In Malaysia, it's a hackers heaven
15th May 2005 (New Straits Times)
BY Nurris Ishak

Hackers know best. As far as they are concerned, the Internet security of most organisations in Malaysia is far from secure.

"The system administrators of the organisations or companies should pay attention to the latest in information technology," said Anonymous, 24, a hacker from Shah Alam.

"It is easy to hack a website and to find weaknesses in the system. Even a primary school kid can do it.

"If a hacker is malicious, he can do a lot of damage to a system or to individuals. Hackers can re-create a bogus website that looks exactly like the real one and no one can tell the difference.

"This is not such good news if you are a banking website, for example."

It does not even take a computer genius to hack, according to hackers. You can find hacking software on the Internet, and downloading the programmes and using them maliciously is just a click away.

"A hacker can download a port scanner, which looks for an open door in a system.

"Usually, any system which can be accessed by the public has some extra ports open so that the public can have access to it.

"All a hacker has to do is to find the open port and enter whatever commands that they can create themselves, and they are in the system."

Most hackers said they do it just for the fun of it, but there is always the few who do it for malicious reasons or profit.

Even individuals can be a hack victim, and anyone connected to the victim can be subjected to hack attacks.

You can be a victim as easily as clicking on a button to a website or opening e-mail.

"Users should always be careful in downloading attachments, as there may be a programme that is hidden in it that would allow a hacker to have access to their computer system.

"Hacking incidents are preventable, but this would depend on the person's awareness on the ways to protect themselves from it."

Online banking users, for example, are advised to type the website address themselves, instead of clicking on a link. This is because links can be quite deceiving.

A hacker can create a website which may look exactly like an online banking system website, and the average user wouldn't be able to know the difference.

Any website address that begins with http:// is an insecure website, which means that whatever information disclosed by the user would be open to whoever happens to be hacking in.

A secure website address would appear as https://.

"It's always wise to look before you leap. Sometimes impatience or sheer laziness may cost you," said IT security officer Lim Keng Fatt, 35.

"Clicking on a link button may be a convenient way of getting to another website, but it may well be at your expense."

Putting up a firewall may well be the best protection but it's only a matter of time before a hacker can find the hole in the system.

"The best security is the Internet administrator himself. If he keeps up with the technology, he would know the weakness in the system and he would be able to patch it up," said Lim.

"IT education also plays an important part to prevent oneself from being a victim.

"In this day and age, one should always be aware of the current technology. Education is the key to safety."

According to the National ICT and Emergency Response Centre (NISER), as of the first quarter of 2005, there were 300 reported hack incidents which comprised of intrusions, hack threats and denial of service.

A spokesman for the centre confirmed that there has been a 100 per cent increase in hack incidents, compared to the fourth quarter of 2004.

"We would say any financial transactions over the Internet is not 100 per cent secure without dual (two-factor) authentication from client and server side, which is not being implemented now."

"A user should always be wary of websites which requires them to disclose personal information over the Internet. There is always a potential threat out there.

A user or an organisation can protect their machines or systems from being hacked by applying several methods but it is a constant headache for corporations.