Block This!!

A notice posted on the Malaysian Communications and Multimedia Commission’s (MCMC) Facebook page said the decision was made to block websites that “promote, spread information and encourage people to join the Bersih 4 demonstration“, on grounds that this will “threaten national stability”.

I cannot then tell you to join Bersih and call for free and fair elections, and I couldn’t begin to articulate that our Prime Minister has received BILLION ringgit donations from foreign sources, and certainly I must refrain from encouraging you to do your civic duty to attend tomorrows rally.

I also shouldn’t post pictures like the one below:

Bersih

Bersih

Why we fear ‘hackers’: Dangers of Technical Illiteracy

anonymousmask380-300x225Are you afraid of Hackers? Do you lie restless at night thinking of what might happen if they got into your bank account, facebook profile, or e-mail. Perhaps you’re also worried about that they might hack into a forum you visit, or that they might get into your personal messages on whatsapp.

It’s true that hackers are able to do all of these things, but the public perception of hackers really isn’t quite justified, and this false perception can lead to terrible outcomes.

Take last weeks post about the hacktivist group Anonymous. In it I expanded on the public fear of anonymous and how that didn’t correspond to the actual damage that the group causes. Sometimes all Anonymous does is a DDOS on a public website, that still takes some skill, but far removed from actually infiltrating a server. Yet, most people wouldn’t be able to differentiate a DDOS attack of a website to a compromise of an actual server, and this inability leads then to disproportionately fear hackers, worse still it leads them to lump all security related incidences into a single bucket called “hacked by hackers”.

But Why?

Why are people so afraid of hackers? And why is there a huge discrepancy between what some of these hackers are actually doing and the fear that the average citizen has of them.

I have one theory–ignorance, or more specially tech-illiteracy. Continue reading

Our Communication Minister must be mistaken

Our newly appointed Communication Minister has come out all guns blazing in directing the The Malaysian Communications and Multimedia Commission (MCMC) to ask social media giants such as Facebook, Google and Twitter soon to block “false information and rumours” on their platforms.

That in itself is quite frustrating, but what really got me scratching my head was his claim that “that social media providers acted on 78 per cent of MCMC’s request for removal of content last year, with Facebook taking action on around 81 per cent of its request.”

Reuters reported that:

A Google spokesman in Kuala Lumpur said the Internet giant was “always in conversation with” the Malaysian Communications and Multimedia Commission but he declined to comment on the request from the government on curbing content.

Facebook and Twitter were not immediately available for comment.

Fortunately, we don’t need to ask Google, Facebook or twitter about these specific request, because this information is already publicly available. All 3 social media platforms publish transparency reports that detail any and all government request made to them, and whether or not those government request were acted upon.

And as it turns out the data that our Minister has doesn’t quite tally up with the information published by the platforms. According to the Facebook transparency reports (found here and here), the Government of Malaysia made 36 content removal request, and 46 user account request. Of these, less than a quarter were acted on by Facebook, unfortunately Facebook doesn’t provide the details about the specific Government agency making the request or which specific request were acted upon. But, as you can see, the numbers are fairly small (a mere 36 content removal request over an entire year), and the success of those request are quite slim as well (less than 25%).

With twitter things get even more interesting.

In 2014, the government made 3 User account request to twitter, of which all 3 were rejected that’s a resounding success rate of 0%. And in the first half of this year, it had made 1 removal request, which was also rejected. Twitter doesn’t quite like the request from our government, and the government doesn’t make that many either.

I could go on with Google, but you get the picture.

The government is not having ANY success with the removal request, so why bother trying.

A more pertinent question is why is the Minister making these numbers up? Either he’s been given false information, or he’s just making shit up at this point. There is a possibility that maybe he’s telling the truth, through some math-magic, maybe the MCMC makes a smaller fraction of the request to Facebook, and maybe those have a success rate of 80%, but that’s unlikely, and it would be a insignificant number anyway.

My theory is that when you have Ministers who are appointed based on their loyalty to a certain someone, as opposed to technical knowledge of the area they’re supposed to be administering, you will continue to get this sort of this bullshit.

When technical merit, takes a backseat to political connections and allegiances–you’re bound to end up with people who don’t know anything. Something we all should be very very worried about.

Full disclosure:Google actually had one request for the 2nd half of last year, and complied with that request, resulting in a 100% compliance. However  over the entire reporting history, Google complied with 17 out of 31 request, nowhere near the numbers the good Minister has.

Understanding Anonymous from a Malaysian context

anonymousmask380-300x225The latest buzz in Malaysian cyberspace is the ‘threat’ from Anonymous Malaysia to launch ‘internet warfare’ on the Malaysian government, singling out our poor ol’ Prime Minister, demanding that he step down or face the consequences of Anonymous actions.

The threat of internet warfare even came with a date, 29th to 30th August at 2.30pm, coinciding with Bersih 4.0. You know you’re dealing with a bad-ass when they tell you when the attack is coming, sort of like Muhammad Ali telling his opponents which round he would knock them out in. (down in the 5th)

Of course, this was followed swiftly by condemnation from Bersih, that sought to distance itself from an unknown entity like anonymous, and even from the Police, who quickly determined that the video published wasn’t shot in Malaysia. some have claimed that the hackers are only interested in fame, which seems odd, seeing as how they’re …..Anonymous.

Various agencies have also claimed to ‘tighten up’ their security following the threat, which meant that security probably wasn’t very tight prior to a threat from person wearing a guy fawkes mask.

But here’s the thing. Anonymous isn’t like any other organization you know off, it doesn’t have a leader, or a CEO, or someone that’s in command. Anonymous is a hacker ‘collective’and its governance structure isn’t something you’d find in the real-world.

The best explanation I can give you of Anonymous is this, its a group hackers that come together to utilize their skills for a common goal, and the grouping disintegrates once the common goal is achieved. Meaning that the anonymous that attacked the Church of Scientology back in the early days are probably not around any more. They most likely have been replaced by a new bunch of anons (that’s what we call members of Anonymous). In short anyone can be Anonymous, and no one has copyright over the term. So having one branch of Anonymous cite another for ‘using our name‘–seems anathema to the principles of the collective. Also, Anonymous does get involve in politics, it does so all the time, whether it’s attacks on US Government websites, attacks on regimes like Tunisia, helping out Occupy Wall Street or Julian Assange, Anonymous is very political in nature.

Most of the time though, Anonymous is responsible for things that border between attack and prank. It’s attacks on the Church of Scientology (code named project Chanology), involved sending black faxes (designed to waste ink), and a Denial of Service attack on the churches website. A few years down the road, Anonymous took out Paypal, Visa and Mastercards website through a similar DDOS attack, that while damaging to the companies web-sites, did not impact the financial processing capability of the victims. These things obviously have some impact to the corporations being attacked, but the degree of that attack doesn’t seem to correspond to the amount of fear people have of the collective.

It’s like if someone were found guilty of chaining the doors at your local McDonalds, but you penalize them as though they detonated an explosive inside.To be honest, even if Anonymous took out the 150 Malaysian websites, how many of us actually visit the MACC website–do you even know the URL for it?

Of course, that doesn’t mean Anonymous is a lame-duck threat, there are times when Anonymous steps up their game. Part of the beauty of being a collective, is that sometimes you do get genuine bad-ass hackers that can wreak some havoc. One such case was #OpCartel, where members of Anonymous claimed to have hacked the databases of the Zeta Drug Cartel in Mexico, and threatened to expose the names of the members unless a kidnapped Anon was released. Not one to back-down from fights, the Zetas issued a simple but scary as hell response, “for every name released by Anonymous, the Zetas would kill 10 innocent people”. Anonymous understandably backed down, but what eventually unfolded is unknown, and the facts surrounding the entire story are blurry to say the least.

What’s interesting about the confrontation between Anonymous and Zetas is that it gives us a glimpse as to what happens when two non-state actors go at it with each other. What’s even more interesting is that Anonymous backed down, they themselves were not in any harm, and seemingly ceased operations of #OpCartel presumably because they didn’t want innocent people to die for their actions. If the American Government had such information, would it have done the same thing? If the NSA had a list of ISIS operatives in London, and ISIS threatened to kill 10 innocent people for every one ISIS operative caught–do you think the situation would play out with the NSA backing down?

The collective nature of anonymous makes them unpredictable, and that itself can be threatening. If you’re responsible for the security of the websites of certain agencies, what could you make of it? Nothing much, because you should be as secure as you can be, every single time. You shouldn’t be waiting for a guy in a video to threaten you before you take action, your websites should be secured to your best possible effort every day of the week, the fact that the government is ‘taking this seriously’ is cause of concern for me.

So what should we as Malaysians do?

We have a Government who has censored in the internet, bought surveillance software to spy on citizens (twice!), threatened to force news portals to register online, has overseen a significant drop in the quality of our science and maths education, and is fully fine with accepting foreign donations of RM2.6 billion. What you should do as a Malaysian, is get off your arse and join Bersih 4.0, and let Anonymous do what they want.

We need a change in Government

I need to take this blog to somewhere it hasn’t been. To boldly go where every other Malaysian blog has already gone–into politics.

This is my blog, it’s my hobby, I don’t depend on it for my survival, I don’t rely on it for anything other than the satisfaction it provides me. Therefore, I get to do with it what I want, and today I want to talk about politics.

I’ve resisted talking about politics, there are hundreds of Malaysian blogs that already do it, but the political situation we’ve found ourselves in is just too ridiculous to sit on the sideline and pretend nothing is happening.

We have a government that has procured spying software (twice!), blatantly censored the internet (more than once!) and looks set to sign the Transpacific Partnership agreement. These are things I’ve spent the last 3 years blogging against, and yet here we are, with all my post achieving next to nothing.

Between the privacy violations of having 3rd-parties run surveillance software on behalf of the MACC, the disregard of the MSC bill of guarantees when the Government censored SarawakReport and the complete lack of transparency of the TPP–how can it possibly get worse?

Even if you accept that it was a political donation (yea right!), and maybe you think that censorship and Government surveillance is OK. Are you OK then with Malaysia having an education system that ranks in the bottom third of PISA and TIMSS, are you OK that for a country as blessed as ours we are giving our children an education that isn’t that much better than Palestine according to International benchmarks, that our very own Education blueprint trust?

And I haven’t talked about the exchange rate, or GDP–partly because it’s a bit stale, but mostly because I don’t understand how modern economics work. What I understand is technology, and privacy, and censorship, and science–and in all these respects, the Government has been so fucking abysmal, there has to come a point where a tech blogger has to say enough is enough, and fuck you Mr. Government but you need to leave.

We really need to get rid of the government, and I don’t just mean the Prime Minister. And mind you it’s possible.

We live in  a Constitutional Monarchy–key word there being constitutional. And in our Constitution lies mechanisms to remove a Prime Minister from power, specifically a vote of no confidence in Parliament. The no confidence vote was designed to be hard thing to execute–a country needs political stability, and if a Prime Minister could be voted out on any whim, then no stability would be possible.

But it is POSSIBLE, and 100% legal and Constitutional. The constitution gives us this ‘exit plan’ in order to avoid a situation where the country can be held hostage to an asshole in power for 5 long years.Because even the constitution admits that we could be wrong and end up with the wrong PM, and a country shouldn’t be held to a mistake it already admits to. A country should be allowed to change their leader with due process, and the constitution allows this.

But there’s a catch, in order for the exit plan to work, you need to get THEM on board.

Who is ‘THEM’ you ask?

THEM refers to the Members of the Malaysian Parliament whose name do not begin with N and end with ‘ajib’. THEM refers to our very own Malaysian politicians who must collectively put aside their petty fucking differences and come together to save Malaysian from a borderline tyrant who has decided to hold onto power with every slimy fingernail he has. THEM refers to the only people who stand between us and another 3 years of hell-hole we’re in.

But will ‘THEM’ act?

Depends.

THEM are elected members of the House.

THEY rely on a votes to keep their job, and THEY need the people to be on their side.

If somehow THEY knew for sure, that the Malaysian people would not give their party another shot in power, THEY would switch sides quicker than a Road Runner on Wil E. Coyote avenue.

But can WE send THEM a message?

OOOhhhh, I don’t know. Something like 100,000 people in Dataran Merdeka camped overnight, all wearing yellow in solidarity. Something like a protest of sorts to send a strong message to THEM (not HIM), that if They stick to him, they’re going to be there when the shit hits the fan.

Just saying.