Malaysia Websites hacked but not whacked after threatened; time to build secured websites!
Tweet
Warning: The graphic with Anonymous’ threat that was posted online.
Two hackers disrupt 51 Malaysian government Websites, and 40 others
A woman browses the Internet at a cyber cafe in Kuala Lumpur. (File photo)
By LIAU Y-SING AND NILUKSI KOSWANAGE REUTERS KUALA LUMPUR Thursday, 16 June 2011
Fifty-one Malaysian government Websites were hacked into overnight but no personal or financial data was compromised, government officials said on Thursday, as the nation became the latest target of a cyber-war waged by online activists.
The Southeast Asian country has a vibrant Internet culture that has gained a mass following in an environment where the mainstream media is tightly controlled.
The government has in the past charged bloggers with sedition, often detaining suspects for long periods without trial.
The Southeast Asian country has a vibrant Internet culture that has gained a mass following in an environment where the mainstream media is tightly controlled.
The government has in the past charged bloggers with sedition, often detaining suspects for long periods without trial.
In the attacks, 91 websites were hit including 51 government Websites, the industry regulator, the Malaysian Communications and Multimedia Commission, said on Thursday.
Access to 76 of the 91 Websites attacked since shortly before midnight on Wednesday had been recovered, it said.
The attacks followed a warning by Internet vigilante group Anonymous, which said it would attack the government’s official portal to punish it for censoring WikiLeaks, the Website that aims to expose governments and corporations by leaking secret documents.
“Most government-related Websites are (now) accessible to the public and have either not been affected by the service outages or have recovered from the attacks,” the commission said.
It did not name the sites which were attacked but targets included the government’s online portal http:www.malaysia.gov.my, and the Web pages of the fire and emergency services department www.bomba.gov.my and the land public transport commission www.spad.gov.my.
Malaysian police chief Ismail Omar told Reuters no personal or financial data had so far been stolen but the authorities were trying to determine the extent of the attacks.
It was not immediately clear if the attacks were launched by Anonymous or other hackers.
Anonymous is a grouping of global activists lobbying for Internet freedom who frequently try to shut down the Websites of businesses and other organizations that they oppose.
The activists gained prominence when they temporarily crippled the websites of MasterCard and Paypal that cut off financial services to WikiLeaks.
A spate of cyber attacks on multinational firms and institutions, from the US Central Intelligence Agency to Citigroup to the International Monetary Fund, has raised concerns that governments and the private sector may struggle to defend themselves against hackers.
In an earlier Internet posting, Anonymous said Malaysia’s censorship of films and television shows and its blocking of file-sharing Websites amounted to a denial of human rights.
The communication commission last week banned 10 file-sharing sites and ordered Internet service providers such as Telekom Malaysia and Maxis to block access.
The restrictions have outraged ordinary Malaysians, and several people took to Twitter to express support for the cyber-attacks.
“Now to count how many sites have gotten whacked so far,” said a tweet posted by Rhyden. “I knew the government’s IT defence team was pathetic.”
(Additional reporting by Razak Ahmad; Editing by Nick Macfie)
IT defence team pathetic
The activists gained prominence when they temporarily crippled the websites of MasterCard and Paypal that cut off financial services to WikiLeaks.
A spate of cyber attacks on multinational firms and institutions, from the US Central Intelligence Agency to Citigroup to the International Monetary Fund, has raised concerns that governments and the private sector may struggle to defend themselves against hackers.
In an earlier Internet posting, Anonymous said Malaysia’s censorship of films and television shows and its blocking of file-sharing websites amounted to a denial of human rights.
The communication commission last week banned 10 file-sharing sites and ordered Internet service providers such as Telekom Malaysia and Maxis to block access.
The restrictions have outraged ordinary Malaysians, and several people took to Twitter on Thursday to express support for the cyber attacks.
“Now to count how many sites have gotten whacked so far,” said a tweet posted by Rhyden. “I knew the government’s IT defence team was pathetic.”
The country has a vibrant Internet culture that has gained a mass following in an environment where the mainstream media is tightly controlled. The government has in the past charged bloggers with sedition, often detaining suspects for long periods without trial.
On the micro-blogging site Twitter yesterday evening, there were reports that 27 sites in total had been hacked.
But these were not named and there was no confirmation from the authorities as to the accuracy of the tweets.
Among the sites known to have been hacked was the Sabah Tourism website, www.sabahtourism.com. The defaced site was spotted early yesterday by the chief executive of a company that organises security conferences.
“A portion of the website was deleted when I saw it,” said Dhillon Andrew Kannabhiran, who heads Hack In The Box (M) Sdn Bhd. “I had just returned from an overseas trip.”
The Sabah Tourism website has since gone offline.
F-Secure Corporation (M) Sdn Bhd, a computer security software company, corroborated Dhillon's account. Goh Su Gim, its security adviser for Asia, said the Sabah Tourism site was compromised.
“Worse still, the data from 392 user accounts were stolen from the site and released to the public,” he said.
The data that was posted online were e-mail addresses and passwords.
On the webpage where the hackers posted the data, they claimed they had the details of more than 3,400 users from the Sabah Tourism site, but they were only exposing the 392.
The hackers also claimed to be Anonymous members and that they meant no harm, and only wanted to show the vulnerability of this site.
According to Dhillon, the www.tourmalaysia.com.my site was also hacked and defaced yesterday. He had checked the site after viewing the hacked Sabah Tourism website. It was defaced with words that included “Deface by Kambeng Merah: Credit to DarkJawa.”
Another website hacked was www.cidb.gov.my, which belongs to the Construction Industry Development Board (CIDB).
It was defaced with a long message that scolded the Government for censoring the Internet. However, a while later, the site was back to normal.
Dhillion said he believed these sites may not have been hacked by Anonymous.
“The hacker group is into co-ordinated attacks and keeps to its word when it comes to launching its attacks,” he said. “These are likely independent hackers taking advantage of the publicity.”
CyberSecurity Malaysia, responsible for the nation's borders in cyberspace, confirmed that several websites were hacked. But it declined to say how many and which were the sites.
“At present, we are not able to elaborate further,” said Lt Col (Rtd) Datuk Husin Jazri, chief executive officer of CyberSecurity.
He said rectification works were being conducted by the relevant authorities to address the situation.
Anonymous had threatened to hack the www.malaysia.gov.my portal to protest against the Government's censorship of the Internet and because Malaysia had blocked 10 filesharing sites.
These sites were among the most visited by Malaysians to illegally download movies.
Related Story:
Tackling cyber piracy needs careful planning; Hackers mainly locals
Hackers, not all hack for the heck of it! Who are the anonymous hackers? Beware of Seduction!
Cops probing website hackings
It posted the threat in a graphic on the website i.imgur.com/PTFWh.png Tuesday.
Several local hackers, when contacted said at minimum the government portal would be defaced and at worse it would be brought down.
But they said the worst would be that the hackers pry personal, credit card or financial data from a government website, or an e-payment concessionaire such as MyEG.
Mikko Hypponen, chief research officer at the F-Secure Corporation a computer security software company based in Helsinki, Finland tweeted about the threat at 4.42am Malaysian time yesterday.
Several hours later, Anonymous announced its reasons for wanting to attack the government portal, which were posted in an open letter that started with “Greetings, Malaysia ...” on a website and in a video on YouTube.
It said it was acting against what it claimed were various acts of censorship by the Malaysian Government and also because of the recent move to block file-sharing sites in Malaysia.
Anonymous also accused the Government of censoring films and TV shows, and for restricting the Internet which it said was a basic human right.
“We fear that if you make further decisions to take away human freedom, we are obligated to act fast and have no mercy,” the group said in its statement.
On YouTube, a video featured a digitally-generated voice that read out the group's message.
There had been an uptick in such “hacktivism” in recent weeks, where hacker groups targeted various organisations for political purposes.
Recently, the hacker group launched attacks on Turkish Government websites for alleged Internet censorship. Following that incident, Turkey arrested 32 people, suspected to be Anonymous members.
Related Stories:
Tackling cyber piracy needs careful planning; Hackers mainly locals
Hackers, not all hack for the heck of it! Who are the anonymous hackers? Beware of Seduction!
Cops tracing source of hacker video message
RIM wants another file-sharing site blocked
A hacker who is physically on the other side of the planet can at the same time be as near as the computer next to you, or even on your own computer, on the Internet.
So it is disconcerting to read about websites, especially those belonging to the Government, being compromised. This just rams the message home – i.e. distance is no safety factor.
It’s even worse to learn about these sites getting hacked almost as soon as they’re launched, like as the 1Malaysia Pengguna Bijak (1MPB) portal was recently. And before that, the portal had gone down just after it went online.
Some of these government websites were easily hacked due to poor construction – such errors being the equivalent of leaving the back door to your home ajar in the real world.
Malaysia has already been plagued by several embarrassing incidents – involving what could be a dearth of construction skills, a widespread tidak apa attitude or, more disappointing, attempts to cheat – where parts of prominent buildings collapsed.
It seems that even in cyberspace, Malaysia cannot get away from such incidents. Case in point: the 1MPB portal going down because it had 3.5 million hits instead of the estimated 300,000 to 400,000 after its launch.
Wouldn’t that be like saying a new bridge collapsed because the construction company thought only 300,000 to 400,000 vehicles would cross it on the first few days, when 3.5 million actually showed up?
Ridiculous, right? Poor planning, too. That excuse would not hold up in the real world, but it seems to be frequently used and accepted by some when it comes to cyberspace matters.
Especially painful is that it cost the taxpayers RM1.4mil to build the 1MPB portal. For that amount of money, we expect an equally huge amount of skilled programming work and very strong network security.
Instead, several vulnerabilities in the coding of the portal were exploited, and the hackers were able to extract usernames, e-mail addresses, encrypted passwords and other information, which could be used for identity-theft activities.
Which brings up the question of how vulnerable the other portals and websites are. What if hackers breach really important sites like that of the Inland Revenue Board? Or that of the Employees Provident Fund? It’s one thing to hack into a site and deface it, quite another if the public loses money or personal data from such attacks.
So, are our portals and websites up to scratch? We are about to find out. And soon, because a hacker group has said that it will hack into malaysia.gov.my, the official portal of the Malaysian Government, at 3.30am tomorrow.
The group, named Anonymous, said it would hack the portal because the telecommunications industry watchdog in Malaysia – the Malaysian Communications and Multimedia Commission – had ordered several file-sharing websites to be blocked by local Internet Service Providers, among other reasons.
If the site does get hacked, we will bounce back. But we hope that it will also result in a wake-up call for Malaysia’s portals and websites that security shouldn’t be taken for granted and has to be built from the ground up.
If there isn’t one, there should be unified strategy and specifications for existing and future government portals and websites, which the developers must adhere to. The owners of these websites must also ensure that all the requirements are met, and that there are regular upgrades and security patches.
Sadly, this initiative will likely come after the disaster. But then again, Malaysia seems able to learn its lessons only after a calamity hits.
Access to 76 of the 91 Websites attacked since shortly before midnight on Wednesday had been recovered, it said.
The attacks followed a warning by Internet vigilante group Anonymous, which said it would attack the government’s official portal to punish it for censoring WikiLeaks, the Website that aims to expose governments and corporations by leaking secret documents.
“Most government-related Websites are (now) accessible to the public and have either not been affected by the service outages or have recovered from the attacks,” the commission said.
It did not name the sites which were attacked but targets included the government’s online portal http:www.malaysia.gov.my, and the Web pages of the fire and emergency services department www.bomba.gov.my and the land public transport commission www.spad.gov.my.
Malaysian police chief Ismail Omar told Reuters no personal or financial data had so far been stolen but the authorities were trying to determine the extent of the attacks.
It was not immediately clear if the attacks were launched by Anonymous or other hackers.
Anonymous is a grouping of global activists lobbying for Internet freedom who frequently try to shut down the Websites of businesses and other organizations that they oppose.
The activists gained prominence when they temporarily crippled the websites of MasterCard and Paypal that cut off financial services to WikiLeaks.
A spate of cyber attacks on multinational firms and institutions, from the US Central Intelligence Agency to Citigroup to the International Monetary Fund, has raised concerns that governments and the private sector may struggle to defend themselves against hackers.
In an earlier Internet posting, Anonymous said Malaysia’s censorship of films and television shows and its blocking of file-sharing Websites amounted to a denial of human rights.
The communication commission last week banned 10 file-sharing sites and ordered Internet service providers such as Telekom Malaysia and Maxis to block access.
The restrictions have outraged ordinary Malaysians, and several people took to Twitter to express support for the cyber-attacks.
“Now to count how many sites have gotten whacked so far,” said a tweet posted by Rhyden. “I knew the government’s IT defence team was pathetic.”
(Additional reporting by Razak Ahmad; Editing by Nick Macfie)
IT defence team pathetic
The activists gained prominence when they temporarily crippled the websites of MasterCard and Paypal that cut off financial services to WikiLeaks.
A spate of cyber attacks on multinational firms and institutions, from the US Central Intelligence Agency to Citigroup to the International Monetary Fund, has raised concerns that governments and the private sector may struggle to defend themselves against hackers.
In an earlier Internet posting, Anonymous said Malaysia’s censorship of films and television shows and its blocking of file-sharing websites amounted to a denial of human rights.
The communication commission last week banned 10 file-sharing sites and ordered Internet service providers such as Telekom Malaysia and Maxis to block access.
The restrictions have outraged ordinary Malaysians, and several people took to Twitter on Thursday to express support for the cyber attacks.
“Now to count how many sites have gotten whacked so far,” said a tweet posted by Rhyden. “I knew the government’s IT defence team was pathetic.”
The country has a vibrant Internet culture that has gained a mass following in an environment where the mainstream media is tightly controlled. The government has in the past charged bloggers with sedition, often detaining suspects for long periods without trial.
Websites hacked before deadline set by hacker group
Update by By SUBASHINI SELVARATNAM bytz@thestar.com.my, Thu June 16, 2011
PETALING JAYA: Local websites have been hacked ahead of the deadline set by a foreign-based hacker group, Anonymous, that said it would attack the Malaysian Government portal at 3.30am today.On the micro-blogging site Twitter yesterday evening, there were reports that 27 sites in total had been hacked.
But these were not named and there was no confirmation from the authorities as to the accuracy of the tweets.
Among the sites known to have been hacked was the Sabah Tourism website, www.sabahtourism.com. The defaced site was spotted early yesterday by the chief executive of a company that organises security conferences.
“A portion of the website was deleted when I saw it,” said Dhillon Andrew Kannabhiran, who heads Hack In The Box (M) Sdn Bhd. “I had just returned from an overseas trip.”
The Sabah Tourism website has since gone offline.
F-Secure Corporation (M) Sdn Bhd, a computer security software company, corroborated Dhillon's account. Goh Su Gim, its security adviser for Asia, said the Sabah Tourism site was compromised.
“Worse still, the data from 392 user accounts were stolen from the site and released to the public,” he said.
The data that was posted online were e-mail addresses and passwords.
On the webpage where the hackers posted the data, they claimed they had the details of more than 3,400 users from the Sabah Tourism site, but they were only exposing the 392.
The hackers also claimed to be Anonymous members and that they meant no harm, and only wanted to show the vulnerability of this site.
According to Dhillon, the www.tourmalaysia.com.my site was also hacked and defaced yesterday. He had checked the site after viewing the hacked Sabah Tourism website. It was defaced with words that included “Deface by Kambeng Merah: Credit to DarkJawa.”
Another website hacked was www.cidb.gov.my, which belongs to the Construction Industry Development Board (CIDB).
It was defaced with a long message that scolded the Government for censoring the Internet. However, a while later, the site was back to normal.
Dhillion said he believed these sites may not have been hacked by Anonymous.
“The hacker group is into co-ordinated attacks and keeps to its word when it comes to launching its attacks,” he said. “These are likely independent hackers taking advantage of the publicity.”
CyberSecurity Malaysia, responsible for the nation's borders in cyberspace, confirmed that several websites were hacked. But it declined to say how many and which were the sites.
“At present, we are not able to elaborate further,” said Lt Col (Rtd) Datuk Husin Jazri, chief executive officer of CyberSecurity.
He said rectification works were being conducted by the relevant authorities to address the situation.
Anonymous had threatened to hack the www.malaysia.gov.my portal to protest against the Government's censorship of the Internet and because Malaysia had blocked 10 filesharing sites.
These sites were among the most visited by Malaysians to illegally download movies.
Related Story:
Tackling cyber piracy needs careful planning; Hackers mainly locals
Hackers, not all hack for the heck of it! Who are the anonymous hackers? Beware of Seduction!
Cops probing website hackings
Foreign-based hacker group plans to strike websites
PETALING JAYA: A hacker group has threatened to attack the www.malaysia.gov.my website.
The group, which calls itself Anonymous, will launch the attack at 3.30am Wednesday and has named it “Operation Malaysia.”It posted the threat in a graphic on the website i.imgur.com/PTFWh.png Tuesday.
Several local hackers, when contacted said at minimum the government portal would be defaced and at worse it would be brought down.
But they said the worst would be that the hackers pry personal, credit card or financial data from a government website, or an e-payment concessionaire such as MyEG.
Mikko Hypponen, chief research officer at the F-Secure Corporation a computer security software company based in Helsinki, Finland tweeted about the threat at 4.42am Malaysian time yesterday.
Several hours later, Anonymous announced its reasons for wanting to attack the government portal, which were posted in an open letter that started with “Greetings, Malaysia ...” on a website and in a video on YouTube.
It said it was acting against what it claimed were various acts of censorship by the Malaysian Government and also because of the recent move to block file-sharing sites in Malaysia.
Anonymous also accused the Government of censoring films and TV shows, and for restricting the Internet which it said was a basic human right.
“We fear that if you make further decisions to take away human freedom, we are obligated to act fast and have no mercy,” the group said in its statement.
On YouTube, a video featured a digitally-generated voice that read out the group's message.
There had been an uptick in such “hacktivism” in recent weeks, where hacker groups targeted various organisations for political purposes.
Recently, the hacker group launched attacks on Turkish Government websites for alleged Internet censorship. Following that incident, Turkey arrested 32 people, suspected to be Anonymous members.
Related Stories:
Tackling cyber piracy needs careful planning; Hackers mainly locals
Hackers, not all hack for the heck of it! Who are the anonymous hackers? Beware of Seduction!
Cops tracing source of hacker video message
RIM wants another file-sharing site blocked
Time to build better – and secure – websites
Star Says..........
CYBERSPACE can be a worrisome place for nations and everyone else because there are no physical borders to block. Anywhere really is everywhere in the vast World Wide Web.A hacker who is physically on the other side of the planet can at the same time be as near as the computer next to you, or even on your own computer, on the Internet.
So it is disconcerting to read about websites, especially those belonging to the Government, being compromised. This just rams the message home – i.e. distance is no safety factor.
It’s even worse to learn about these sites getting hacked almost as soon as they’re launched, like as the 1Malaysia Pengguna Bijak (1MPB) portal was recently. And before that, the portal had gone down just after it went online.
Some of these government websites were easily hacked due to poor construction – such errors being the equivalent of leaving the back door to your home ajar in the real world.
Malaysia has already been plagued by several embarrassing incidents – involving what could be a dearth of construction skills, a widespread tidak apa attitude or, more disappointing, attempts to cheat – where parts of prominent buildings collapsed.
It seems that even in cyberspace, Malaysia cannot get away from such incidents. Case in point: the 1MPB portal going down because it had 3.5 million hits instead of the estimated 300,000 to 400,000 after its launch.
Wouldn’t that be like saying a new bridge collapsed because the construction company thought only 300,000 to 400,000 vehicles would cross it on the first few days, when 3.5 million actually showed up?
Ridiculous, right? Poor planning, too. That excuse would not hold up in the real world, but it seems to be frequently used and accepted by some when it comes to cyberspace matters.
Especially painful is that it cost the taxpayers RM1.4mil to build the 1MPB portal. For that amount of money, we expect an equally huge amount of skilled programming work and very strong network security.
Instead, several vulnerabilities in the coding of the portal were exploited, and the hackers were able to extract usernames, e-mail addresses, encrypted passwords and other information, which could be used for identity-theft activities.
Which brings up the question of how vulnerable the other portals and websites are. What if hackers breach really important sites like that of the Inland Revenue Board? Or that of the Employees Provident Fund? It’s one thing to hack into a site and deface it, quite another if the public loses money or personal data from such attacks.
So, are our portals and websites up to scratch? We are about to find out. And soon, because a hacker group has said that it will hack into malaysia.gov.my, the official portal of the Malaysian Government, at 3.30am tomorrow.
The group, named Anonymous, said it would hack the portal because the telecommunications industry watchdog in Malaysia – the Malaysian Communications and Multimedia Commission – had ordered several file-sharing websites to be blocked by local Internet Service Providers, among other reasons.
If the site does get hacked, we will bounce back. But we hope that it will also result in a wake-up call for Malaysia’s portals and websites that security shouldn’t be taken for granted and has to be built from the ground up.
If there isn’t one, there should be unified strategy and specifications for existing and future government portals and websites, which the developers must adhere to. The owners of these websites must also ensure that all the requirements are met, and that there are regular upgrades and security patches.
Sadly, this initiative will likely come after the disaster. But then again, Malaysia seems able to learn its lessons only after a calamity hits.
1 comment:
Is Malaysia truly Asia?
No wonder the Malaysia Sabah Tourism website, www.sabahtourism.com has been hacked and defaced....
Post a Comment