Environment News Service, an environmental focused news website this week accused Malaysian government hackers of attacking it after it ran a story implicating Sarawak governor Tun Abdul Taib Mahmud of corruption and graft. As a result, the site was down for 2-hours, before the site manage to re-gain control.
“The attack on our site came from a Malaysian government entity as identified by their IP address,” Sunny Lewis, editor-in-chief of Environment News Service (ENS)
But what exactly is an IP address, and how did ENS identify it?
Let me explain.
What is an IP address?
The internet runs on a protocol–a set of rules that determines how data gets routed from one corner to another. These rules allow for every computer connected to the internet to communicate with every other computer and the protocol itself is aptly named the Internet Protocol, or more commonly known as IP.
Part of the protocol stipulates that every computer connected to the internet must have a unique number that identifies itself to the network. Just like how telephones have unique phone numbers, devices connected to the internet have unique internet numbers–or more accurately called IP addresses.
You can easily determine your IP address by logging onto www.whatismyip.com, or even just typing “what’s my IP” into Google. But where does your IP address come from? Unlike Phone numbers, IP addresses aren’t static, your IP address changes every time you reboot your router. Your IP address was ‘given’ to you by your Internet Service Provider (Unifi, Maxis, Digi..etc) and once you log-off or shutdown your router, your ISP then takes that IP address and assigns it to someone else. IP Addresses are like gold these days and ISPs need to dynamically allocate them to you, because they’re subscribers exceed the number of IP addresses they have.
So your IP addresses are given to you by your ISP. But who gave your ISP their IP addresses?
The answer is your local Network Information Center (commonly called a NIC)
In our part of the world it’s APNIC (or the Asia-Pacific NIC). You see as de-centralized as we think the internet is–there is still some level of centralization that requires an authority to administer. This is especially true in the allocation of IP addresses to Internet Service Providers–every region of the world has a local NIC that manages the IP address allocations to the local Internet service providers, to prevent them from issuing identical IP addresses across two different networks. It also means that there is a central repository that can tie each IP address and who that IP address was allocated to.
So while your IP address changes with every logon, at the very least it will continue to be a Unifi IP address each time (or Maxis or Digi..etc). Your ISP has a fixed pool of IP addresses that it then dynamically allocates to subscribers like you.
So how did Environment News Service know that Malaysian government hackers attacked them? They simply traced the IP address of the attacker (which they knew), and my guess is found it registered to the Malaysian government. I further speculate that the IP address would have belonged to GITN (the official network provider to the government)–which I wrote a couple of years back was used to download some porn on bit-torrent — so this wouldn’t be the first time some hanky-panky went on over at GITN.
Some unanswered questions
Now some questions.
If these hackers were smart enough to hack a website, how come they weren’t smart enough to hide their IPs? It’s quite trivial to hide an IP (just use TOR)….which makes me sceptical of this entire claim, but then again we’ll know more when we Environment News Service publish more information.
In any case, I highly doubt anyone in our government has the skills to do this–and someone as rich as Taib would have probably hired more competent professional to execute the so-called ‘hack’. There are guys who openly advertise services to take down websites, and they start from as low as RM1 for every 10 minutes. Basically these hackers offer their ‘attacking’ services for a fixed price–and some of them even offer 24/7 helpdesk support, and I’m not joking. So why in the world would someone like Taib even bother going to the government for something as trivial as this–when competent professionals are easily available.
The Malaysian government has been accused of taking down Malaysiakini and other news portals in the past. and in those instances the attack didn’t come from the government, the very first attack in 2004 was reported to have originated from APIIT (yes the IT school), then Radio Free Sarawak was attacked prior to the 2013 General election, and that DDOS came from more than 36,000 IP address (yes, that’s 36 THOUSAND)–this new attack seems like a paltry downgrade when compared to those, and run by amateurs.
Thanks for reading. If you want to learn more about IP addresses and what the hell IPV6 is, check out my two videos below: