Despite Being Hacked, Malaysian Govt Shows Arrogance

Pin It

Jun 17 2011
Linked In

Malaysia’s Communications and Multimedia Commission (MCMC) said that it detected service outages due to attack to 91 websites, 51 websites of which are in the .gov.my domain and that 41 of the sites suffered various levels of disruption including http://malaysia.gov.my and http://sabahtourism.com. The ‘Operation Malaysia’ was executed by an international hackers group called “Anonymous” who had given ample time by warning the government of their intention prior to the attack. It was believed that a local-based Dragon Force was part of the attackers.

MCMC said the attack started at 11:30pm Wednesday and since then many websites have recovered. MCMC admitted even its own website was attacked. However certain sites such as SabahTourism.com is still down as of time this blog is written. The attack involved DDoS (distributed denial of service) and page defacement. The DDoS was the same attack that MalaysiaKini.com experienced when its site was allegedly attacked by government-sponsored hackers during the recent Sarawak state election.  

 Sabah Tourism WebSite Down Hackers

Despite being hacked, the Government of Malaysia continues to demonstrate high level of arrogance when it said the attacks did little to inconvenience the public. It takes pride that the Malaysian Government managed to bring up 76 sites by 6 pm Thursday after the attack. Not only the statements were full of arrogance and stupidity, it’s laughable to claim victory at this hour. The fact that the hackers actually gave tens of hours in advance notice before the attack and yet sites such as the Prime Minister Office (Jabatan Perdana Menteri) was hacked and redirected to another site shows how vulnerable the Malaysian official government websites are.

List of government websites that was attacked by hacker group Anonymous with the help of local hacking group, Dragon Force, in ‘Operation Malaysia’ (according to yes).

Malaysia Official Government Website
(DoS / Switched off – Up at 3:49am – Down at 4:06am – Up at 7:00am – Down at 3:31pm – Up on June 17th)

Other Malaysian websites:

SabahTourism.com Hacked + leaked  
Jabatan Perdana Menteri Hacked / Redirected  
Tour Malaysia (Not Tourism Malaysia) Hacked  
Tourism Malaysia Unaffected  
UiTM Penang Hacked but back up 9:40am
JBiotech Hacked  
Social Welfare Department (Ezi2Care) Hacked  
Jabatan Perpaduan Negara (Intranet) Hacked  
CIMBbizchannel (CIMB owned) Hacked  
CIDB Hacked but back up 12:20am
Land Public Transport Commision  Hacked but back up 12:15am
1Malaysia DoS / Switched off 3:45am
Malaysian Communications and Multimedia Commission Unaffected  
ASEANConnect DoS / Switched off 8:00am
Malaysian Meteorological Service DoS / Switched off  
Ministry of Education DoS / Switched off 9:00am
Suruhanjaya Pilihanraya Malaysia DoS / Switched off 8:30am
Bomba  DoS / Switched off 8:30am
TMNet  Unaffected  
Kementerian Kerja Raya Malaysia DoS / Switched off 7:45am
Parlimen Malaysia DoS / Switched off 8:00am
Malaysian Treasury DoS / Switched off 8:00 am
University Kebangsaan Malaysia DoS / Switched off 7:00am
Jobs Malaysia DoS / Switched off 8:00am
Information, Communications and Culture DoS / Switched off 7:45am
Human Resouce Ministry DoS / Switched off 3:59am
National Sports Council DoS / Switched off 7:30am
Polis Diraja Malaysia (PDRM) DoS / Switched off 8:00am


Sure, the Government sites hit were merely information providers, rather than the more important e-transaction platforms such as Inland Revenue Board, Employees Provident Fund, Road Transport Department or MyEG, as one of the media boasted. But news medias who are government boot-lickers should refrain from screaming that there is no threat to these sites, which would contain confidential data, such as information concerning bank accounts, credit cards and MyKad details. To say so is tantamount to challenging the hackers to hack these sites, which is extremely foolish.

Rais Yatim Pull Plug Against Hackers

Maybe it’s true that the current Malaysian Government consists of only stupid and arrogant officers, from Minister to Malaysian Communications and Multimedia Commission. Didn’t Rais Yatim – the Information, Communication and Culture Minister – who almost cry initially justifying to the hackers that they “misunderstood the good intention of the government” in blocking some of the sites, but later assured the public that the government was prepared for any eventuality of attacks? Guess Rais Yatim’s assurance had just been flushed into the toilet.

Then we have the “highly intelligent” deputy IGP (Inspector General of Police) smiling with confident in what appeared to be the command center in the battle against the hackers before the event, as shown by government-controlled TV. The fact that the hackers hacked into the site of Prime Minister Office and redirected it to another site revealing the user-name, their password and email addresses while dropping a short statement cursing (you know, that four-letter word) Rais Yatim was enough to show that damages had been done, contrary to what was reported by government-controlled medias.

 Malaysia Prime Minister Office website hacked

The hackers even mentioned that Prime Minister Office website was hosted on a Windows 2003 box and that is not challenging at all. As for the still-down SabahTourism website, the hackers revealed a list of 392 accounts together with the passwords, out of the 3,456 accounts hacked. The hackers intention was just to release their frustrations with what they call government’s censorship. They’re not serious about creating havoc because they claim they still love the country, but not the present government. And it’s stupid to the highest degree to challenge these hackers.

Sabah Tourism Website Hacked

If they can hack into U.S. military website, CIA, defence contractors and even the Citibank, who is Rais Yatim and the Malaysian Government websites to claim there is no threat to e-transaction websites? As I blogged earlier, the best the Malaysian authorities can do was to pull the plugs off the server, and that was exactly what they did (*grin*). Pulling the plugs so that the hackers cannot hack and plug it back thereafter wasn’t that smart a thing to do after all, no? The sites still get hacked and what they did was to restore the files from an early backup, the so-called preparation they did, thanks to the early warning by the hackers themselves.

And if the authorities think that by shifting the “unimportant” information providers Government sites in the DMZ zone, hiding behind firewalls is good enough, think again. Citibank has multiple layers and complex firewall architecture and yet it was hacked. Maybe it’s time Rais Yatim starts using his intelligence by advising SabahTourism website to replace the server’s root shell with /sbin/nologin instead of /bin/bash (*grin*). Hell, maybe it’s time Rais Yatim asked for another billion of dollar in the name of increasing the security of Government sites.

Other Articles That May Interest You …

Pin It

FinanceTwitter SignOff
If you enjoyed this post, what shall you do next? Consider:

Like FinanceTwitter Tweet FinanceTwitter Subscribe Newsletter   Leave Comment Share With Others


Add your comment now.

Leave a Reply


(required)(will not be published)