No cyber security agency hacking-proof
THE National Security Council (Majlis Keselamatan Negara, MKN) has been urged by Datuk Abdul Rahman Dahlan, Minister in the Prime Minister’s Department, to create a mechanism to curb the threat of cyber attacks on the economy and national stability.
He told the media on March 9 that the “MKN should view the current threat of cyber attacks not only against internet infrastructure and network but in a wider context.”
What Rahman said, of course, is true. But he seems to have a misunderstanding of the term “cyber attack” when he cited the claims in the media that 40,000 Bangladeshis have been brought in to vote for the Barisan Nasional in the GE13, and the Pilgrims Funds Board (Tabung Haji) and the Employees Provident Fund (EPF) had gone bankrupt, as examples of cyber attacks.
He said it was a form of economic sabotage which should be tackled by the MKN because it could erode the confidence of investors to come to Malaysia.
While that may be true, those attacks were not cyber attacks, but were media attacks. Cyber attacks are attempts by hackers to damage or destroy a computer network or system, and/or to steal information. (When the stealing of money occurs with cyber breakins it’s called cyber robbery).
It is definitely not the responsibility of the MKN to deal with politically-motivated slanders on the government, either in the print of electronic media. Such accusations are best responded to with refutations supported by facts, and if necessary with legal suits.
A cyber attack, executed by a hacker through the forced entry into a government data bases or to disrupt a computerized administrative system through the Internet, is a very serious matter. A whole bureaucracy can come crashing down, driving a government’s command and hierarchical system into chaos. Imagine thousands of government employees missing their salaries for months due to a government accounting system going haywire!
Syed Balkhi writes in list25. com that “The cyber space is a growing community where everyone can reach out to one another regardless of time and distance. It has become a new way of life, but has its negative repercussions as well. Some individuals use the cyberspace for their own dubious schemes, as they target unsuspecting individuals, companies, banks and even the military and government agencies.”
One of many famous cases of government hackings is the attack on the Canadian government in February 2011. Foreign hackers with IP addresses from China were able to infiltrate three departments of the Canadian government and stole classified information. Canada stopped the invasion by cutting off the internet access of the three departments as a way to cut off the transmission towards China.
Despite being an IT powerhouse, India too had suffered a huge cyber attack in July 12, 2012, when hackers penetrated the email accounts of 12,000 people, which include high officials from Defense Research and Development Organization (DRDO), the Indo-Tibetan Border Police (ITBP), Ministry of Home Affairs, and the Ministry of External Affairs.
By Rahman urging the MKN to create an anti-cyber attack mechanism to protect the country, we get the impression that the country still lacks any such mechanism, decades after the invention of the Internet, or perhaps he hasn’t been fully informed of Malaysia’s progress in this area.
A National Cyber Security Specialist Agency “a national body to monitor aspects of the national e-security) has in fact been established since 2005 under MOSTI (The Ministry of Science, Technology and Innovation).
The Cyber Security Malaysia’s website notes that MOSTI carried out study on the National Cyber Security Policy (NCSP) in 2005, the National IT Council (NITC) met on April 7, 2006, and agreed to implement the NCSP and establishment of the Cyber Scurity Centre to administer NCSP which was endorsed by the Cabinet on May 2006. The stewardship of the NCSP was then transferred to the MKN in August 2010.
As such we can be quite certain that the MKN must already have some sort of mechanism for our cyber security. However, we must all be ready to accept that an agency like the MKN, in Malaysia or in any part of the world, is never 100 percent impervious to attack. Warding off cyber attacks is one of the most difficult task a country can face.
Paul Rubens of esecurityplanet.com reports that 100 to 200 expert hackers are offering “crime as a service,” and are behind a huge portion of all the cybercrime acts committed.
This fact has been confirmed by a group of international law enforcement experts from organizations including the FBI and the UK’s National Crime Agency.
In a speech at the recent InfoSec Europe security conference in London, FBI agent Michael Driscoll said that these 100 to 200 people around the world are enabling organized crime gangs to mount technical attacks by selling them malware, botnets, distributed denial of service (DDoS) capabilities and other hacking services.
They are not that many but “the effects of their actions are devastating,” Driscoll said. “The average loss on the Internet is $3,000, and bank losses average $1,800.
That may not seem like a lot, but we get about 22,000 complains a month and we think that is about 10 percent of the total,” he said. “There is constant hacking and online fraud; the volume is huge.”
Alan Woodward, a professor at the Surrey Centre of Cyber Security said that “Catching organized crime gang members, and the cybercriminal masterminds who offer services to them, is hard – or in many cases impossible. That’s because they operate in concert from all over the world.”
To an expert hacker, infiltrating a government data base is very easy. Anti-virus and firewall programs can simply become useless as hackers can create their own program to circumvent protections with malwares, ransom-wares and whatnots.
The hunter always has the advantages over the hunted! Even the government of the world’s only superpower, the United States, has been suffering for cyber attacks. Hillarry Clinton’s severs had been infiltrated to harvest hundreds of thousands of emails, thanks or no thank to Wikileaks, the world’s number one hacking agency.
And in addition to hacking there are insiders who, having no regard for the Official Secrets Act, leak government documents to interested parties.
CyberSecurity Malaysia chief executive Dr. Amirudin Abdul Wahab had admitted in 2016 that “People thought having a firewall is enough but the most vulnerable part of cybersecurity is still people. You can have a firewall but when a worker opens something with his computer, it gets in.”
Amiruddin also reported in June last year that “over 2,100 servers have been compromised and their access sold to hackers for as low as RM29 (US$9.50) up to RM24,600 on an underground cybercrime shopping website, xDedic, the ‘eBay of cybercrime’ where hackers shop access and passwords for infiltrated servers worldwide for criminals to buy.” As at June 15, 2016, 70,624 servers were hacked, it was reported.
As such Rahman’s worries about the opposition parties’ accusations of government agencies’ failures are really of lesser seriousness compared to what could erupt in the future as result of more damaging cyber invasions.