When I was young, I was part of an online group which compromised computers to gain access. In those computers, backdoors (an alternate entry to the computer, useful when the original entry point is closed), keyloggers (an application to record whatever is entered into to computer e.g passwords) and DoS applications (an application to initiate denial of service to cripple other computers). But it was all for fun.
Hacking remote computers are usually done in such text consoles unlike those colourful interfaces in movies!
Although such activities are illegal, it brought me a wealth of knowledge about computer security which I now use to advise my clients. This also led me to a new area of specialty i.e cyberlaw and also the involvement of such area gained me some publicity (see here and here).
Throughout my experience, I have come across cases where personal emails were illegal accessed, servers DoSed (thus rendering it unaccesible) and servers hacked with personal data therein illegally accessed. So far, I think the worst cases I have seen is where personal emails are hacked. Many people store their personal stuff (e.g intimate secret and photos) and this creates a huge embarrassment when it is leaked out.
Even Facebook is not spared. In a recent case, a woman had her Facebook account hacked and the hacker sent a message to all her friends asking for money to help her and her husband.
Although there are laws to prosecute hackers, my personal experience is that it is very difficult to have them prosecuted. A police report can always be made for crimes committed under the Malaysian Computer Crimes Act 1997 but a lot of times it is too late as severe harm has been done.
In view of the rampant cybercrime, Cybersecurity Malaysia, a government agency that promotes cyber safety and Internet security among Malaysian Internet users, is observing the World Computer Security Day (WCSD) which falls on 30 November 2009. I have personally met the people from Cybersecurity Malaysia and have dealt with them occasionally. They are good people.
WCSD is an annual event observed worldwide that was started in 1988 by the non-profit Association for Computer Security Day to help raise awareness of computer related security issues. This year marks the first time WCSD is being observed in a big way in Malaysia.
Themed “Computer Security is Everyone’s Responsibility” WCSD 2009 in Malaysia will involve several events and initiatives hosted by CyberSecurity Malaysia in the months of November and December designed to communicate how individual users are responsible in protecting information assets and resources, and practicing safe computing.
One of the ways to take part in this event is to change your passwords on 30 November 2009. Passwords should be changed from time to time (preferably every 3 months). You won’t know who is lurking around your email!
Other than that, you may take part by..
1. Visit the Cybersafe.my website
In August 2009, CyberSecurity Malaysia launched Cybersafe.my, a website that is a repository and resource for all Malaysians to learn more about computer safety – from handy tips, cool posters, interesting videos and other resources on cyber security and safety.
2. Submit your true Internet-horror story
In conjunction with WCSD, CyberSecurity Malaysia is in the midst of enhancing Cybersafe.my with Web 2.0 interactive elements for Malaysians to be able to share with each other their computer security-related experiences and learn from one other. Site visitors will be able to submit their experiences in video and text format, view the submission of other visitors as well as start educational discussions that will make them less susceptible to threats.
3. Be a fan of WCSDMY on Facebook & Twitter
Besides the website, WCSD also has a Facebook group (World Computer Security Day (WCSD) Malaysia) and Twitter account (@WCSDMY) which will update and remind its followers on useful tips and quizzes related to computer security.
4. Submit a report if you are or know of a victim of online threats
Malaysian netizens who are victims of computer security breaches or any illegal activity in cyberspace are encouraged to refer the incident to Cyber999TM Help Centre by calling 1-300-88-2999, sending e-mail to email@example.com, or filling up an online report at www.cybersecurity.my or www.mycert.org.my.
Lastly, don’t forget to change your Facebook password on 30 November 2009! Someone (especially me) may use it to pose embarrassing messages on the pretense that I am you XD..just like this..
(Click for larger image)