Your browser (Internet Explorer 6) is out of date. It has known security flaws and may not display all features of this and other websites. Learn how to update your browser.
X

Malaysian Government Hacked Environmental website?

How IP addressing works

Environment News Service, an environmental focused news website this week accused Malaysian government hackers of attacking it after it ran a story implicating Sarawak governor Tun Abdul Taib Mahmud of corruption and graft. As a result, the site was down for 2-hours, before the site manage to re-gain control.

“The attack on our site came from a Malaysian government entity as identified by their IP address,” Sunny Lewis, editor-in-chief of Environment News Service (ENS)

But what exactly is an IP address, and how did ENS identify it?

Let me explain.

What is an IP address?

The internet runs on a protocol–a set of rules that determines how data gets routed from one corner to another. These rules allow for every computer connected to the internet to communicate with every other computer and the protocol itself is aptly named the Internet Protocol, or more commonly known as IP.

Part of the protocol stipulates that every computer connected to the internet must have a unique number that identifies itself to the network. Just like how telephones have unique phone numbers, devices connected to the internet have unique internet numbers–or more accurately called IP addresses.

You can easily determine your IP address by logging onto www.whatismyip.com, or even just typing “what’s my IP” into Google. But where does your IP address come from? Unlike Phone numbers, IP addresses aren’t static, your IP address changes every time you reboot your router. Your IP address was ‘given’ to you by your Internet Service Provider (Unifi, Maxis, Digi..etc) and once you log-off or shutdown your router, your ISP then takes that IP address and assigns it to someone else. IP Addresses are like gold these days and ISPs need to dynamically allocate them to you, because they’re subscribers exceed the number of IP addresses they have.

So your IP addresses are given to you by your ISP. But who gave your ISP their IP addresses?

The answer is your local Network Information Center (commonly called a NIC)

In our part of the world it’s APNIC (or the Asia-Pacific NIC). You see as de-centralized as we think the internet is–there is still some level of centralization that requires an authority to administer. This is especially true in the allocation of IP addresses to Internet Service Providers–every region of the world has a local NIC that manages the IP address allocations to the local Internet service providers, to prevent them from issuing identical IP addresses across two different networks. It also means that there is a central repository that can tie each IP address and who that IP address was allocated to.

So while your IP address changes with every logon, at the very least it will continue to be a Unifi IP address each time (or Maxis or Digi..etc). Your ISP has a fixed pool of IP addresses that it then dynamically allocates to subscribers like you.

So how did Environment News Service know that Malaysian government hackers attacked them? They simply traced the IP address of the attacker (which they knew), and my guess is found it registered to the Malaysian government. I further speculate that the IP address would have belonged to GITN (the official network provider to the government)–which I wrote a couple of years back was used to download some porn on bit-torrent — so this wouldn’t be the first time some hanky-panky went on over at GITN.

Some unanswered questions

Now some questions.

If these hackers were smart enough to hack a website, how come they weren’t smart enough to hide their IPs? It’s quite trivial to hide an IP (just use TOR)….which makes me sceptical of this entire claim, but then again we’ll know more when we Environment News Service publish more information.

In any case, I highly doubt anyone in our government has the skills to do this–and someone as rich as Taib would have probably hired more competent professional to execute the so-called ‘hack’. There are guys who openly advertise services to take down websites, and they start from as low as RM1 for every 10 minutes. Basically these hackers offer their ‘attacking’ services for a fixed price–and some of them even offer 24/7 helpdesk support, and I’m not joking. So why in the world would someone like Taib even bother going to the government for something as trivial as this–when competent professionals are easily available.

The Malaysian government has been accused of taking down Malaysiakini and other news portals in the past. and in those instances the attack didn’t come from the government, the very first attack in 2004 was reported to have originated from APIIT (yes the IT school), then Radio Free Sarawak was attacked prior to the 2013 General election, and that DDOS came from more than 36,000 IP address (yes, that’s 36 THOUSAND)–this new attack seems like a paltry downgrade when compared to those, and run by amateurs.

I can only speculate of course, the Government is known to be spying on citizens and censoring the internet–but sometimes the stories being thrown around make me question their authenticity.

Conclusion

Thanks for reading. If you want to learn more about IP addresses and what the hell IPV6 is, check out my two videos below:

Phishing by the Bank–Maybank that is

Recently I received a phishing email from konzie2@usm.edu telling me that Maybank had installed new security features and that I need to validate my details on the Maybank2u web portal. The email was marked as SPAM by Gmail, and trying to visit the site further sparked more warnings from Firefox AND my anti-virus.

But I was curious as to what the link would entail, in much the same way I was curious about the RHB phishing emails I received some months back.

Hopefully this post gives you an indication of just how sophisticated these attacks are, and manages to educate you on the one true way to establish if the site you’re visiting is genuine.

Fake Maybank2u login page

The fake login page for Maybank2u looks exactly like the REAL login page of Maybank2u, there really is no difference from the victims perspective. What’s more interesting is when you go deeper, by just enter in ‘a’ username and a password you get to the following page (please don’t enter ‘your’ username and password, just ‘a’ username and password) More…

Censoring bomb making websites: NO

The Star reports that :

Malaysia Crime Prevention Foundation vice-chairman Tan Sri Lee Lam Thye called on the Malaysian Communication and Multimedia Commission (MCMC) to block bomb-making websites.

“We live in a troubled age. Previously, it was unimaginable, but now even from your home, you can make a bomb. The MCMC must do a comprehensive check to see how we can block sites that are harmful to the nation,” he said.

Now, apart from the fact, that there aren’t any dangerous substances used for bomb-making today, that wasn’t around in the 1970’s, the entire statement is one made from ignorance.

The Anarchist Cookbook, one of the most famous manuals for making home-made bombs, was written in the 1970’s and improvised in the 1980’s–stuff that was flammable 20 years ago, is still flammable today. It’s not like as though, the atmosphere has changed and petrol no longer burns.

But calling for the MCMC to ‘comprehensively’ block sites that are ‘harmful’ to the nation is something no one, especially a Vice-chairman of an NGO should ever do. We can’t allow for the MCMC to be given a rein on the internet, even if the intentions are good–after all, we know what the road to hell is paved with–we can’t allow good intentions to create bad consequences such as internet censorship.

Anyone that calls for the blocking of websites needs to understand the reasons I don’t condone blocking of websites. More…

ATM Hacks are so bloody boring

KLIA computer infected with VirusLast week, while I was flying from KL to London, I noticed a strange anomaly on the screen of the boarding gate at KLIA. Closer inspection revealed that it was an anti-virus warning that signaled the computer had been infected by a Virus (almost 2 days ago!!). As a techie, I quickly deduced 3 things from the screen.

One, the computer was running Windows, and probably an outdated version of Windows.
Two, the computer had been infected with ConfickerConficker was a pretty infamous threat, back in 2008!! And yet, here we are, at Malaysia’s most prestigious airport, and we have a computer infected by a virus that pre-dates the iPhone 3G.
Three, the computer is probably part of a larger network, and never gets patched or updated–probably. If it were patched, it wouldn’t be infected with a ol’ grandmother of a virus.

As an added bonus–I could easily see the user of the system. That’s a delicious bit of information for any hacker to have.

Heaven forbid, the virus on the computer screen at KLIA not spread to something important–like control tower or Sky Train controls.

These days, everything is a computer. Your phone is a computer, your watch will one day be a computer, so too is your car. But when was the last time you patched and updated these systems? When was the last time you updated the firmware on your router–or even when was the last time you updated the software on your laptop? Some of you probably haven’t done this before–I’m looking at you Android JellyBean and iOS5 users.

So the display screens at the airport are computers–but so are the Automated Teller Machines (ATMs), and trust me when I say this, some of them run on windows….gasp!! More…

MyProcurement: All government tenders in one Excel file

MyProcurement

Happy birthday Malaysia!! Just how awesome is our country, that we celebrate an Independence Day AND a Malaysia Day, not to mention 2 New years day, (or 3 if you count Awal Muharram).

So on that note, I decided to use my IT skills for the good of the country.

To be honest, my IT skills have never been up to par, my day job is more managing/planning/documenting than actual execution of ‘real’ IT work. But it was good for me to dust of the ol’ programming fingers and learn Python to grab some publicly available information and make it more accessible to the less IT centric members of society.

Since I had limited time, and sub-par skills, I decided to set my sights low, and aim to extract all the data from the Malaysian MyProcurement portal, which houses all the results of government tenders (and even direct negotiations) in one single website for easy access. The issue I had with the portal though, was that it only displayed 10 records at a time–from it’s 10,000+ record archive, so there was no way to develop insights into the data from the portal directly, you had to extract it out, but the portal provider did not provide a raw data dump to do this.

So I wrote a simple Python script to extract all the data, and prettified the data in Excel offline. The result is a rather mixed one.

I was happy that I could at least see which Ministeries or Government departments gave out the most contracts, and what the values of those contracts were. All in all, the excel spreadsheet has more than 10,000 tenders with a cumulative value of RM35 billion worth of contracts going back to 2009. The data allowed me to figure out which Ministry gave out the most contracts, the contracts with the highest and lowest value (including one for Rm0.00, and one for just Rm96.00). All in all it was quite informative.

Results_by_ministry

More…

Is Malaysia’s Broadband slow–no it isn’t.

Broadband_speed_klang_malaysiaRecently KiniBiz did a piece on Malaysian broadband speeds, and once again the hoopla about how Malaysian broadband speeds are slow arose. Kinibiz quoted an article from Asean DNA which stated that the average broadband speed in Malaysia was just 5.5 Mbps, while Thailand, Vietnam and Singapore had speeds that were double that (or more!)

The report however was inaccurate, and I think there’s a need to address the hoopla, because this happens often. There was a report couple months back that said Cambodia had faster speeds than Malaysia, and I wrote a post addressing that. This time I think, we have to really go into the data and find out what exactly is going on.

So let’s start at the source of this data.

The data was built from billions of download test conducted by users throughout the world on speedtest.net (a website that allows users to test the speed of their internet connection). This dataset is HUGE!, one of the biggest I’ve seen and definitely the biggest I’ve had the pleasure to play around with. Just one file in the set had more than 33 Million rows and weighed in at more than 3.5GB.It took me some time and lots of googling just to figure out how to deal with a csv file this large. Fortunately, there’s LogParser, but we’ll skip that tutorial for now and focus on the juicy details of data.

The number reported by Asean DNA is wrong. The average internet speed in Malaysia isn’t 5.5Mbps, it’s more like 7.5Mbps.

5.5 Mbps was obtained by averaging the speed across the regions of Malaysia (Kl, Alor Setar, Klang..etc) rather than by averaging the speed across all the test conducted by Malaysian users. In short, Asean DNA placed equal emphasis on Kuala Terengganu and Kuala Lumpur, although Kuala Lumpur had 50 times more test conducted. It would be like calculating GDP per state, rather than GDP per capita. The real per capita download speed in Malaysia is 7.5Mbps, rather than 5.5Mbps (if you limit yourself to just data from 2014).

Here’s the breakdown. You can download the file from netindex.com or just use an extract I created with just the Malaysian data–it took some time to do this so leave a Thank you in the comments if you downloaded the data.

Average-speed-internet-Malaysia

More…

A Techie’s view on the Law

2283584007_f199332890_zAre some laws worth following–in other words, are some Laws so idiotic that they should be ignored completely?

That sounds anathema, because we have a romanticized definition of the law, we define the Law as a broad general agreement a society undertakes, and the law keeps society from tearing itself apart. In other words, the law is so sacred because without it–we descend into anarchy, so ignoring the law is akin to promoting anarchy.

But I’m not speaking of “The Law”, I’m speaking of “A law”, specifically an Act of Parliament. “The Law” refers to a vast conglomeration of many things, including constitutions (state and Federal), statutes, precedence of case law and Acts of Parliament. I’m not sure what a statute is–but I roughly know what an Act of Parliament is, and it surely isn’t a broad general agreement that society depends on to stave off Anarchy–rather an act of Parliament is a law brought into effect by Parliament–nothing more nothing less.

To my techie mind, that means that 222 Members of the Malaysian Parliament got together to enact a piece of legislation. Romantically we think this is the people’s will–the Rakyat voted these people into power and they now wield this power to enact laws that will protect the Rakyat. A glorious cycle of virtuosity that only democracy can deliver. That’s wishful thinking, realistically it’s a law brought into effect by 222 voting members of Parliament whose collective IQ would probably not exceed that of the Zoo.

So when these 222 MPs ge t together and enact legislation to regulate technology–I get a bit uncomfortable. Not only do most of them not have engineering qualifications, half of them don’t even have a website. Having these MPs enact legislation that will regulate a field they’re clueless about, is akin to getting open heart surgery from a car mechanic.

On a side note, a techie like me has a hard time understanding why we have 222 seats in Parliament. It would seem, that in a first past the poll system, you’d want to have ODD number of seats, to avoid the situation where 111 members belong to Barisan, and the other 111 belong to Pakatan (what happens then?). That’s just ONE of the many things an engineer would quickly realize is wrong with the entire system–and that’s why we only have 3 engineers in Parliament (at least according to the Sinar Project). More…

Nearlyfreespeech the hosting provider that takes security seriously

NearlyFreeSpeech.NET Web HostingYou all know how much I love nearlyfreespeech, it’s one of the best hosting providers out there. Here’s one more reason, recently they alerted me to a suspicious number of login attempts to my wordpress site, which usually means someone was trying to hack it.

If you remember the post I did about the RHB bank scam, it’s quite common for hackers to inject pages onto a wordpress site to help them carry out banking scams. This was probably something similar.

Fortunately, the guys over at nearlyfreespeech were not just kind enough to log the attempts and alert me, but even automatically disabling the login page of the site to prevent something similar happening. Good on them!

Nearlyfreespeech is a great hosting provider and this just proves my point. Check out the email below: More…