Security expert says Anonymous Malaysia’s threat must be taken seriously, doesn’t expect all out attack

PETALING JAYA: After laying dormant for almost six years, a hacker activist group claiming to be Anonymous Malaysia said it will be initiating attacks against Malaysian government websites soon.

The attack will be a “wake-up call”, the group said in a Facebook post, demanding that the government does more to prevent data leaks.

In its online video, the group claimed that the government’s “security system is low” and “all data may be leak(ed)”, allowing unwanted hackers to sell the information.

Kevin Reed, chief information security officer at Acronis, said it’s unlikely that the group will wage an “all-out Internet warfare”, similar to its last promise, but it is likely to take some sort of action.

“The most likely attacks from Anonymous in this case are a DDoS (Distributed Denial of Service) attack or leaking data accessed through a vulnerability in the network,” he said.

Acronis is a company that specialises in backup, disaster recovery and security solutions.

While it’s always good to review defences and policies, he doesn’t believe the government websites will need a complete overhaul or drastic changes, as long as proper network and data flow monitoring are ensured.

Sources of critical or confidential data must also be reviewed to ensure data is appropriately secured and encrypted, he added.

“While their activities are often illegal, they should be taken seriously, and government organisations should be taking steps to ensure their data is properly secured so these groups do not have the opportunity to ransom or leak critical or potentially embarrassing data,” he said.

“Every action under the Anonymous flag boosts the movement’s public image. Also, acting as anonymous is a sure way to bring press attention to your actions.”

Malaysia has suffered from multiple data leaks in the past, including a major breach in 2017 that gave away the personal information of 46.2 million mobile number subscribers.

Last December, the Malaysian Armed Forces confirmed that its network was the target of a cyberattack. However, its Cyber Defence Operation Centre and Cyber and Electromagnetic Defence division claimed it was able to prevent crucial information from being accessed by isolating the data traffic.

Anonymous Malaysia said the data leaks haven’t stopped because the government is unwilling to support its “developer teams”, which the group also claimed are “not proud of their code”.

Some users on Twitter have reacted to Anonymous Malaysia’s video by telling it to stay away from the iSinar portal, as they are waiting for their applications to be approved.

In 2015, Anonymous Malaysia claimed it would launch an “all-out Internet” war against the government led by former Prime Minister Datuk Seri Najib Razak.

The group demanded for his resignation and vowed to target 150 websites, including the portal of the Malaysian Anti-Corruption Commission (MACC), in an online video.

The Royal Malaysia Police (PDRM) then arrested three youths aged between 18 to 21 in Johor Bahru to assist in its investigation on the video.

It is unclear if Anonymous Malaysia is affiliated with Anonymous, a global hacktivist movement that has claimed responsibility for a number of cybersecurity incidents.

Last year, it hacked a minor United Nations agency website and turned it into a memorial for George Floyd to show support for the Black Lives Matter movement.

In 2011, Anonymous defaced 200 Malaysian websites in what it called Operation Malaysia. In a report, Cybersecurity Malaysia said 80% of the attackers were locally-based.

#thestarmalaysia