THE day is June 15. Tens, perhaps hundreds, but definitely not thousands of Malaysian cyber whizz kids must have sat in front of their computers with giddy excitement.
United in a common aim, they gained access to Malaysia’s most important and secured websites.
Sabah Tourism’s website was among the first to be hacked into. By midnight, www.malaysia.gov.my — the Government’s frontline — was taken down.
Falling like dominoes, within 48 hours, more than 200 public and private sector websites were compromised.
Pre-dawn raids are celebrated in Malaysia. Ex-businessman and present Selangor Menteri Besar Tan Sri Abdul Khalid Ibrahim famously led the dawn raid on the London Stock Exchange, which resulted in PNB gaining a 51% share in British plantation group Guthrie in less than two hours in 1981.
Surprise attacks are the stuff of legends and have shaped real world events. The best recent example is the attack on Pearl Harbour, which led to the start of World War II.
Back to June 15 in Malaysia’s online space.
So many websites were exposed of their vulnerability in a very short time. But the group of hackers, who called themselves Anonymous and orchestrated their Operation Malaysia, did not rely on the element of surprise.
A full day ahead of the attacks, press releases and statements were made available to media organisations. The aim, the group stated, was to show authorities of just how underdeveloped their cyber defences were. How amazingly the ironically named Anonymous suc- ceeded.
Perhaps what is even more damning is that the Science, Technology and Innovation Ministry has confirmed that 90% of the attacks originated from Malaysian addresses. In a twisted way, you can say that, yes, Malaysians are indeed a talented bunch, but it is extremely distressing that the attacks were hardly international in nature.
Had it truly been a global assault, can you imagine how much worse it could have been? Does this not show us of how woefully underprepared the Govern- ment is regarding technological safe- guards?
The Ministry now says identities of some Malaysian hackers have been handed over to the police for possible prosecution. I think to prosecute these people will be a grave mistake. They exposed that the emperor has no clothes, and yet you want to prosecute them?
No, don’t prosecute them. Work with them. Understand how they took over www.malaysia.gov.my so easily.
Let the hackers teach you how to spot loopholes. Thank the Malaysian hackers for highlighting weaknesses by recruiting them into the public sector’s technology arms and companies. Forget about hiring foreign ICT consultants. Celebrate meritocracy. These hackers are obviously very talented Malaysian citizens.
They found it so easy to reverse- engineer our most important websites, so allow them to create a safer Malaysian cyber space.
To prosecute them will be a short-sighted mistake. It will be nothing but an angry knee-jerk reaction.
To prosecute them will be seen in the eyes of the public that the Government has gotten its priorities wrong when there are real concerns like why the Tourism Ministry had to spend RM1.8mil to create a few Facebook pages.
In saying that, however, I do understand the Government also cannot just sit around and not take action. But the action should yield positives, not more international headlines in the negative.
Worse still is that, if the hackers are prosecuted, I have no doubt ‘Anonymous’ would retaliate and strike back, and the authorities really cannot afford that.
I think this entire episode has exposed more than our cyber weaknesses. It also points to us as seperti katak di bawah tempurung. Before the attacks, not only did most of us not bother with cyber security, but we had never even heard of ‘Anonymous’.
I’ll end with a brief introduction of the group.
First and foremost, you would be mistaken to assume Anonymous is a tightly-steered ship. It isn’t. This organi- sation, if you can call it that, is a very loose international grouping with many leaders.
There is no exact estimate on how many members Anonymous can claim.
This isn’t a club that you enter by signing up registration forms.
Their ‘members’ operate on the Internet’s underbelly in secret and not-so-secret chat rooms.
The group has no clear goal, aside from some very flimsy statements against censorship. Many members are extremely young. The closest thing Anonymous has for a logo is in its members’ usage of the comic book mask from V for Vendetta.
Aside from their mostly harmless online high jinks, only a few Anonymous hackers are real criminals, who have done things like stolen credit card information.
Although Malaysia was their latest target, its notoriety includes bringing down the computer systems of Paypal (after the online payment company suspended donations to Wikileaks), causing the Porn Day on YouTube and defacing the websites of religious cult Scientology.
But back to the June 15 episode. The Government needs to be candid about how loophole ridden its online presence is. Three days ago, Science, Technology and Innovation Deputy Minister Datuk Fadillah Yusof, when asked if ‘Anonymous’ had taught authorities “a lesson”, he replied: “Well, in a way, yes. But they also deny people their rights, information and service from our websites.”
The very nature of the Internet means that there will always be threats lurking in the shadows.
If the Ministry does not try to engage with skilled hackers, who genuinely did not commit harmful criminal activities, then, we, the public, will be deprived of our rights to safely and securely surf those RM1.8mil Facebook Malaysia, Truly Asia pages.
No comments:
Post a Comment