Despite the police assurance that no data has been compromised in the attacks on government websites last night, a set of user data allegedly leaked from Sabah tourism official website has been published over the Internet.
A posting on a free anonymous web hosting portal, has exposed the data of 392 user accounts. The details include user email, user name, first and last name, as well as their encrypted passwords.
The portal claimed that more than 3,456 accounts are at risk but had released details of only 392 so far.
Server details said to from the one that hosts the Sabah tourism website are also on the portal.
Meanwhile, The Star/Asia News Network reported that the defaced site was spotted early yesterday by the chief executive of a company that organises security conferences.
"A portion of the website was deleted when I saw it," said Dhillon Andrew Kannabhiran, who heads Hack In The Box (M) Sdn Bhd. "I had just returned from an overseas trip," the portal said.
The Sabah Tourism website has since gone offline.
F-Secure Corporation (M) Sdn Bhd, a computer security software company, corroborated Dhillon's account.
Goh Su Gim, its security adviser for Asia, said the Sabah Tourism site had been compromised.
Threat of more exposures
"Worse still, the data from 392 user accounts were stolen from the site and released to the public," he told The Star/ANN.
On the webpage where the hackers posted the data, they claimed they had the details of more than 3,400 users from the Sabah Tourism site, but they were only exposing the 392, he added.
The hackers also claimed to be Anonymous members and that they meant no harm, and only wanted to show the vulnerability of this site, he said.
The Star/ANN report also quoted Dhillon, as saying that the www.tourmalaysia.com.my site was also hacked and defaced yesterday.
He had checked the site after viewing the hacked Sabah Tourism website. It was defaced with words that included "Deface by Kambeng Merah: Credit to DarkJawa".
Another website which suffered the same fate was www.cidb.gov.my belonging to the Construction Industry Development Board (CIDB).
It was defaced with a long message that scolded the government for censoring the Internet. However, a while later, the site was back to normal.
Cyber terrorists keep their word
Dhillion said he believed these sites may not have been hacked by Anonymous.
"The hacker group is into co-ordinated attacks and keeps to its word when it comes to launching its attacks," he said.
"These are likely independent hackers taking advantage of the publicity."
CyberSecurity Malaysia, responsible for the nation's borders in cyberspace, confirmed that several websites were hacked. But it declined to say how many and which were the sites.
"At present, we are not able to elaborate further," said Lt Col (Rtd) Datuk Husin Jazri, chief executive officer of CyberSecurity.
He said rectification works were being conducted by the relevant authorities to address the situation, The Star/ANN reported.
According to the Malaysian Communications and Multimedia Commission (MCMC), 51 websites had been hit with at least 41 disrupted, during the attacks which began shortly before midnight on Wednesday.
However, police chief Ismail Omar was quoted by Reuters then as saying that no personal or financial data had so far been poached but the authorities were trying to determine the extent of the attacks.
Last week, the Malaysian Communication and Multimedia Commission (MCMC) had announced that 10 websites including Pirate Bay and Megaupload had been blocked for infringing copyright laws.
Subsequently the hackers uploaded a short clip on video-sharing website YouTube threatening retaliatory strikes on government websites from today for imposing the ban.
By Kuek Ser Kuang Keng Msiakini
No comments:
Post a Comment