Bitcoin falls after exchange is hacked, US$72 mil stolen from Bitfinex exchange in HK

Securing the bitcoin trading platform has proved elusive.

The price of bitcoin fell sharply today exacerbating an already ongoing decline as global market participants reacted to news that one of the largest digital currency exchanges had been hacked. Bitcoin Drops Nearly 20% as Exchange Hack Amplifies Price Decline

The price of the virtual currency bitcoin fell sharply after Hong Kong-based digital-currency exchange Bitfinex said it was hacked, resulting in the possible theft of about $65 million worth of bitcoin.

News of the Bitfinex hack hit the price of bitcoin hard in heavy trading on Tuesday. It fell to $540 by late in the day, down about 12% from its level near $613 early Tuesday, according to CoinDesk. At one point, it traded as low as $480, down about 22%, though it recovered to about $548 by late morning in New York on Wednesday.

The hack marks one of the largest thefts in bitcoin’s short history and follows a separate alleged theft of an estimated $60 million worth of ethereum, a rival virtual currency, in June. In 2014, investor confidence in bitcoin also was dented by another larger cybersecurity breach, at the Japanese exchange Mt. Gox.

Hacking and thefts of investor property stand as two of the biggest issues that may prevent the fast-growing digital currency from gaining more widespread use. Bitcoin trades on an open ledger known as the blockchain that has excited technologists for its ability to cut out expensive layers of bureaucracy in various areas of commerce.

But securing the bitcoin trading platform has proved elusive. Tuesday, Bitfinex acknowledged the latest theft in a statement on its website and said it was halting all trading on Bitfinex as well as the deposits and withdrawals of digital tokens.

“The theft is being reported to—and we are co-operating with—law enforcement,” the statement said. “We are deeply concerned about this issue and we are committing every resource to try to resolve it.”

Zane Tackett, Bitfinex’s director of community and product development, confirmed that 119,756 bitcoins were stolen and said the company knows “exactly how relevant systems were compromised.” At Tuesday’s value, the amount of bitcoin stolen was worth about $65 million. Mr. Tackett said the company is working with law enforcement and analytics companies to try to track down the stolen coins and is working to get its platform back up so customers can check their accounts.

It wasn’t clear what percentage of Bitfinex’s overall assets were stolen or whether or not the company had adequate insurance to cover the theft.

“We are investigating the breach to determine what happened, but we know that some of our users have had their bitcoins stolen,” the statement added. “We are undertaking a review to determine which users have been affected by the breach. While we conduct this initial investigation and secure our environment, will be taken down and the maintenance page will be left up.”

In 2014, the Tokyo-based exchange Mt. Gox collapsed after a yearslong series of attacks resulted in the theft of about 850,000 bitcoins, at the time worth about $450 million. About 200,000 were later recovered. In June, Mt. Gox Chief Executive Mark Karpales was released from a Japanese prison on bail, after serving 10 months. The company’s liquidation is ongoing.

Bitcoin rallied earlier this year but had been selling off lately after an anticipated event known as a “halving” in early July lowered the subsidy paid to bitcoin miners supporting the network.

In 2015, Bitfinex switched to a system protected by what is known as “multiple signature” security, a feature that requires multiple “keys” to access bitcoin in a virtual wallet, and keeps the customers’ money in separate accounts, rather than pooling them into one larger account.

The exchange was fined $75,000 by the U.S. Commodity Futures Trading Commission in June for offering illegal off-exchange commodity transactions financed in bitcoin and other cryptocurrencies and for failing to register as a futures commission merchant. The CFTC said at the time that Bitfinex cooperated with its investigation and voluntarily made changes to its business practices to comply with regulations.


Bitcoin worth US$72 mil stolen from Bitfinex exchange in Hong Kong

A Bitcoin (virtual currency) paper wallet with QR codes and a coin are seen in an illustration picture taken at La Maison du Bitcoin in Paris, France, May 27, 2015.
Reuters/Benoit Tessier/File Photo

HONG KONG (Aug 3): Nearly 120,000 units of digital currency bitcoin worth about US$72 million was stolen from the exchange platform Bitfinex in Hong Kong, rattling the global bitcoin community in the second-biggest security breach ever of such an exchange.

Bitfinex is the world’s largest dollar-based exchange for bitcoin, and is known in the digital currency community for having deep liquidity in the US dollar/bitcoin currency pair.

Zane Tackett, Director of Community & Product Development for Bitfinex, told Reuters on Wednesday that 119,756 bitcoin had been stolen from users’ accounts and that the exchange had not yet decided how to address customer losses.

“The bitcoin was stolen from users’ segregated wallets,” he said.

The company said it had reported the theft to law enforcement and was cooperating with top blockchain analytic companies to track the stolen coins.

Last year, Bitfinex announced a tie-up with Palo Alto-based BitGo, which uses multiple-signature security to store user deposits online, allowing for faster withdrawals.

“Our investigation has found no evidence of a breach to any BitGo servers,” BitGo said in a Tweet.

“With users’ funds secured using multi-signature technology in partnership with BitGo, a lot more is at stake for the backbone of the bitcoin industry, with its stalwarts and prided tech under fire,” said Charles Hayter, chief executive and founder of digital currency website CryptoCompare.

The security breach comes two months after Bitfinex was ordered to pay a US$75,000 fine by the US Commodity and Futures Trading Commission in part for offering illegal off-exchange financed commodity transactions in bitcoin and other digital currencies.


Tuesday’s breach triggered a slump in bitcoin prices and was reminiscent of events that led to the 2014 collapse of Tokyo-based exchange Mt Gox, which said it had lost about US$500 million worth of customers’ Bitcoins in a hacking attack.

Bitcoin plunged just over 23% on Tuesday after the news broke. On Wednesday it was up 1% at US$545.20 on the BitStamp platform.

Tackett added that the breach did not “expose any weaknesses in the security of a blockchain”, the technology that generates and processes bitcoin, a web-based “cryptocurrency” that can move across the globe anonymously without the need for a central authority.

A bitcoin expert said the scandal highlighted the risks of companies using cryptography for their ledgers.

“The more you rely on its benefits, the greater the potential for damage when keys are stolen. We still have some way to go to create highly secure but convenient systems,” said Singapore-based Antony Lewis.

The volume of bitcoin stolen amounts to about 0.75% of all bitcoin in circulation.

It is not yet clear whether the theft was an inside job or whether hackers were able to gain access to the system externally. On an online forum, Bitfinex’s Tackett said he was “nearly 100% certain” it was no one in the company.

Bitfinex suspended trading on Tuesday after it discovered the breach. It said on its website that it was investigating and cooperating with the authorities.

The security breach is the latest scandal to hit Hong Kong’s bitcoin market after MyCoin became embroiled in a scam last year that media estimated could have duped investors of up to US$387 million. The bitcoin trading company closed after the scandal.

The president of the Hong Kong Bitcoin Association said the only way to protect information is to disperse it in so many small pieces that the reward for hacking is too small.

“For an attacker, the cost-benefit strategy is quite easy: How much is in the pot and how likely is it that I’m getting the pot?” said Leonhard Weese.

The attack on Bitfinex was reminiscent of a similar breach at Mt. Gox, a
Tokyo-based bitcoin exchange forced to file for bankruptcy in early
2014 after hackers stole an estimated $650 million worth of customer
bitcoins.  – Reuters

Related posts:

Bitcoin CEO arrest leaves long trail of unanswered …

 Aug 25, 2015 Tokyo (AFP) – The arrest of MtGox boss Mark Karpeles has begun to shed light
on the defunct Bitcoin exchange after hundreds of millions of …

 Jun 27, 2016 Despite the increase in the price of bitcoin amid the UK’s recent EU referendum,
a new research note from Needham & Company asserts it …
Mar 30, 2014 It seemed ludicrous that the man credited with inventing Bitcoin – the world’s most
wildly successful digital currency, with transactions of nearly …

Bitcoin: cryptocurrency rising, money talks, mining boom …

 Apr 14, 2014 The Internet has spawned a new form of currency that’s purely digital called
Bitcoin. Picture this — a high speed car chase with a slew of …

Take precautions on public wifi, hackers are watching you, travellers !

Video:  //

KUALA LUMPUR: If you are surfing the Internet on a public Wi-Fi, always assume someone is watching you out there.

Better yet, do not connect to any public Wi-Fi at all, said LE Global Services (LGMS) executive director Fong Choong Fook, whose private cybersecurity firm employs hackers to test the network security of the country’s major banks.

“I would never use a public Wi-Fi,” he said.

“Even an IT person may not be able to tell if the access point he is connected to is safe or if the activities are being watched.

“There may be signs like your Internet is slowing down but hackers can make it so elegant that you won’t even notice,” he said in an interview.

Malaysia’s national cybersecurity agency CyberSecurity Malaysia (CSM) said hackers could position themselves between a person’s device and the Wi-Fi router and are able to record sensitive data that the surfer is keying into his device.

Hackers can also “create” their own Wi-Fi and trick people into thinking they are connected to a credible public access point like the one from a restaurant, airport or office – when in actual fact these devices are connected to the criminals’ hardware.

Thus, they would be able to remotely watch everything a person is sending out on the Wi-Fi like passwords, e-mails or credit card information.

As frightening as these attacks may sound, Fong said this had been going as early as the 1990s.

Demonstrating to The Star how a hacker could steal information, LGMS set up an “evil twin” Wi-Fi using a laptop and named it after a famous franchise restaurant just below its office in Puchong, Selangor.

Fong connected two devices to this Wi-Fi and proceeded to log into social media, e-mail and Government websites.

Within seconds of logging in, the hacker’s computer began recording the activities in both devices in the experiment – recording every e-mail address, username and password that was keyed in.

Though the demonstration was only meant for the devices in the controlled environment of the LGMS office, three other users got connected to the dummy Wi-Fi, thinking they were linked to the franchise restaurant’s Internet, during the experiment.

“Hackers can target one specific person or they can target everyone in a cafe to get their devices to send all their data through their dummy Wi-Fi

“When they have your information, they can steal your identity. They can pose as you on Facebook, or send out e-mails to your contacts under your account,” he said.

Fong advised users to avoid connecting to public Wi-Fi or to only limit their browsing to Internet searches if they must connect to one.

The firm also suggested users to subscribe to VPN (virtual private network) technologies to secure their traffic.

VPN encrypts data on devices, making it hard for hackers to spy on the user’s online activities. Most VPNs are available on a subscription basis, much like an anti-virus programme.

So far this year, CSM has recorded eight instances where private Wi-Fi networks were hacked and 1,462 cases of online intrusions have been reported, which is nearly double the number of incidents compared to the same period in 2015.

It advised users to keep their Internet browsers up to date and to disable the feature which automatically saves password in the cache –as it makes it easier for criminals to steal.

by Nicholas Cheng The Star/Asia News Network

82% of travellers would use public Wi-Fi


KUALA LUMPUR: You are on a holiday in a foreign country. Naturally, you want to upload pictures to your Facebook or send messages to your friends back home or trawl the Internet for places to visit.

Chances are there is no Internet data connection where you are and you would search for whatever free Wi-Fi there is at the airport, hotel or cafe to stay connected.

An estimated 82% of travellers would choose to connect with unsecured public Wi-Fi, a practice which could up risks of cyberattacks, said Kasper­sky Lab.

The cybersecurity company surveyed 11,850 people worldwide and found that people on holiday would be carefree when it comes to their personal data protection.

The study found that 42% of travellers said they were less likely to care about the credibility of the Wi-Fi when they were on holiday compared to on business travels.

A third (33%) admitted to visiting websites of sensitive nature using foreign Wi-Fi, while almost half of the respondents conducted online banking (48%), shopped online (46%) and made private calls (35%) when they were abroad.

In a separate study, it found that at least 22% of travellers who conducted transactions online had experienced money loss while 8% had had a credit card compromised while in a foreign country.

Most of the time, victims do not even know they are being watched.

CSM advised users to keep an eye on their devices’ firewall alerts. Any trigger may indicate that a third party may be trying to access their devices illegally.

A report by MasterCard estimates that 10.9 million Malaysians travelled for overseas holidays in 2014, with the numbers expecting to hit 15.2 million by 2020.

The Kaspersky study also found that people were more likely to throw caution to the wind while on holiday with respondents saying they were 18% more likely to let strangers handle their smartphones to take pictures, 28% more likely to leave their devices unsupervised, 18% more likely to contact strangers online and 6% more likely to engage in “sexting”.

Related posts:

Jun 14, 2012 Hackers may cause Internet users to become victims of Evidence Act … According to Cybersecurity Malaysia, an average of eight personal accounts … special devices in the market that enabled anyone to “sniff” WiFi networks.

Dec 21, 2014 2014 has seen a tsunami of epic hacks and identity thefts, including the … said the prominent data  leaks of 2014 would keep cyber security in …

Malaysian hacker jailed in US


WASHINGTON: A US District judge sentenced a Malaysian to 10 years in prison for hacking into the US Federal Reserve and other banks.
United States - Federal Reserve System

Lin Mun Poo, a Malaysian citizen, had admitted earlier this year to hacking into the US central bank, various private financial institutions and possessing stolen bank card and credit card numbers, officials said.

According to AFP, he also admitted to hacking into a Fed computer server and installing a malicious software code there.

Lin, who is from Ipoh, travelled to the United States in October last year “for the purpose of selling stolen credit card and bank card numbers” but a purchaser was in fact an undercover US agent, according to prosecutors.

When he was arrested, Lin held over 122,000 stolen bank card and credit card numbers.

The US Justice Department said Lin’s “cybercrime activities also extended to the national security sector”, including hacking into the computer system of a Pentagon contractor that provides systems management services for military transport and other military operations.

“Today’s sentence sends the message to hackers around the world that the United States is no place to conduct their business,” US Attorney Loretta Lynch said in a statement on Friday.

Dhillon Andrew Kannabhiran, founder and chief executive officer of hackers community Hack in The Box, said the stiff 10-year sentence was meant to deter hackers from hacking into government networks.

“Details of the case are not clear to me, but you can argue that 10 years for computer crime is harsh by any standards,” Dhillon told The Star.

“It’s definitely a sentence which is meant to send a message.”

Dhillon said the hacker was “asking for trouble”.

“Hacking is a tool. Just like a knife can be used by a chef to prepare a meal or to stab someone. It is your motives that sets you apart. People who use their skills to commit financial fraud are not hackers, but just criminals,” he said.

Lin, according to a fellow hacker, deserved his punishment.

“Most hackers have the skills to breach a computer security system. But once you use your skills for malice, then you have committed a crime,” said a computer security consultant who wished to be identified as Sam.

“If you are caught, you deserve to be punished like any other criminal.”

Sam said most people with hacking expertise, like himself, were hired by companies to “test” their computer security system.

“Most of us use our skills to make a decent, legitimate living.”

Related post: 

How to check if a Web site is safe?

How to check if a Web site is safe

Have you been phished? Whether you use a Mac, Windows, or Linux, iOS or Android, there’s a real strong chance that somebody has sent you an e-mail or text message in an attempt to get at your personal information. Data means money, and you’re a big ol’ dollar sign to the bad guys.

The best recommendation I can offer is to browse smart. That means you ought to always double-check the URL of your banking site, social networking site, and e-mail site before you log in. Most browsers, including Firefox, Chrome, and Internet Explorer, now include a color-change on the left side of the location bar to indicate that the site has been verified as legitimate. It’s always a good idea to type in the URL by hand, and to never follow links from an e-mail. Also, checking for HTTPS instead of the less-secure HTTP is a good idea, although HTTPS isn’t foolproof.

But what about that link to some ostensibly hilarious video your best friend just posted to Twitter? There are several services you can use to verify a link. Google Safe Browsing is a good place to start. If you type in that URL, you can then enter in a site name or an IP address to find out if it has hosted malware in the past 90 days.

Another similar service is hpHosts. Enter a site into the search box and its database will tell you if the site has been used to distribute malware or phishing attacks. HpHosts gives you more-detailed information than Google Safe Browsing, if you’re into that kind of thing. Two other excellent services are Norton Safe Web, from Symantec, and Unmasked Parasites. Pop in the URL, and you’re good to go. Or if the site comes back as unsafe, don’t go.

Many security suites come with browser add-ons to check links you click on the fly, and those work fairly well at scanning your search results and adding icons to indicate if a link is safe or not. If you don’t have a suite, AVG LinkScanner (download for Windows | Mac)is a free add-on that works with both Windows and Mac, and AVG’s free Mobilation Android app (download) or Lookout Mobile Security (download) will block malicious links on your Android device.

Sadly, iPhone and iPad users are out of luck. Even though phishing over social networking has been proven to work on iOS devices that haven’t been jailbroken, Apple doesn’t allow such link-checking apps. Feel free to recommend your favorite in the comments below.

Newscribe : get free news in real time

Mother of all scams – Many fall for Bukit Aman scam,Syndicates clone caller IDs of enforcement agencies

Many fall for Bukit Aman scam


PETALING JAYA: We have heard of the Nigerian 419 scam, the AL-Globo lottery scam, but the Bukit Aman scam must surely be the mother of all scams.
Part of Bukit Aman's police facilities, as see...Image via Wikipedia
A syndicate posing as police officers from Bukit Aman has been ripping off unsuspecting victims of hundreds of thousands of ringgit by claiming that they are being investigated for alleged money laundering.

Their latest victim is an elderly woman who lost about RM260,000.

Relating the ordeal, the woman who only wanted to be known as Margeret, in her 60s, said she received a phone call on Aug 18 from a man claiming to be a police inspector from Bukit Aman.

She said the “officer” told her that she was being investigated by the Hong Kong police over dealings with two drug dealers there.

“The officer told me that if I did not cooperate fully with police investigations, I would be extradited to Hong Kong to face charges for the offence,” she told The Star yesterday.

Margeret said the officer then passed to her the number of a senior police investigator in Hong Kong to verify the matter.

“I called the number given and a man claiming to be a police officer warned me that I was being investigated together with 28 other people for alleged dealings with drug dealers there,” she said, adding that the man told her to cooperate fully with the police here.

She said she then received another call from a senior police inspector in Bukit Aman who asked her to transfer all her money into an account provided by them.

“They said this was to help them verify that the funds were not linked to drug dealers in Hong Kong,” she said, adding that she transferred a total of RM260,000 from five separate banks to the police here.

Margeret said the officer told her to transfer any additional funds she had to facilitate police investigations failing which she would be arrested.

“I told them that I had an additional RM128,000 in a fixed deposit account in Temerloh, but I could not withdraw the money until the next day.”

Fearing something was amiss, she lodged a police report with the Mentakab police.

Federal Commercial Crimes Investigations Department (CCID) deputy director Deputy Comm Datuk Tajuddin Md Isa said police were investigating the case and appealed to the public to contact Bukit Aman to verify the calls.

Syndicates clone caller IDs of enforcement agencies


PETALING JAYA: Syndicates are using special technology to dupe unsuspecting victims into believing they are being called by real law enforcement agencies.

The Voiceover Internet Protocol (VoIP) technology is used to replicate phone numbers of the police, Bank Negara and other government agencies.

“The victims do not know they are being duped as the caller ID is identical to the real number of the relevant authority,” Federal head of CyberSecurity and Multimedia Investigation Division Asst Comm Mohd Kamaruddin Md Din told The Star, referring to reports on the Bukit Aman scam.

VoIP is a family of technologies, communication protocols and transmission techniques for the delivery of voice communications and multimedia sessions over Internet Protocol (IP) networks, such as the Internet.

The modus operandi of the syndicate involved in the Bukit Aman scam was to tell victims that they were being investigated by Hong Kong police for money-laundering activities.

“The syndicate then tells the victims that they must transfer all their savings into an account which is provided by the syndicate in order to verify that the funds are not linked to any cases,” ACP Kamaruddin said, adding that victims were told the money would be transferred back to their accounts once Bank Negara had completed investigations.

He said there had been 76 such cases reported nationwide amounting to losses of more than RM3.05mil between January and June this year.

ACP Kamaruddin advised the public to immediately contact the relevant authorities if they received such calls.

He said there had been a total of 367 cases involving bogus police, bank and government officials between January and June this year, resulting in losses of more than RM10mil.

“Last year, there was a total of 996 cases amounting to about RM17.4mil in losses,” he said, adding that in most cases the money could not be retrieved as the syndicates operated from outside the country.

Hackers, not all hack for the heck of it! Who are the anonymous hackers? Beware of Seduction!


Some do it for fun or fame, others to make a political statement. But a bigger number of hackers are now doing it for money.

THEY brought down the CIA website and attacked Sony, Nintendo and a few tech companies with links to FBI and the US Senate. They wanted to expose the online weaknesses of these entities, “for the Lulz”, they bragged.

But what is grating the American authorities and security experts most about the group who carried out the cyber attacks, Lulz Security, an offshoot of the notorious activist hacker group Anonymous, is that they used basic hacking “tools” available for free online.

One irate network security expert, Paul Ducklin of Sophos, even branded them “a bunch of schoolboys” who did something as intellectually challenging as “boasting in the playground about who’s got the hottest imaginary girlfriend”.

Beware: A hacker group threatening to attack Malaysian government websites.

It sounds like sour grapes to me, laughs a local IT student and part-time hacker who only wants to be known as “W”.

“This is the democratisation power of technology; it is now easy for anyone to start hacking,” he says.

Technological advancement has inadvertently lowered the bar for hacking, concurs Nigel Tan, the Asia-South principal consultant at online security company Symantec Corporation (Malaysia).

“In the past you have to write the programme yourself. Now there are toolkits available online, and you can create your own malware easily using these toolkits,” he says.

Symantec believes that the availability of these kits are likely responsible for the increase of malicious attacks on the Internet.

As its recent Internet Security Threat Report showed, there were more than 286 million new cyber threats last year, compared with 120 million in 2008.

But you don’t really need statistics to show how rampant cyber attacks are growing.

Since last December, the world has been bombarded by a flurry of hacking incidents the highest-profiled possibly being the hacking of PayPal, MasterCard, and Visa by Anonymous in support of WikiLeaks’ Julian Assange.

In March, the database of marketing group Epsilon was rampaged and millions of email addresses were stolen. In April and May, Sony’s PlayStation network was attacked, more than once, exposing some 77 million users’ data.

And in the past three weeks, the security of the International Monetary Fund, CitiBank, the Spanish police, Google, the CIA and our own government websites was breached.

While many of the hackers prefer to remain in the dark corners of the Internet, there seems to be an increase of groups like Lulz and Anonymous who want to grab their 15 minutes of fame for their hacking activities.

New breed

In their claim to fame, Lulz went as far as to open up a hotline to get public suggestions for their next target. The hotline number is said to spell out LULZSEC and callers are reportedly greeted by a male voice heavily tinged with a French accent, which then apologetically explains that “Pierre Dubois and Francois Deluxe” are unavailable because they are “up to mischief on the Internet”.

The group is obviously relishing the limelight, publicly taunting the authorities, not even bothering to hide (or purposely exhibiting) their telephone area code.

Despite their pop cultural references they use the Guy Fawkes masks popularised by the comic book and movie V for Vendetta for their public image Anonymous is less playful.

The “hacktivist” group’s activities are self-proclaimed as acts of political activism. In its attack on the Malaysian government websites, for instance, Anonymous announced that it was a protest against the Government’s decision to block a few file-sharing websites, which they claim is an infringement of Malaysians’ human rights.

The open stance aside, the real identities of these two groups are difficult to detect, as international security personnel who have been tasked to trace them are discovering.

Anonymous, which has been around for almost a decade, for one, is a loose group made up of an indefinite number of members.

As one admirer was quoted: “If you claim you are a member of Anonymous, then you are a member.”

There is a cautionary tale on the web of how one man, HBGary Federal chief executive officer Aaron Barr declared war on Anonymous, only to find himself at their mercy.

In February, Barr had claimed that he had successfully uncovered the real identity of the group’s top honchos and announced that he would expose them. Before he knew it, his website was hacked and his database compromised. Important files were deleted while his phone system was crosswired.

Anonymous also took control of the company’s email, leaking confidential business emails and dumping thousands of others. The whole attack cost HBGary Federal million-dollar losses and he retracted his claims.

As Anonymous announced later, the company was taken down by five of its members, which included a 16-year-old girl, another slap in Barr’s already burning face.

A young Malaysian hacker who only wants to be known as Ahmad shares that many of his peers look up to Anonymous not only because of their political activism but also their technical prowess.

Says the IT student, “It is now easy to hack into different systems, but it is not easy to cover your tracks. Anonymous is master at it.”

Ahmad, however, concedes that he finds it strange that Anonymous has targeted Malaysia. “Sure, they have clearly stated their intentions, but I am still trying to wrap my mind around what it has to do with them. Why is Malaysia important to them?”

W believes that the web may be the final frontier for activism, as promoted by Anonymous and the growing breed of hactivists. “In the last few years, the Internet has been a useful tool for activists to get their message out and to mobilise supporters. Maybe now it is time to carry out their activism campaign in cyberspace itself.”

When asked if he had taken part in the recent Anonymous-initiated cyber attack on Malaysian government websites, Ahmad profusely denies any involvement, but he admits that he and his friend have hacked into other websites before.

“We like to challenge each other, as a test of our IT skills. Many of us do it for fun, just to see if we can get in. We don’t steal the data or do any other harm. We have also hacked for classroom lessons’ after being assigned tasks of hacking into a few websites to learn about cybersecurity,” he reveals.

For many young hackers, he says, many do it to get noticed by security firms.

“It is still a new area and there are not many professional’ hackers those who work with security firms to hack into their systems after they install it to ensure that the systems are really secure. Then there are companies who hire hackers to test the security of new programmes. Our hacking activities are like our auditions or resumes,” he shares.

Symantec’s Tan, however, alerts that while these so-called harmless “fun hacking” and hacktivism activities appear to be growing, a bigger number of hackers are doing it for money lots of it.

“I believe that in the last few years, there was a major shift in hacking those who are doing it for fame or fun have decreased. Now hackers are doing it for money. It is big business. Those who are making a big noise are the minorities; more prevalent are those who are involved in the underground economy activities. They are more quiet and targeted in their attacks and would rather keep below the radar so that they can continue their work longer,” he cautions.

Who do the anonymous hackers represent?


THE flap over the hacker attack of the Malaysian Government’s portal has come and gone as swiftly as the click of a mouse.

However, the scale of the problem and the magnitude of the issues around it remain considerable.

To avoid unnecessary confusion, it is important to spell out the issues at stake before dwelling on the justness or otherwise of any particular motive.

In this specific instance, the hackers in the collective international identity of Anonymous had targeted the official websites of a sovereign nation.

Since it was not an attack on a political party or individual personalities but on an entire country’s online representation, the hackers are culpable of anything from vandalism to subversion.

The attack was also not against any sinister policy of the Government but rather against its obligated move to block file-sharing websites that allow unlawful downloading of films and music.

Thus Anonymous is merely a group of selfish persons seeking to benefit personally from the work of professional artistes at the latter’s expense.

Their motivation was therefore neither just nor defensible.

They are an accessory to illegal and unethical activities, if not also guilty of those activities themselves.

The fact that Malaysia became the first country in the region to block file-sharing websites does not detract from the rights and wrongs of the issues.

A country such as Malaysia has been besieged by various parties clamouring for better enforcement of laws against copyright piracy.

Whatever the record of such enforcement on the street, the clampdown on illegal file-sharing websites is certainly a plus especially when most infringements these days are being committed this way.

At the same time, for a government to resist Internet censorship despite the temptations is definitely commendable.

Attempts to liken Anonymous to Wikileaks are also grossly misplaced.

Wikileaks did not try to deface or destroy websites or to steal official secrets, but only to relay information of public interest to the public domain against the wishes of governments claiming to work for the public.

If hackers had any righteous values or morals, they would have applied their skills to attack websites spewing race hatred and child pornography, among others.

They fact that they do not, and that they have had to remain anonymous, speak volumes about their lack of scruples.

Seduction on the web

LIKE the spider luring the fly into his web, hackers are “seducing” their victims and luring them to their websites.

A major way for cybercriminals to obtain confidential data is by creating fake websites to host malicious software (malware) or to trick you into providing this information (phishing), says Nigel Tan, the Asia-South principal consultant at online security company Symantec Corporation (Malaysia).

Symantec’s study shows that spikes in hacking and phishing occur during major events in the world, like the recent British Royal Wedding or the tsunami tragedy in Japan.

Hackers take advantage of these events to get people to click on links to their fake websites so that they can steal people’s confidential information.

“It is human nature to get the latest update of an important global event or to see pictures of a tragedy. Hackers exploit this by sending emails with links for pictures or stories on the event or tragedy,” he says.

“When someone clicks on the link, they will be taken to the fake website where their confidentiality will be compromised or their computer may be affected.”

However, it remains a challenge to determine whether a website is genuine or fake other than the obvious spelling and grammatical errors (many fake websites are rush jobs) or shoddy infrastructure and programming.

Worse, sometimes you can go to a trusted website which has links to websites or advertising that may not be genuine and contain malware or phishing mechanisms.

Sometimes, all you have to do is to click the link and you will taken to a website that will affect your computer.

“We call this drive-by download,’” says Tan.


Password is another easy prey for cyber criminals. With many websites out there now requiring users to register, most people are resorting to using personal information like date of birth or address as their password. Worse, people are increasingly using the same password for everything.

“It is understandable that people will not remember if they use different passwords, but the danger of using the same password for everything is that once a website or your email is compromised by a hacker, they will have access to everything else.”

Fortunately, it is not too difficult to strengthen your password, says Tan, advising people to use at least eight letters in a combination of capital letters, small letters, numbers and symbols.

If you use the same password, you can have variations on it by adding different letters or numbers or symbols, the significance of which should only be understood by you.

“Another effective safeguard is to segmentise your passwords by having one set of password for communication, another set for websites and another for banking and shopping online,” he elaborates.

Technology has also enabled hacking activities to be more targeted, so like those living in big houses in affluent areas who are targeted by burglars, those with bigger bank accounts or higher profiles, for instance, will be more susceptible to cyber attacks and need to be more vigilant on the Net.

Botnet alert

Another growing threat is hackers using our identity or computer to launch an attack.

Citing the recent hacking as an example, Tan says that while an individual may not be a direct focus target of most hackers, they may be a part of the attack without realising it.

The more common modus operandi is for hackers to use our personal information to get access to their target website. A method that is growing rampant is to control our computer to do their dirty work.

Explains Tan: “Now, hackers do not create malware to crash the computer, they want it to be alive. What they do is to plant malware called botnets (which are like sleeper spies) that will stay quietly in the background in your computer until they are activated by the Master to hack into official websites or to send spam emails that will phish information or crash a website.”

For example, if a hacker wants to spam people, they will just activate the malware they have planted in the different computers around the world and something like a pyramid scheme will be at work (the number of spams spread exponentially).

“The computer owner may not be doing anything but his or her computer will be hard at work. This trend is growing, especially now with broadband; so many people are connected 24 hours a day, even when they are asleep,” says Tan.

It is thus vital that people ensure that their computers are well-protected.

“One thing to remember is that although it is getting easier for cyber criminals and hackers to attack us, it is also getting easier for us to protect ourselves. The problem is that people just don’t do it,” he notes, adding that it is also important to ensure that your software and programmes are up-to-date as older computers with outdated software are the most prone to attacks.

Ultimately, he stresses, it boils down to common sense.

“Typically, you won’t walk into a dark alley or you won’t give a stranger your IC number, so you should not do the same on the Net,” says Tan.



Related Stories:

Tackling cyber piracy needs careful planning; Hackers mainly locals

Malaysia Websites hacked but not whacked after threatened; time to build secured websites!

Beware of criminal hackers
Meet the good hackers

Tackling cyber piracy needs careful planning; Hackers mainly locals

Friday Reflections – By B.K. Sidhu

So much has been said and written about the blocking of sites and hacking the past few days.

But one phrase that keeps popping up is “freedom of information.” The blocking of sites is seen as going against freedom of information even though it is part of the fight against piracy.

Over the past few days some businessmen in the country have received calls from their counterparts abroad asking if Malaysia was indeed coming on strong on censorship of the Internet.

Internet has become such a powerful tool for many people, be it for work, education, play and entertainment. Sending the wrong message can of course trigger a lot of thoughts of safety to stability especially when we as a country need foreign direct investments.

The question here is not about what the Domestic Ministry or Malaysian Communications & Multimedia Commission (MCMC) can or cannot do. It is about why they blocked the sites and why those particular sites.

When it is done without proper explanation, it only creates mayhem and doubts in people’s minds. One must remember that a lot of people the world over download stuff for free and anyone who has a broadband connection can assume that free downloads is a given because he is paying for the connection.

Then the question of enforcement comes to play. If you want to fight piracy on the web then fight it on the streets too, why allow pirated DVDs to be sold but sites are blocked.

If there are roadblocks then there should be on both ends or else the question of who we are protecting – the copyright holders or someone else – will arise.

To recap – the telecoms industry regulator, MCMC, ordered ISPs to block 10 file sharing sites at the request of the Domestic Ministry in the name of fighting piracy. These sites are used for file sharing to download music, songs, games, homework, and to do business.

One ISP did as it was told by the regulator but little did they know that they would get so much flak for that action. To explain, it posted the MCMC letter. This letter was meant to be confidential to the ISPs but it landed on the net and was circulated widely.

It did not take much time for the cyber community to retaliate over the blocking of sites and to vent their frustrations they lambasted the Government via the net. To them it was a privacy intrusion and against the MSC Malaysia Bill of Guarantees which states that the Government will not censor the Internet.

So angry were they that a Facebook account – “1M Malaysians Don’t Want Block File Sharing Websites” – was created for people to air their grouses. “What they did was akin to using a mega bomb to kill one terrorist,” someone said of the blocking of the 10 sites.

The sites were blocked because there was an element of pirated content and according to some experts, this is a lucrative business especially for certain parties as they host the free content but some do charge VPN services to “cloak” the content.

Ironically, the IP addresses of those sites were from the same place and 40% of IP transit traffic out of Malaysia is said to land there and the blocking action could have hurt someone’s rice bowl.

The whole blocking episode and all the grouses caught the eye of hackers who threatened to hack government sites in retaliation.

They did so on Wednesday night and 41 sites were compromised. This is not the first block or hack, and it would not be last in the Internet era. Internet has both good and bad sides. It is up to the policy makers to take heed of what the users want; don’t brush them aside as social media has somewhat become an avenue for people to air their grouses.

Today they can block 10, 20 or even 30 sites, but there will be an equal number of proxy sites which will offer free downloads. So while an explanation is needed for the blocking of sites, there also is a need to take Internet users on an educational journey to explain what is legal and illegal, what is piracy and what is downloadable, what is cyber security and how to safeguard.

One cannot assume everyone knows all that.Also, not many are willing to pay for content because there is free content out there.

Without a well thought out plan on how to tackle piracy, any effort will be futile and users will be left frustrated.

Deputy news editor B.K. Sidhu is glued to The World Is Flat.

90% of hackers attacking govt, private websites are locals

PUTRAJAYA: Ninety per cent of the hackers who attacked 200 government and private websites in the past four days were locals, said Science, Technology and Innovation Minister Datuk Seri Dr Maximus Ongkili on Friday.

He said the police and the relevant agencies were now in the process of identifying them.

“We have come to know that most of the hackers were locals, not from, abroad,” he told a press conference here.

He said this when asked to comment on the group calling itself ‘Anonymous’, which claimed to be based abroad and threatened the attack the government’s official portal,

Maximus said that as the head of the ministry that promoted the safe use of the Internet and handled the infrastructure that dealt with cyber security, he appealed to Malaysians to use the Internet professionally for education and the development of the country.

“Because you cannot go very far when you want to do criminal activities within cyberspace itself,” he added.

Asked whether the Cabinet had made any decision to form a special task force to solve this problem, he said he could not confirm that yet. – Bernama

Related Stories:

Malaysia Websites hacked but not whacked after threatened; time to build secured websites!

Hackers, not all hack for the heck of it! Who are the anonymous hackers? Beware of Seduction!

Govt won’t filter Net despite attacks, says DPM
DPM: Govt takes serious view of hacker issue

%d bloggers like this: