THE The problem of data theft, which has become one of the major cybercrimes in the world, has received little attention from Malaysian lawmakers.
Hackers are criminals who gain unauthorized access to networks and devices to steal sensitive data, such as personal data, financial information or company secrets, which is then sold on the dark web. Monetary gain is the main reason thieves steal data.
Apart from hackers, most data theft happens with the help of insiders and also IT vendors.
Ponemon 2018 statistics show that at least 56% of organizations have suffered a data breach due to a vendor’s security lapses.
An alleged data leak containing information on 22.5 million Malaysians born between 1940 and 2004 allegedly stolen from the National Registration Department (NRD) has once again shed light on the country’s data security measures, with a negative effect.
Shockingly, a local tech portal Amanz has reported that the database which is 160GB in size is being sold for $10,000 (RM43,890) on the dark web.
In a screenshot shared by the portal, the seller claimed that it was an expanded database compared to the one he sold in September last year, which was only until 1998.
Meanwhile, Interior Minister Datuk Seri Hamzah Zainuddin denied the alleged data leaked by NRD and said the department’s firewall was strong enough.
It is important that the relevant law enforcement agencies thoroughly investigate and confirm these allegations if the leak is real.
Never underestimate the intelligence of these criminal hackers.
Sensitive departments should work to continuously harden and fine-tune the firewall and keep all software up-to-date by following computer best practices.
Hackers are becoming more skilled and sophisticated, and some countries are taking proactive steps in hiring “ethical hackers” to deal with cyberattacks and the dark web.
Prior to this incident, threats had been made against the Royal Malaysian Navy (RMN), the US Air Force as well as the Nigerian Navy over highly classified documents that had been leaked and ended up on the dark web.
This has heightened awareness of the need to be more secure, vigilant and resilient.
The RMN is aware of the stolen military information and has confirmed that it is already out of date.
Anyway, hackers managed to break into our online system and steal our data including personal information to commit fraud.
Prior to this, a cybercriminal claimed to have a complete set of records and personal details of 1,164,540 students and alumni of Universiti Teknologi Mara (UiTM), who studied between 2000 and 2018.
The hackers wanted to prove a point and tell UiTM to tighten up its computer security at the university. The information was allegedly sold on the dark web.
In 2014, Richard Huckle posed as a freelance photographer and English teacher in Kuala Lumpur and was sentenced to life in prison for sexually abusing dozens of children and publishing his activities on the dark web, where members exchanged images and advice on child sexual abuse.
So what is the Dark Web? There are three layers of the Internet; namely Surface Web, Deep Web and Dark Web.
Like an iceberg, it’s worth noting that the Surface Web only contains 4% of the Internet. The other 96% is hidden in a part of the deep web.
However, that does not mean that the deep web is necessarily malicious.
Medical records and academic and legal documents are also kept and stored here for protection and confidentiality.
The confusing thing about the Deep Web is that part of it is called the Dark Web, which is also internationally hidden and not accessible through traditional search engines or standard browsers.
Accessing this level requires a special browser known as the Onion Router Browser, originally developed by the US Navy to protect government intelligence communications.
It protects user privacy and hides all user IP addresses, making it impossible to trace them.
The dark web is used by hackers for malicious purposes, aimed at disrupting critical infrastructure and/or sensitive or classified information.
It also serves as a “criminal underground” to facilitate money laundering and other criminal activities.
Organized crime sites offer their biggest market on the dark web for the purchase of illegal products and services such as sensitive data, financial transactions, bribery, drugs, hitmen, human organs, sex with children, child pornography, counterfeit money, fake passports, firearms and stolen bank account information, among others.
They even have their respective business models, advertising and collaboration between hackers and criminals, and operate organizations around the clock.
What would happen if a cyber attack took over the electronic voting system or the government computer network?
The government needs to be proactive and introduce a more serious and dedicated cybercrime unit to fight hackers and the dark web.
Combating criminal activity operating on the dark web environment requires law enforcement to be more proactive.
It requires cybersecurity experts and technical resources combined with an innovative approach.
In Malaysia, there is a need to increase the knowledge, skills and abilities of all members of the police force, intelligence agencies and Cybersecurity Malaysia.
The Malaysian Armed Forces have set up a Cyber Warfare Regiment to bolster their cyber defenses.
Law enforcement agencies, regulators and ethical hackers should form a task force with Cybersecurity Malaysia and acquire deep web scanning capabilities.
This is to enable the task force to effectively conduct investigations and ongoing monitoring and to effectively curb cybercrime activities while ensuring a safer and more secure cyberspace experience for the public and ensuring that it remains safe from cyber attacks.
Ethical hackers can add immense value to an organization by identifying weak points in their system and security and improving their network by protecting it against cybersecurity threats.
Even with the best infrastructure, technology and legislation, the human factor plays an important role in preventing data breaches.
Therefore, the integrity of data managers is essential in the fight against cyber threats.
In the world of cyber security, tracking and attacking cyber criminals are not easy tasks and a big challenge when dealing with skilled and expert criminals.
Apart from combating cybercrime, other actions such as prevention, awareness campaigns and risk mitigation are equally essential in the fight against cybercriminals on the dark web.
Datuk Seri Akhbar Satar is the President of the Malaysian Association of Certified Fraud Examiners. Comment: email@example.com