Malaysia’s Communications and Multimedia Commission (MCMC) said that it detected service outages due to attack to 91 websites, 51 websites of which are in the .gov.my domain and that 41 of the sites suffered various levels of disruption including http://malaysia.gov.my and http://sabahtourism.com. The ‘Operation Malaysia’ was executed by an international hackers group called “Anonymous” who had given ample time by warning the government of their intention prior to the attack. It was believed that a local-based Dragon Force was part of the attackers.
MCMC said the attack started at 11:30pm Wednesday and since then many websites have recovered. MCMC admitted even its own website was attacked. However certain sites such as SabahTourism.com is still down as of time this blog is written. The attack involved DDoS (distributed denial of service) and page defacement. The DDoS was the same attack that MalaysiaKini.com experienced when its site was allegedly attacked by government-sponsored hackers during the recent Sarawak state election.
Despite being hacked, the Government of Malaysia continues to demonstrate high level of arrogance when it said the attacks did little to inconvenience the public. It takes pride that the Malaysian Government managed to bring up 76 sites by 6 pm Thursday after the attack. Not only the statements were full of arrogance and stupidity, it’s laughable to claim victory at this hour. The fact that the hackers actually gave tens of hours in advance notice before the attack and yet sites such as the Prime Minister Office (Jabatan Perdana Menteri) was hacked and redirected to another site shows how vulnerable the Malaysian official government websites are.
List of government websites that was attacked by hacker group Anonymous with the help of local hacking group, Dragon Force, in ‘Operation Malaysia’ (according to yes).
Malaysia Official Government Website
(DoS / Switched off – Up at 3:49am – Down at 4:06am – Up at 7:00am – Down at 3:31pm – Up on June 17th)
Other Malaysian websites:
Sure, the Government sites hit were merely information providers, rather than the more important e-transaction platforms such as Inland Revenue Board, Employees Provident Fund, Road Transport Department or MyEG, as one of the media boasted. But news medias who are government boot-lickers should refrain from screaming that there is no threat to these sites, which would contain confidential data, such as information concerning bank accounts, credit cards and MyKad details. To say so is tantamount to challenging the hackers to hack these sites, which is extremely foolish.
Maybe it’s true that the current Malaysian Government consists of only stupid and arrogant officers, from Minister to Malaysian Communications and Multimedia Commission. Didn’t Rais Yatim – the Information, Communication and Culture Minister – who almost cry initially justifying to the hackers that they “misunderstood the good intention of the government” in blocking some of the sites, but later assured the public that the government was prepared for any eventuality of attacks? Guess Rais Yatim’s assurance had just been flushed into the toilet.
Then we have the “highly intelligent” deputy IGP (Inspector General of Police) smiling with confident in what appeared to be the command center in the battle against the hackers before the event, as shown by government-controlled TV. The fact that the hackers hacked into the site of Prime Minister Office and redirected it to another site revealing the user-name, their password and email addresses while dropping a short statement cursing (you know, that four-letter word) Rais Yatim was enough to show that damages had been done, contrary to what was reported by government-controlled medias.
The hackers even mentioned that Prime Minister Office website was hosted on a Windows 2003 box and that is not challenging at all. As for the still-down SabahTourism website, the hackers revealed a list of 392 accounts together with the passwords, out of the 3,456 accounts hacked. The hackers intention was just to release their frustrations with what they call government’s censorship. They’re not serious about creating havoc because they claim they still love the country, but not the present government. And it’s stupid to the highest degree to challenge these hackers.
If they can hack into U.S. military website, CIA, defence contractors and even the Citibank, who is Rais Yatim and the Malaysian Government websites to claim there is no threat to e-transaction websites? As I blogged earlier, the best the Malaysian authorities can do was to pull the plugs off the server, and that was exactly what they did (*grin*). Pulling the plugs so that the hackers cannot hack and plug it back thereafter wasn’t that smart a thing to do after all, no? The sites still get hacked and what they did was to restore the files from an early backup, the so-called preparation they did, thanks to the early warning by the hackers themselves.
And if the authorities think that by shifting the “unimportant” information providers Government sites in the DMZ zone, hiding behind firewalls is good enough, think again. Citibank has multiple layers and complex firewall architecture and yet it was hacked. Maybe it’s time Rais Yatim starts using his intelligence by advising SabahTourism website to replace the server’s root shell with /sbin/nologin instead of /bin/bash (*grin*). Hell, maybe it’s time Rais Yatim asked for another billion of dollar in the name of increasing the security of Government sites.
Other Articles That May Interest You …
- Anonymous Hackers, Don’t Say I Didn’t Warn You
- Watch Out China, 25% Of U.S. Hackers Are FBI Informer
- Tweet Sorry 100 Times On Twitter – Childish Blu Inc
- Chinese Prisoners Make Money Play Games, Farm Gold
- Cyber Attacks On Malaysiakini – 5 Things To Do
- Operasi ISA Started? Climate of Fear for the Country
- Crackdown on bloggers’ websites? Stop the Stupidity
- An island for Singapore, rocks for Malaysia – Amazing!