Hacktivist group Anonymous Malaysia resurfaces, vows cyber attack against govt over data breaches

[zanderthunder]

 

Anonymous Malaysia, a group of hacker activists or hacktivists, has resurfaced after more than five years to pledge a concerted cyber attack against government websites and online assets called #OpsWakeUp21.

 

In a video and posts released on its social media account, the group said this warning should serve as a “wake-up call for the government of Malaysia” which it has accused of keeping silent over the many data breaches and sales of personal information of citizens in the past few years.

 

“Your security system is low, all data may be leak [sic]. This can cause unwanted hacker selling all information,” it said in the video addressed to the Malaysian government uploaded at 7pm.

 

The 2:29-minute video featured a man using wearing the Guy Fawkes mask, a symbol that has been co-opted among others by the global Anonymous movement, shown reading a text off a paper.

 

A voice was overlaid over the video, believed to be from text-to-speech generator software, and using broken English.

 

The speech was preceded by a one-minute song, Ain’t No Grave by Los Angeles-based artists Hidden Citizens that specialises in epic-sounding tracks for use in trailer videos.

 

 

In its speech, Anonymous Malaysia pointed to the 2017 telecommunications company data hack that affected 46 million mobile users, spam and cyber-scam text messages, and the cyber-attack against the Malaysian Armed Forces’ network last month.

 

 

The group said this incident happened because Putrajaya allegedly does not support the developers behind such digital assets, and the developers themselves do not take ownership of their own codes.

 

It accused the government developers of failing to educate and grow their skills, and unwilling to recognise and learn from their mistakes.

 

“It had been a long time, we are silent. It’s time open your eyes [sic].

 

“We are legion, we do not forgive, we do not forget, expect us,” it said.

 

In 2015, the same group had demanded then prime minister Datuk Seri Najib Razak to resign over issues plaguing his administration with a deadline set for August 29 to coincide with the start of the Bersih 4 rally.

 

The group had threatened “all-out internet warfare” should Najib remain in power, targeting the Malaysian Anti-Corruption Commission as well as 150 other websites that would be “strategically selected.”

 

Election watchdog Bersih 2.0 had then rejected any association with the group, and has urged police to investigate the hacker group’s warning.

 

Three suspects were then reportedly remanded in Kuala Lumpur following an arrest in Johor Baru, under Section 5 of the Computer Crimes Act 1997 that handles “unauthorised modification of the contents of any computer”.

 

Anonymous Malaysia had in the same year threatened to blow up the car of then inspector-general of police Tan Sri Khalid Abu Bakar, but did not follow through with its threat.

 

It first came under media spotlight in 2011, when it took down 91 governmental sites including the government’s official portal, after Putrajaya blocked and censored access to websites such as torrent search engine The Pirate Bay.

 

Anonymous is a decentralised international movement that started around 2003 and 2004, targeting governments, their agencies, and major corporations, usually holding anti-cyber-surveillance and anti-cyber-censorship views.

 

Source: Hacktivist group Anonymous Malaysia resurfaces, vows cyber attack against govt over data breaches (via SoyaCincau)

[zanderthunder]

Security expert says Anonymous Malaysia’s threat must be taken seriously, doesn’t expect all out attack

 

PETALING JAYA: After laying dormant for almost six years, a hacker activist group claiming to be Anonymous Malaysia said it will be initiating attacks against Malaysian government websites soon.

 

The attack will be a "wake-up call", the group said in a Facebook post, demanding that the government does more to prevent data leaks.

 

In its online video, the group claimed that the government's "security system is low" and "all data may be leak(ed)", allowing unwanted hackers to sell the information.

 

Kevin Reed, chief information security officer at Acronis, said it’s unlikely that the group will wage an “all-out Internet warfare”, similar to its last promise, but it is likely to take some sort of action.

 

“The most likely attacks from Anonymous in this case are a DDoS (Distributed Denial of Service) attack or leaking data accessed through a vulnerability in the network,” he said.

 

Acronis is a company that specialises in backup, disaster recovery and security solutions.

While it’s always good to review defences and policies, he doesn’t believe the government websites will need a complete overhaul or drastic changes, as long as proper network and data flow monitoring are ensured.

 

Sources of critical or confidential data must also be reviewed to ensure data is appropriately secured and encrypted, he added.

 

“While their activities are often illegal, they should be taken seriously, and government organisations should be taking steps to ensure their data is properly secured so these groups do not have the opportunity to ransom or leak critical or potentially embarrassing data,” he said.

 

“Every action under the Anonymous flag boosts the movement's public image. Also, acting as anonymous is a sure way to bring press attention to your actions.”

 

Malaysia has suffered from multiple data leaks in the past, including a major breach in 2017 that gave away the personal information of 46.2 million mobile number subscribers.

 

Last December, the Malaysian Armed Forces confirmed that its network was the target of a cyberattack. However, its Cyber Defence Operation Centre and Cyber and Electromagnetic Defence division claimed it was able to prevent crucial information from being accessed by isolating the data traffic.

 

Anonymous Malaysia said the data leaks haven’t stopped because the government is unwilling to support its "developer teams", which the group also claimed are “not proud of their code”.

 

Some users on Twitter have reacted to Anonymous Malaysia's video by telling it to stay away from the iSinar portal, as they are waiting for their applications to be approved.

 

In 2015, Anonymous Malaysia claimed it would launch an "all-out Internet" war against the government led by former Prime Minister Datuk Seri Najib Razak.

 

The group demanded for his resignation and vowed to target 150 websites, including the portal of the Malaysian Anti-Corruption Commission (MACC), in an online video.

 

The Royal Malaysia Police (PDRM) then arrested three youths aged between 18 to 21 in Johor Bahru to assist in its investigation on the video.

 

It is unclear if Anonymous Malaysia is affiliated with Anonymous, a global hacktivist movement that has claimed responsibility for a number of cybersecurity incidents.

 

Last year, it hacked a minor United Nations agency website and turned it into a memorial for George Floyd to show support for the Black Lives Matter movement.

 

In 2011, Anonymous defaced 200 Malaysian websites in what it called Operation Malaysia. In a report, Cybersecurity Malaysia said 80% of the attackers were locally-based.

 

Source: Security expert says Anonymous Malaysia’s threat must be taken seriously, doesn’t expect all out attack (via TheStar Online)

[zanderthunder]

NACSA Now Working with PDRM To Fend Off Anonymous Malaysia

 

The National Security Council (MKN) has released a statement to address the video that was released last night by Anonymous Malaysia. Even though the authenticity of the video is rather uncertain, the council is still very much taking it seriously.

 

MKN further revealed that the National Cyber Security Agency (NACSA) has since released a warning to all government agencies to take necessary precautions in anticipation of a cyberattack operation by Anonymous Malaysia. NACSA is also working with the Royal Malaysia Police (PDRM) to coordinate their next course of action against the group.

 

 

In the same statement, the council also took the opportunity to brush off several claims made by Anonymous Malaysia in the video. MKN pointed out that the government has always prioritised the security of the country’s IT infrastructure and critical systems.

 

Additionally, the council has also made a reference to the Malaysia Cyber Security Strategy 2020/2024 which it claims has included provisions to help strengthen the national IT infrastructure. However, only one such provision was mentioned directly in the statement which is the process of upskilling related officers.

 

 

As noted in our report earlier today, Anonymous Malaysia didn’t clearly specify its plan in the video even though the group seems to be hinting that it may launch a cyber attack operation called #OpsWakeUp21. Nevertheless, the statement released by MKN means that the video has at least met its objective and we shall see what is going to happen next.

 

Source: NACSA Now Working with PDRM To Fend Off Anonymous Malaysia (via Lowyat.NET)