The hack is meant to be a wake-up call to the government to properly protect the rakyat’s private data found on their websites.
Subscribe to our new Telegram channel for the latest stories and updates.
Identifying themselves as ethical hackers, Anonymous Malaysia has claimed that several government websites have been hacked as a part of their #OpsWakeUp21 cyber attack in an attempt to urge the government into properly protecting the people’s private data.
Through their Facebook page, the group announced that they have broken into five government websites, namely:
- Sabah State Government website (link)
- Perak State Government website (link)
- Royal Malaysian Customs Department website (link)
- Construction Industry Development Board (CIDB) website (link), and
- Selayang Municipal Council website (link)
The hacking is said to have taken place late last night (31 January), by a group known as Cyberpunk Team.
Anonymous Malaysia’s Facebook post also shared several screenshots of the above websites being defaced with what appears to be Cyberpunk’s logo, email contact, and a short apology statement.
Hello admin, we just found your website is vulnerable for hactivist. Please check back your website and make sure it is patched before your website get stamped again. We truly sorry for stamped your website. We just a security pentester. Don’t try to find us, try become professional webmaster by knowing to patch the vulnerabilities.Cyberpunk Team’s statement on the hacked websites
FYI, a security pentester is a person who performs penetration testing, pen testing, or ethical hacking. This is the practice of testing a computer system, network, or web application to find security vulnerabilities that an attacker could exploit.
However, checks by Astro Awani showed that only access to the Perak State Government website seemed to be affected, while the other websites appear unchanged.
Security expert: government websites need to be super secure
Commenting on the issue, Senior Security Advisor of the Cybersecurity platform Sophos John Shier highlighted that government agencies, by virtue of the private data they possess, should take every precaution to ensure their platforms do not become compromised.
Any planned or proposed attack against government infrastructure should be taken seriously and handled by law enforcement. Cyberattacks can take many forms. Without any inside knowledge about the perpetrators and their capabilities, it becomes impossible to predict future actions. Anyone wanting to prevent attacks from hackers must make sure they have their security house in order.John Shier, Senior Security Advisor, Sophos
John explains that several protective steps need to be taken such as protecting vulnerable systems, placing strong authentication mechanisms, using the latest prevention technologies as well as having threat hunting capabilities at the ready to investigate suspicious events in the environment.
Government issued warning to all agencies to brace for the hack
After Anonymous Malaysia’s posted their video threatening to hack into governmental websites on 25 January, the National Security Council (MKN) issued a warning to all government agencies to prepare for, prevent and minimize the impact of the cyberattack.
MKN said that the government takes threats to the nation’s “critical systems” and government IT infrastructure very seriously, explaining that it has outlined steps to reinforce government IT systems including improving the expertise of its personnel.
MKN reportedly coordinated efforts with the National Cyber Security Agency (NACSA) and the police to brace for the cybersecurity attacks.