Columnists

Is your personal data in the hands of cybercriminals?

DATA theft has emerged as one of the major cybercrimes worldwide but has attracted little attention from Malaysian lawmakers.

Hackers are criminals who gain unauthorised access to networks and devices, steal sensitive data, such as an individual's personal and financial information, and sell it on the Dark Web.

Monetary gain is the main reason. Besides hackers, most data thefts are committed by or with the help of insiders and IT vendors.

Statistics published in 2018 by research centre Ponemon Institute showed that at least 56 per cent of organisations have experienced a data breach due to a vendor's security shortcomings.

An alleged leak of the data of 22.5 million Malaysians born between 1940 and 2004, purportedly stolen from the National Registration Department (NRD), again put the country in the spotlight.

Local tech portal Amanz reported that the database, 160GB in size, is being sold for US$10,000 on the Dark Web.

Home Minister Datuk Seri Hamzah Zainuddin denied the leak took place as the NRD firewall is quite strong. However, enforcement agencies must investigate if the leak is genuine.

Hackers are becoming more sophisticated, forcing countries to be proactive by hiring "ethical hackers" to deal with cyberattacks and the Dark Web.

Prior to this "NRD" incident, threats had been levelled against the Royal Malaysian Navy, the United States Air Force and the Nigerian navy involving highly classified documents that were leaked and ended up on the Dark Web.

The hackers had broken into our system and stolen data, including personal information, to commit fraud.

Then there was the case of a cybercriminal who claimed to have the personal details of 1,164,540 Universiti Teknologi Mara students and alumni from 2000 to 2018, and the information was eventually sold on the Dark Web.

There are three layers of the Internet — the Surface Web, Deep Web and Dark Web. The Surface Web contains only four per cent of the Internet; the remaining 96 per cent is hidden in the Deep Web.

This is not to say the Deep Web is necessarily malicious. Medical records, academic and legal documents are stored there for protection and privacy.

What is disconcerting about the Deep Web is a part of it called the Dark Web, which is internationally hidden and not accessible with traditional search engines or standard browsers.

To access this level, one needs to have a special browser known as The Onion Router, originally developed by the US Navy to protect government intelligence communications, as well as user privacy by hiding their IP addresses.

The Dark Web is used by hackers aiming to disrupt critical infrastructure or classified information. It also serves as a "criminal underground" to facilitate money laundering and other criminal activities.

The organised criminal sites offer their largest marketplace on the Dark Web for the purchase of illegal products and services, such as sensitive data, financial transactions, drugs, hitmen, human organs, child sex, pornography, counterfeit money, fake passports, firearms and stolen bank account information.

Last year, RM25.5 million in properties, luxury cars and watches, and cash were seized by the Malaysian Anti-Corruption Commission following the arrests of five people involved in a syndicate that hacked into the Immigration Department's computer systems to issue fake temporary work permits.

The Immigration director-general believed the syndicate had help from within the department.

The government must introduce a dedicated cybercrime unit to tackle hackers and the Dark Web.

There is also a need to boost the knowledge and capabilities of members of the police force,  intelligence agencies and Cybersecurity Malaysia.

The armed forces have set up a cyberwarfare regiment to strengthen cyberdefence.

Enforcement agencies, regulators and ethical hackers should form a task force with Cybersecurity Malaysia and acquire capabilities for Deep Web analysis.

This will facilitate investigations and continuous monitoring.

Tracking and attacking cybercriminals are a big challenge as we are dealing with expert criminals.

Prevention, awareness campaigns and risk mitigation are equally vital in fighting against cybercriminals on the Dark Web.

The writer is president of the Malaysian Association of Certified Fraud Examiners

Most Popular
Related Article
Says Stories