Authorities knew about M'sian Parliament hack
By M. Madhavan
4th January 2001 (ZDNetAsia)

The Malaysian Computer Emergency Response Team (MyCERT) was expecting an increase in hacking activities over the holidays. The kink in the armor was their inability to locate and inform the webmaster of the Parliament website.

PETALING JAYA (iStar)- The Malaysian Computer Emergency Response Team (MyCERT) said it knew that the Parliament website had been hacked on Dec 27, but had been unable to get in touch with the people managing the website.

The hacking, which wiped out all information on the Parliament website and replaced the homepage with words in a foreign language, was first made public by DAP chairman Lim Kit Siang on Dec 30.

"We were informed about the hacking at 10pm on Dec 27 from a trusted foreign source, but we could not contact the people involved,'' MyCERT project head Raja Azrina Raja Othman said in a statement today.

She said according to MyCERT's sources, this was not the first time the Parliament website had been hacked, but did not provide further details.

MyCERT had been expecting an increase in hacking and computer virus attacks during the festive season, and said it had reminded all government agencies in its subscription list to be prepared.

"We had also advised these organizations to update their contact information, especially with handphone numbers that could be reached during the holidays,'' Raja Azrina said.

The Parliament website, which was down at press time, is registered under the Palm Oil Research Institute of Malaysia (Porim), but the listed webmasters did not respond to MyCERT's alert, she said.

Under the Computer Crimes Bill 1997, hacking is a criminal act. As yet, no police report has been filed.

"We have not been assigned to track down the hacker, but I believe this can be done through an in-depth analysis of the website's servers,'' Raja Azrina said.

She said the level of security awareness among Malaysian website operators was still low.

"Internet security is very much the responsibility of all levels in an organization, and people need to be trained,'' she said.

"We would also like to correct the misconception among technical personnel that servers that do not show signs of malfunction are clear of intruders.

"Some of these servers could be running unauthorized software agents or backdoors that would allow hackers easy entry in the future,'' she added.