comment 0

Hacking Government, Malaysian Style

hacking-governmentThe simplest definition of a hacker, is someone who breaks systems. We tend to equate systems to computers, but that’s a limited definition of the term. A system can also refer to a legal system or a set of processes that have nothing to do with technology.

For example, lawyers often hack around the law, looking for loopholes to exploit to give them an advantage in their case. A good lawyer is expected to work within the legal system of a country, but still try to bend it a wee bit for their clients. He’s not breaking the law, merely hacking it for his own good.

In the technology world, we sometimes define hackers as those to attempt to gain un-authorized access to computers, in other words an attacker that’s able to circumvent security measures of a server to gain access. This bypassing of security measures it what makes a hacker–but how does it reflect in a legal context?

The System of Government

Our country has a system of Government with 3 branches, and the main point of the system to allow each branch to oversee the others.

But if you’re clever, and happen to be the Prime Minister, there seems to be some way around the checks and balances to ensure that you have unlimited immunity to do as you wish, emasculating the other branches of government.

What I will describe next is purely a hypothetical scenario, but a realistic one, in which a Prime Minister can hack his way around all the checks and balances of the Government systems exactly as a hacker would hack his way around the security of a server.

Hacking Government

In order to truly understand any hack, we first have to understand the system that was compromised. In our case, that system was the Government.

The government isn’t just Cabinet Ministers or their agencies. It’s composed of 3 separate and distinct branches, the Executive, Legislative and the Judiciary. There’s a semi-branch sometimes called the Fourth estate, which we’ll get to later.

The Executive is tasked with the actual running of the country, the Prime Minister and Cabinet are members of the executive, and they execute the day to day running of Malaysia. The Legislative is parliament, the guys (and gals) who are responsible for writing acts of parliament. Finally, the Judiciary, is the courts who interpret the acts of parliament and the constitution and actually execute laws.

All of these branches operate independently (in theory), and all act as checks and balances of each other.

But there’s a flaw in the system.

If you commit a crime in this country, we send the Police after you. But if you are the person who has appointed the highest ranking police office in this country, then you pretty much have the upper hand over that process. Similarly, if you are guilty of corruption, we send the MACC to your door-step, but once again if you are the person appointed the head of that Commission, then you’ve pretty much minted your very own get out jail card.

If you were Prime Minister, you appoint the IGP and head of the MACC, your ministry (the Prime Ministers Department) gets to make some rather high profile decisions. For example, you could easily choose to transfer MACC officers from the MACC to a separate government department, seemingly for no good reason. This way, regardless of how much integrity and honesty, the Police Force and MACC have, you’re un-touchable by agencies, because you’re the guy deciding who is in charge. It’s like playing a football match with another team, but you get to decide whose the referee, and then you get to swap the referee in case he’s not making the calls you want him to make.

Obviously we can’t expect agents of the executive to go after the head of the executive, and fortunately, that’s not the only avenue to pursue a rogue Prime Minister. The other branches of Government can check the executive, for example the legislative.

The Legislative

The legislative enact laws that keep citizens in check. But they also form select committee that provide oversight, one of those is the Public Accounts Committee (PAC), which is responsible for reviewing the findings of public audits. The PAC is granted specific powers that allow it to act, it can even call Ministers for questioning, and is by no means a toothless tiger.

However, in order for it to be effective, the PAC must be independent of the executive (since it is reviewing the spending of the executive). Therefore a member of the PAC shouldn’t be a member of the Executive, or more specifically the Members of Parliament (MPs) that sit in the PAC must not be Members of Cabinet.

Here once again, if you’re fortunate enough to be top dog Prime Minister, you can hack your way around the system. While a PM doesn’t decide who sits on the PAC, he does decide who sits in his cabinet. In other words, he decides who doesn’t sit on the PAC. With this rather over-looked loop hole, a Prime Minister can postpone any PAC hearing indefinitely by simply rotating members of the PAC into the Executive, forcing the PAC to reconvene and re-elect rather than investigate.

Of course this method is un-sustainable, as after a while you run out of Ministers to swap around, or there’s just not enough people to move.

Even then it’s a brilliant move, but even if the PM can delay the legislative from acting against him, surely the Judiciary would be the best place to take action, because with our system of Government there is a huge over-lap between the legislative and executive.

Can the courts close this exploitable vulnerability?

The Judiciary

Here we have the final and last branch of Government–the Judiciary.

Unlike Parliament or Cabinet, members of the Judiciary are not elected or appointed by the PM, surely it has the power to decide his fate…well not really.

The Judiciary is a ‘lesser’ form of the government, but more importantly it is also a ‘passive’ form of government. The Judiciary cannot ‘go after’ a specific case (like the PAC of the Police), rather it has to wait for the case to come before it.

And who gets to decide which cases go before the judiciary? The attorney-general.

And who appoints the attorney-general? The Prime Minister!!!

BAM!

God-Mode activated!!

OWNING!!!

By simply rotating out AG’s that you don’t like, the Prime Minister once again can ensure that no action will be taken against him, because the only person capable of bringing the case to the Judiciary is appointed by the you.

So let’s summarize the hack. If you’re Prime Minister you basically run the entire executive function of Malaysia, and you’re safe from investigations on that from the Police of MACC. You can also post-pone indefinitely PAC hearings by simply rotating members of the PAC into your cabinet through well timed ‘cabinet reshuffles’ giving you much autonomy from legislative investigation. Finally you can short-circuit the judiciary process by ensuring nothing ever gets to the courts because ‘your guy’ is the Attorney-General.

Conclusion

We have a system of government comprised of 3 branches, who together are meant to provide some semblance of oversight on each other. However, the PM can hack this way around the system, basically grants him a universal license to do as they like for the next 5 years, because the PM also decides when elections are held.

I’m not making a political statement, I’m just showing you how a hacker looks at systems and figures out their weak points to be exploited. I wrote a post that de-constructed an iPhone hack, and you can see similarities in the method of hacking, and the point is that every system has a loop-hole, or a bypass, and hackers by their nature look for these weak points.In the technology, every time an exploit is found, we patch the system, this takes weeks or maybe months, but in the case of Government—how do we patch it, especially if the virus is still in control?

Of course our Prime Minister would never do such a thing, because after all he’s such a nice guy.

The fourth-estate

The term fourth-estate is sort of like the fourth branch of government, one that may not be recognized, or even wield any political or legal power. But because it doesn’t have political or legal power it can’t easily be influence, absolutely power corrupts absolutely, so by definition having no power means you can’t be corrupted 🙂

That’s why it’s important for media outlets to report the truth and not be afraid, because every once in a while somebody figures out a hack to government and the only people that can stand in the way is the branch of government that has no power.

But if the media is comprised of large corporations, with staff on payroll, it’s a bit hard to act as a check and balance against a government that also serves as your ‘media regulator’, especially if the Government can suspend licenses, and put you out of business and your staff on the street.

So the onus unfortunately falls onto the ‘private bloggers’. Ones whose livelihoods don’t depend the content the push out, and ones who can speak out a bit without worrying about the livelihoods of other staff.

#YourComment