THE problem of data theft, which has emerged as one of the major cybercrimes worldwide, has attracted little attention from lawmakers in Malaysia.
Hackers are criminals who gain unauthorised access to a network and devices to steal sensitive data, such as individual’s personal particulars, financial information or company secrets and are sold on the dark web.
Monetary gain is the main reason for thieves to steal data. The leak of data can be from hackers, IT vendors as well as internal employees.
The 2018 Ponemon statistics showed that at least 56% of organisations experienced a data breach due to a vendor’s security shortcomings.
An alleged data leak containing the information of 22.5 million Malaysians born between 1940 and 2004, purportedly stolen from the National Registration Department (NRD), has once again put the country’s data security measures in the spotlight, having a negative effect.
It is shocking to learn from local tech portal Amanz’s report that the database, 160GB in size, is being sold for US$10,000 (RM44,000) on the dark web.
In a screenshot shared by the portal, the seller claimed that this is an expanded database compared to the one he sold in September last year, which was only up to 1998.
Home Minister Datuk Hamzah Zainudin, meanwhile, denied the alleged data leaked from NRD and said that the NRD firewall is quite strong.
It is important for the relevant law enforcement agencies to thoroughly investigate and confirm if these allegations of the leak are genuine.
Never underestimate the stupidity of these criminal hackers.
The sensitive departments should work to continuously strengthen and refine the firewall and keep all the software up to date by following best practices for computer use.
Hackers are becoming more skilled and sophisticated, and some countries take proactive initiative by hiring “ethical hackers” to deal with cyberattacks and the dark web.
Last year, a total of RM25.5 million worth of properties, luxury cars and watches including cash were seized by the Malaysian Anti-Corruption Commission following arrests of five suspects involved in a syndicate that hacked into the Immigration Department’s computer system to issue fake temporary work permits.
Immigration Director-General Datuk Khairul Dzaimee Daud said investigations were ongoing as it is believed that the syndicate had help from within the department.
Prior to this incident, there were threats levelled at the Royal Malaysian Navy, United States Air Force as well as the Nigerian Navy on highly classified documents that have been leaked and have ended up on the dark web.
This has raised a heightened awareness of the need to be more secure, vigilant and resilient. The Malaysian navy is aware of the stolen military related information, and they have confirmed that it is already obsolete.
Whatever it is, the hackers and criminals had successfully broken our system by attacking both cyberspace and cybersecurity.
Before this, a cybercriminal claimed to have a complete set of records and personal details of 1,164,540 Universiti Teknologi Mara (UiTM) students and alumni who studied there between 2000 and 2018. The hackers wanted to prove a point and to tell UiTM to beef up its IT security in the university. The information was eventually sold on the dark web.
In 2014, Richard Huckle who posed as freelance photographer and an English teacher in Kuala Lumpur, was sentenced to life in prison for sexually abusing scores of children and his activities on the dark web, where members exchanged child sex abuse images and tips.
So, what is the dark web? There are three layers of the Internet, namely surface web, deep web and dark web.
Like an iceberg, interestingly, the surface web contains only 4% of the Internet; the remaining 96% is hidden in the deep web.
However, this is not to say the deep web is necessarily malicious. Medical records, academic and legal documents are also kept and stored there for protection and privacy purposes.
What is disconcerting about the deep web is that a part of it is called the dark web, which is also internationally hidden and not accessible through the traditional search engine or standard browsers.
To access this level, one needs to have a special browser known as Onion Router browser (TOR), originally developed by the US Navy to protect government intelligence communications. It protects users’ privacy and hides all users’ IP addresses, which makes it impossible to be traced.
The dark web is used for nefarious purposes by hackers aiming to disrupt critical infrastructure or sensitive or classified information. It also serves as a “criminal underground” to facilitate money laundering and other criminal activities.
The organised criminal sites offer their largest marketplace on the dark web for purchasing illegal products and services such as sensitive data, financial transaction, corruption, drugs, contract killers, human organs, child sex, child pornography, counterfeit money, fake passports, firearms, and stolen bank account information.
They even have their respective business models, advertising and collaboration among hackers and criminals and exploit organisations around the clock.
What would happen if a cyberattack takes over the electronic voting system or the government IT network? The government needs to be proactive and introduce a more serious and dedicated cybercrime unit to tackle hackers and the dark web.
Combating criminal activities operating on the dark web requires the law enforcement agencies to be more proactive. It demands cybersecurity experts and technical resources combined with an innovative approach.
In Malaysia there is a need to raise the knowledge, skills and capability across all members of the police force, intelligence agencies and Cybersecurity Malaysia. The Malaysian Armed Forces has set up a cyberwarfare regiment to strengthen cyber defence.
Law enforcement agencies, regulators and ethical hackers should form a task force with Cybersecurity Malaysia and acquire capabilities pertaining to deep web analysis. This is to enable the task force to effectively conduct investigations and continuous monitoring to effectively curb cybercrime activities to ensure safety and security of the public and ensure our cyberspace remain immune to cyberattacks.
Ethical hackers can add immense value to an organisation by identifying weaknesses in their system and security and upgrading an organisation’s network by defending it from threat in cyberspace.
Even with the best infrastructure, technologies and legislation in place, the human factor, which is subjective, plays an important role in preventing data breaches. Therefore, the integrity of data handlers is critical to combat cyberthreats.
In the cybersecurity world, tracking and attacking cybercriminals is not an easy task and is a big challenge as we are dealing with skilled and expert criminals. Besides combating cybercrime, other actions such as prevention, awareness campaigns and risk mitigation are equally vital aspects in fighting against cybercriminals on the dark web. – The Vibes, May 23, 2022
Datuk Seri Akhbar Satar is president of the Malaysian Association of Certified Fraud Examiners