60 gov't Web sites hacked
By Staff
6th May 2001 (Malaysia.CNET.com)

KUALA LUMPUR--Sixty government Web sites have been hacked between February 1, 1999 and April 3 this year, with a total of 89 actual hacking incidents taking place.

Despite the high number, none of the government agencies affected had completely lost its data, the New Straits Times reported Friday, quoting chief secretary to the government Samsudin Osman. However, no details on the damage or amount of data stolen or used for ulterior motives were provided.

Samsudin, according to the report, attributed the "easy hacking" to carelessness and weaknesses in preventive efforts.

Among the Web sites attacked were those belonging to the Immigration Department, Social Security Organisation, Treasury, Selangor and Terengganu Governments and Public Works Department. The details were revealed by Samsudin while addressing a Public Sector ICT security seminar Thursday.

In addition, 29 Web sites operated by private entities such as Hong Leong, Malaysia Airlines, MidValley Megamall, SkyTel, Garden School, Multimedia University, Mines and MSN Dollars, have also been hacked.

All government departments and agencies have been directed to upgrade their computer security system to safeguard vast amounts of valuable information.

Among the directives is an ICT Security Incident Reporting Mechanism circular outlining a standard operating procedure of reporting breach of security or other attacks that include denial of services, new vulnerabilities, false identity breaches, vandalism or system disruptions.

The directive is being handled by the Government Computer Emergency Response Team operating under the Malaysian Administrative Modernisation and Management Planning Unit (Mampu).

A Mampu preventive measure called Programme Security Posture Assessment has also been instituted to audit and appraise Web sites for infrastructure strength.

As earlier reported, there has been a surge in hacking incidents in the country since the end of last year, as witnessed by the Malaysian Computer Emergency Response Team (MyCert). Total hacking incidents to the middle of March 2001 by far surpassed the total number of similar incidents in February alone.