THE problem of data theft, which has emerged as one of the major cybercrimes worldwide, has attracted little attention from lawmakers in Malaysia.
Hackers are criminals who gain unauthorised access to networks and devices to steal sensitive data, such as individual personal particulars, financial information or company secrets, which are then sold on the dark web. Monetary gain is the main reason that thieves steal data.
Besides hackers, most data theft occurs with the help of insiders and also IT vendors.
The 2018 Ponemon statistics show that at least 56% of organisations have experienced a data breach due to a vendor’s security shortcomings.
An alleged data leak containing information of 22.5 million Malaysians born between 1940 and 2004, purportedly stolen from the National Registration Department (NRD) has once again put the country’s data security measures in the spotlight, having a negative effect.
It is shocking to know when a local tech portal Amanz reported that the database, 160GB in size, was being sold for US$10,000 (RM43,890) on the dark web.
In a screenshot shared by the portal, the seller claimed that this was an expanded database compared with the one he sold in September last year, which was only up to 1998.
Meanwhile, Home Minister Datuk Seri Hamzah Zainuddin denied the alleged data leaked from NRD and said that the department’s firewall is quite strong.
It is important for relevant law enforcement agencies to thoroughly investigate and confirm these allegations if the leak is genuine.
Never underestimate the intelligence of these criminal hackers.
The sensitive departments should work to continuously strengthen and refine the firewall and keep all the software up to date by following best practices for computer use.
Hackers are becoming more skilled and sophisticated, and some countries take proactive initiatives by hiring “ethical hackers” to deal with cyber-attacks and the dark web.
Before this incident, there were threats levelled at the Royal Malaysian Navy (RMN), the US air force as well as the Nigerian navy on highly classified documents that had been leaked and ended up on the dark web.
This has heightened awareness of the need to be more secure, vigilant and resilient.
RMN is aware of the stolen military-related information and they have confirmed that is already obsolete.
Whatever it is, hackers have successfully broken into our system online and stolen our data, including personal information, to commit fraud.
Before this, a cybercriminal claimed to have a complete set of records and personal details of 1,164,540 Universiti Teknologi Mara (UiTM) students and alumni, who studied between 2000 and 2018.
The hackers wanted to prove a point and to tell UiTM to beef up its IT security in the university. The information was allegedly sold on the dark web.
In 2014, Richard Huckle posed as a freelance photographer and an English teacher in Kuala Lumpur and was sentenced to life in prison for sexually abusing scores of children and publishing his activities on the dark web, where members exchanged child sex abuse images and tips.
So, what is the Dark Web? There are three layers of the internet; namely surface web, deep web and dark web.
Like an iceberg, interestingly, the surface web contains only 4% of the internet. The remaining 96 % is hidden in a part of the deep web.
However, this is not to say the deep web is necessarily malicious.
Medical records and academic and legal documents are also kept and stored there for protection and privacy purposes.
What is disconcerting about the deep web is that a part of it is called the dark web, which is also internationally hidden and not accessible through traditional search engines or standard browsers.
To access this level, one needs to have a special browser known as an Onion Router browser, originally developed by the US Navy to protect government intelligence communications.
It protects users’ privacy and hides all users’ IP addresses, which makes it impossible to be traced.
The dark web is used by hackers for nefarious purposes, aiming to disrupt critical infrastructure and/or sensitive or classified information.
It also serves as a “criminal underground” to facilitate money laundering and other criminal activities.
The organised criminal sites offer their largest marketplace on the dark web for purchasing illegal products and services such as sensitive data, financial transactions, corruption, drugs, contract killers, human organs, child sex, child pornography, counterfeit money, fake passports, firearms and stolen bank account information among others.
They even have their respective business models, advertising and collaboration among hackers and criminals, and exploit organisations around the clock.
What would happen if a cyber-attack takes over the electronic voting system or the government IT network?
The government needs to be proactive and introduce a more serious, dedicated cybercrime unit to tackle hackers and the dark web.
Combating criminal activities operating on the dark web environment requires law enforcement agencies to be more proactive.
It demands cyber security experts and technical resources combined with an innovative approach.
In Malaysia, there is a need to raise the knowledge, skills and capabilities of all members of the police force, intelligence agencies and Cybersecurity Malaysia.
The Malaysian Armed Forces have set up a cyber warfare regiment to strengthen their cyber defence.
Law enforcement agencies, regulators and ethical hackers should form a task force with Cybersecurity Malaysia and acquire capabilities in deep web analysis.
This is to enable the task force to effectively conduct investigations and continuous monitoring and to effectively curb cybercrime activities while ensuring a safer, secure cyberspace experience for the public and ensuring it remains immune to cyber attacks.
Ethical hackers can add immense value to an organisation by identifying their system and security weak points and upgrading their network by defending it from cyber security threats.
Even with the best infrastructure, technologies, and legislation, the human factor plays an important part in preventing data breaches.
Therefore, the integrity of data handlers is critical in combating cyber threats.
In the cybersecurity world, tracking and attacking cybercriminals are not easy tasks and are a big challenge when we are dealing with skilled and expert criminals.
Besides combating cybercrime, other actions such as prevention, awareness campaigns and risk mitigation are equally vital aspects in fighting against cybercriminals on the dark web.
Datuk Seri Akhbar Satar is Malaysian Association of Certified Fraud Examiners president. Comment: firstname.lastname@example.org