by local Internet Service Providers, among other reasons.

If the site does get hacked, we will bounce back. But we hope that it will also result in a wake-up call for Malaysia’s portals and websites that security shouldn’t be taken for granted and has to be built from the ground up.

If there isn’t one, there should be unified strategy and specifications for existing and future government portals and websites, which the developers must adhere to. The owners of these websites must also ensure that all the requirements are met, and that there are regular upgrades and security patches.

Sadly, this initiative will likely come after the disaster. But then again, Malaysia seems able to learn its lessons only after a calamity hits.

U.S. Military, Businesses Seek Better Defenses on the Inside


Credit: Technology Review

By Robert Lemos

Research projects at the Pentagon highlight the need to prevent data theft that happens within an organization’s walls.

For most of the history of the Internet, companies and government agencies have split networks into two categories: internal, trusted systems and external, untrusted ones. The most common approach to security has been to erect a wall that treats data and communications as potentially dangerous if they come from outside and safe if they come from within.

Yet some of the most serious breaches, such as the massive handover of U.S. State Department cables to WikiLeaks late last year, come from corporate and government insiders. Even if they mean no harm, insiders can present security risks: several major data breaches have occurred after attackers tricked employees into downloading malicious software that took hold inside the organization’s firewall.

“In the early 2000s, you would see a lot of organizations focus on outsiders exclusively,” says Joji Montelibano, who leads the insider-threat technical team at the Software Engineering Institute’s CERT program at Carnegie Mellon University. “With the prevalence of information technology everywhere now, the ways an insider can harm an organization have increased dramatically.”

In hopes of counteracting the trend, the Defense Advanced Research Projects Agency (DARPA)—the research arm of the U.S. military—has called for research that would improve the government’s ability to identify threats from within. DARPA is taking a two-pronged approach: last August, an agency project named Cyber Insider Threat (CINDER) called for proposals for better systems to detect attackers who have already compromised a network. Two months later, DARPA launched Anomaly Detection at Multiple Scales (ADAMS), to detect insiders just before or after they go rogue.

The proposed ADAMS technology will likely model typical user behavior and alert managers when a user is acting off-profile. Such a system, for example, could have caught Bradley Manning, the U.S. intelligence analyst who is alleged to have leaked the diplomatic cables, by warning officials that Manning had suddenly accessed thousands of cables from his computer.

“If I’m trying to get information out of my company, I’m probably going to start at the simplest level and work my way up—I would try to e-mail it to myself, I would try to post it to a website, or upload the file to a peer-to-peer network,” says Daniel Guido, a consultant with iSec Partners, who frequently tests firms’ security to identify potential weaknesses. “They are going to approach exfiltrating information outside the company in a very particular way, and if you think like they do, you will be much more effective” as a defender.

Related Articles

Breached Companies Say They Did All They Could

Executives for Sony and Epsilon, an e-mail marketing company, insist that they had tight security before they lost consumer data.

 

Making the Case for Security

Data security scholar Eugene Spafford argues that the subject needs to be taken more seriously at the highest levels of companies.

 

The Costs of Bad Security

Mounting threats to the security of information are forcing companies to make more sophisticated cost-benefit analyses when they craft their security strategies.

Newscribe : get free news in real time

Follow

Get every new post delivered to your Inbox.

Join 1,251 other followers

%d bloggers like this: