Computer and Network Security, Mamak Style

Finally, the more than a decade long wait for the Personal Data Protection Bill finally ends (via The Star):

THE Personal Data Protection Bill, which aims to protect and regulate the use of private data, will be tabled for first reading in October.

Deputy Information, Commu-nication and Culture Minister Senator Heng Seai Kie said the Attorney-General Chambers had finalised the draft for the Bill.

“The Bill will not only be limited to cyber space laws as it will also include sectors such as tourism, finance, insurance, telecommunications and other fields that involve commercial transactions,” she told Datuk Bung Mokhtar Radin (BN — Kinabatangan).

Heng said the drafting of the law was aimed at monitoring the processing of private data by users and to give protection to individuals, whose data was being processed, and safeguard their rights and prevent abuse.

Heng said the Bill would also come with an enforcement mechanism to get data users to comply with the provisions.

She told Saifuddin Nasution (PKR — Machang) that it was important for the ministry to receive feedback on the proposed Act as it would have a huge impact on existing system on data usage, adding that it had already consulted various non-governmental groups and sectors.

To another question by Bung Mokhtar, Heng denied that fraud or abuse had delayed the formulation of the Personal Data Protection Act.

She said the Bill would be presented together with the Credit Reference Agencies Bill under the Finance Ministry, aimed at regulating credit reference agencies like Credit Tip Off Service (CTOS).

And here:

The Attorney-General’s Chambers has finalised the Personal Data Protection Bill and is targeting for it to be tabled for first reading in October, Deputy Information, Communication and Culture Minister Senator Heng Seai Kie said.

It would not only be limited to “cyberspace laws” but also include sectors such as tourism, finance, insurance, telecommunications and other sectors that involve commercial transactions, she said.

The main purpose of the Bill is to ensure consumers’ individual data processed by these sectors be used for commercial activities only, she told the Dewan Rakyat on Wednesday.

The law would cover the processing of private data, protection for individuals whose data was being processed, upholding individual rights and prevent data abuse, she added in a response to Datuk Bung Moktar Radin (BN-Kinabatangan), who had asked about the proposed enactment.

The Personal Data Protection Bill, under a different name, was one of the first “cyberlaws” mooted when the Multimedia Super Corridor project was launched more than a dozen years ago.

Related:

Personal Data Protection Act, Do We Have One?

Now, where do I get a copy?

Somehow this has escaped my attention, even though it was prominently displayed right in front of my eyes. It seems that the 'CT' in IMPACT now stands for cyber threats instead of cyber terrorism. My sources told me that the name change was done prior to the launch (this news article still uses cyber terrorism) of the IMPACT headquarters. Older press releases such as this, this (IMPACT's partner ITU), and this all refers to IMPACT as "International Multilateral Partnership Against Cyber Terrorism". Even in this video, the backdrop used the words "cyber terrorism". By the way, the starting of the video reminds me of the tv series 24.

Anyways, if you are interested about what IMPACT does, here are some links:

• Impact entry on Wikipedia
• Youtube video - check out their global response center, complete with Google maps and all, and definitely very canggih.
• IMPACT website
• ITU's Global Cybersecurity Agenda

The question is - after more than three years (the idea was announced by our then PM Tun Abdullah at WCIT 2006) promoting IMPACT as the first inter-government effort in fighting cyber terrorism, why the name change to cyber threats?

This looks to good to be true to me:

From: "HTR National Ltd." <process@grant25sernet.com>
Reply-To: "HTR National Ltd." <equipmentout115@yahoo.com>
To:
Subject: Job Offer (10,500 MYR)
Date: Sun, 14 Jun 2009 15:34:46 -0700

ATTENTION

Our warehouses are filled with great new and used warehouse equipment and racking 
products, ready for fast shipment. Due to the large amount of order we receive from 
Malaysia, we are in urgent need of workers who will work part- time as payment agents. 
Customers will make payments into your account, we will then give instructions on how to 
send the funds to us. You will be paid RM 2,000 on every transfer and also get a 
Monthly Payment of $3,000 (USD).

Email us the below information if interested.

Full Names:
Contact Address:
Mobile Phone Number:
Bank Name:
Account Number:

APPLICATION / REQUIREMENTS:
1.) We only accept Maybank Accounts
2.) You are required to have an ATM Card as most withdrawal will be done via the ATM Machine.

Website

www.htr-equipments.com/Online.html

Management

HTR EQUIPMENT Ltd.
55/1 College Street,
Worcester, MA 01610 - USA

This sounds too good to be true. RM2,000 for every shipment + USD3,000 per month - that's roughly MYR13,000 per month! This is how the site looks like:



The website (http://www.htr-equipments.com) is hosted on a domain parking server. I believe this is a scam, and it's goal is to collect as many Maybank account number as possible. Don't fall for this.

Two phishing emails:

From: "Maybank Group" <links@links20serving.com>
To:
Subject: Important : Account Suspension
Date: Wed, 10 Jun 2009 12:20:52 -0700

Dear Valued Customer,
 
Maybank security systems detected a serious (PR2) security problem in your account. Your account has
been restricted due to several invalid login attempts from an unauthorized third-party. Your immediate 
attention is required to reactivate your account.  Please be informed that your account will be temporarily 
closed if not activated now.

Activate Below
www.maybank2u.com.my/
 
Thank you for your understanding and support.

Maybank Berhad

In the phishing email above, the url goes to http://www.web2u-active50.com/M2ULogin.htm, which is detected as a web forgery by Firefox, and reported as "Not found" by OpenDNS. The second phishing email is also similar:

From: "Maybank Group" <zones@links20serving.com>
To:
Subject: - Urgent (Account Problem)
Date: Tue, 09 Jun 2009 14:10:02 -0700

Dear Valued Customer,
 
Maybank security systems detected a serious (PR2) security problem in your account. Your account has been 
restricted due to several invalid login attempts from an unauthorized third-party. Your immediate 
attention is required to reactivate your account. Please be informed that your account will be 
temporarily closed if not activated now.

Activate Below
www.maybank2u.com.my/
 
Thank you for your understanding and support.

Maybank Berhad

In this phishing email, the URL goes to http://www.setup-access4m2u.com/M2ULogin.htm, which is blocked by Firefox, and not loaded by OpenDNS.

Pray tell me, what is PR2?

Now, if you are a user of Maybank2U, upon 3 failed logins, your account will be disabled. You will need to go to the nearest ATM (for Maybank, its practically everywhere), and request for new Maybank2U Internet account. You will be provided with a new PIN, There is no way to reactivate your account from Maybank2U website itself - there is no such option. Once you reregister, you then need to key in your "Access Number" and PIN number provided by the ATM. And from here onwards, you will have a new account. All the settings that you previously have, such as "Favorite third-party account transfer", "Registered bill payment", etc are gone, except your money of course.

Stay safe. Remember: banks don't send email, they send surat. Use Firefox.

This is something new from the scam department:

From: "Mr. Jeong Dong" <officemac5@virgilio.it>
Reply-To: jeongdongs@gmail.com
Subject: Greetings
To: undisclosed-recipients:;


Good day, My name is Jeong Dong, I discovered 20 million pounds some months 
after I was nominated as the marketing manager of KIA automobile company UK, 
KIA MOTORS is a South korean automobile company. It was kept by our formal 
marketing Manager David Smith with finance house. I write for your assistance 
to transfer into your country, you are to stand as the inheritor of this 
funds. 

The finance company is one of the UK leading clearing house. I will furnish you 
with details breakdown of this very project, therefore, 12 million pounds for 
me while 8 million pounds for you at the end of the project.The project is 
legitimate if you can follow my instructions promptly. NB Very confidential, 
Can I trust you?

Looking forward doing business with you.

Kind Regards,

Jeong Dong

So the Koreans are into Nigerian 419 Scam? I didn't know that these scams are a fad

http://www.kcom.net.my/ is a website belonging to KCOM Management Sdn. Bhd. They provide professional training courses and educational consulting services, including CISSP certification training. They should have got one of the CISSP trainers to secure their website.



Website: KCOM Management Sdn. Bhd.
URL: http://www.kcom.net.my/

DISCLAIMER: All the information related to computer crimes (i.e. defacements) contained in security.org.my were either collected online from public sources or directly notified to us. Security.org.my is neither responsible for the reported computer crimes nor it is directly or indirectly involved in them.

If you're into IDS, (which is the natural progression towards network security monitoring, then the books above is a must have, except for the Snort book, of course. They are:

• Network Intrusion Detection - An Analyst's Handbook by Stephen Northcutt and Judy Novak. As you can see, I have both the 2nd and 3rd edition. This books dabbles in tcpdump, all the hardcore TCP/IP stuff like writing BPF filters, analyzing attacks (yes, from tcpdump traces), and so on.
• Intrusion Signatures and Analysis by Stephen Northcutt, Mark Cooper, Matt Fearnow & Karen Frederick. This is a hardcore book in which the authors walk the readers thoroughly in analyzing attacks, network scans, buffer overflows, and DoS - all from tcpdump traces. I wonder why the authors never bother to come up with a follow-up edition, considering that the attack landscape have changed dramatically since the book's publication in 2001.
• Intrusion Detection, by Betty Bace. This is the mother of all IDS books. Unlike the previous two, this book is really about IDS (host-based, network-based, anomaly, etc), and it looks at IDS from an academic point of view. The content is what to be expected from an academic book - definition of IDS, IDS analysis scheme, detection model, analysis model, and so on. It also discuss the design of an IDS system.

Fresh from its 55th Muktamar, tvpas, a news portal owned by Pan-Malaysian Islamic Party or better known as PAS, is defaced:



PAS is a component of PKR Pakatan Rakyat (PR), an opposition coalition in Malaysia.

Website: tvpas.com "Jelas berbeza"
URL: http://tvpas.com/v1/XShimeX.txt

The website appears to run the popular Joomla! CMS.

DISCLAIMER: All the information related to computer crimes (i.e. defacements) contained in security.org.my were either collected online from public sources or directly notified to us. Security.org.my is neither responsible for the reported computer crimes nor it is directly or indirectly involved in them.

UMNO Online is the official news website of UMNO, the main party in Malaysia's ruling coalition. Today, I just got news that the website has been hacked and defaced.



The website seems to be running on Wordpress.

Website: UMNO Online - Official News of United Malay National Organization
URL: http://www.umno-online.com/umno/XShimeX.txt

Related:

May 11, 2009 - Defaced - kelab-umno.com
November 7, 2007 - Barisan Nasional Website - SQL Injection Vulnerabilities


DISCLAIMER: All the information related to computer crimes (i.e. defacements) contained in security.org.my were either collected online from public sources or directly notified to us. Security.org.my is neither responsible for the reported computer crimes nor it is directly or indirectly involved in them.