I’m Sorry, the Malaysian Government IS spying on you


Big Brother is watchingA couple of weeks ago, I wrote about an ‘irresponsible’ piece of journalism by the Malaysian Insider when the ‘claimed’ the Malaysian government was spying on Malaysian citizens–but they didn’t have any proof. I was very upset that a reporter would make such a bold statement and not back it up with any proof –so obviously the post was written in a caustic  and emotionally charged way–I was upset, annoyed, angry even!

More importantly though–I was wrong!

On Labour day, Citizenlab released a second report detailing out more info from they’re Finspy research.

I’ll let speak for themselves in an excerpt they prepared specifically addressing MALAYSIA:

In March 2013, we searched the Internet, looking for computers (servers) that gathered stolen information (passwords, Skype calls, audio/video recordings) from computers infected with FinFisher. We found one of these FinFisher servers in Malaysia. However, the presence of a FinFisher server in Malaysia does not necessarily mean that the Malaysian government, law enforcement, security, or intelligence services are running the server.

A website called “The Malaysian Insider” (TMI) published an article with the headline stating “Malaysia Uses Spyware against Own Citizens, NYT Reports”. In response, the Malaysian Communications and Multimedia Commission accused TMI of false reporting.

Regardless, the Malaysian government did not confirm or deny if they were using FinFisher.We have now identified a Malaysian election-related document that also contains a piece of surveillance software that will spy on you.Our findings so far do not make it possible to say who has put FinFisher in this document, or who is circulating it.

But because FinFisher is explicitly only sold to governments we think that it is reasonable to assume that some government actor is responsible.

We do not know how many people were infected and we do not know exactly who was the target of this document. But while we cannot make definitive statements about the actors behind the booby-trapped candidate list, the contents of the document suggest that the campaign targets Malay speakers who are interested or involved in Malaysia’s 2013 General Elections.

The report is scary to say the list. further reading a more detailed report reveals that the Finspy program used to spy on citizens was spreading through a word document entitled “SENARAI CADANGAN CALON PRU KE-13 MENGIKUT NEGERI”.

Once a user clicks on the document, their computer is immediately infected with FinSpy, more interestingly only 8 out of 46 Anti-Virus software even detected a ‘hint’ of Finspy. However, the dangerous stuff is what it does next–Finspy replicates itself onto the infected PC ‘pretending’ to be  the popular browser Firefox. So everytime the user opens of closes Firefox–information is sent back to the command center, reporting on the users every visit to every site.

This taken together with the latest reports on how Telekom Malaysia was doing deep packet inspection on your Facebook and Youtube traffic is a very worrying trend.

With this proof we can now quite safely say, that the Malaysian government is censoring the internet, blocking certain sites and even spying on Malaysian Citizens–more specifically targeting MALAY speaking citizens.

Apologies from the Tech Evangelist

I deeply regret my post claiming that Malaysia wasn’t spying on it’s citizens–and I was terrifyingly wrong about the extent on which the government would go to in spying on it’s citizens. I can not begin to articulate how utterly upset I am with my own government.

A personal apology to Boo Su-Lyn (the reporter who made the initial report) is warranted as well.

More importantly, an apology to the people who tweeted the link to the original post, as well as the those that shared it on social media. Finally, I’m sorry to Uncle Lim, who also posted the article on his blog.


Citizenlab ends with the following on Malaysia:

While we cannot make definitive statements about the actors behind the booby-trapped candidate list, the contents of the document suggest that the campaign targets Malay
speakers who are interested in Malaysia’s hotly contested 5 May 2013 General Elections.

This strongly suggests that the targets are Malaysians either within Malaysia or abroad. We trust that both domestic and international elections monitoring officials and watchdog groups will investigate to determine whether the integrity of the campaign and electoral process may have been compromised.

I’m sorry, but the election monitoring officials aren’t doing anything above the massive amounts of SPAM sms’s I get, I don’t expect them to do anything about this.

This is blatant disregard of the rights of every individual to personal privacy. I am deeply upset that my own government–in my own country is doing this to it’s own citizens.

Fortunately though–they will not be government for long.


Astound us with your intelligence