Spotlight: Hackers cast their Net wide

KUALA LUMPUR, Mon:

It’s the end of the working day. Staff lock their desks before they go home. After the last person leaves, the office is locked up and security guards start their patrols.

The next day, the staff comes in to find that the office has been robbed, not of its money or equipment, but of something possibly more valuable: Its data.

Cyber crime has cost companies billions worldwide, and Malaysia is no exception.

Heitech Padu Bhd, one of the country’s largest information and communications technology (ICT) service providers, said most organisations only believed they were prepared for problems like cyber-squatting and online piracy.

But low awareness of information security in the country has been a gold mine to cyber criminals, known as social engineers to industry experts and hackers to others.

Heitech president Safiee Mohammad said companies faced two threats.

"The first is the outside threat. Virus writers, spammers and hackers have joined forces to co-ordinate viruses, spamming, phishing and spyware attacks that have significant impact on businesses," said Safiee.

The inside threat, he said, was employees of organisations themselves. "Your own workers are known to be the weakest link, through whom cyber criminals gain access to a system."

Personal records, biodata and other private information can be used to get hold of ATM passwords, said Safiee, adding that while many think their email accounts were protected by passwords, hackers could mark and read email as the owner was logged on.

Social engineers con people into revealing sensitive data on a computer system, often on the Internet. One of the most recent incidents that affected banks was the rise in phishing scams in Internet banking.

In 2004, 92 phishing cases were reported to the Malaysian Computer Emergency Response Team (MyCERT). Victims were deceived into giving out sensitive information on fake websites designed to look like the official site.

The actual amount of the losses was not revealed, but the Finance Ministry was reported as saying that about 26 Internet banking frauds cost the victims about RM200,000.

ICT companies and banks then began pushing for measures such as the introduction of dual-factor authentication systems like retinal scans and thumbprint scans for users.

But being aware of the risks does not solve the problem. Heitech chief security officer Khairuddin Abdullah said: "Computers left on 24 hours a day are an open invitation to hackers to cyber-squat and rob the system of its resources.

"Someone who can hack into the system administration can control your computer and distribute anything, like pornography."

He added that simple security features like username and password verification hardly helped, and many organisations didn’t even realise they had been hacked. "When they do find out, it’s too late and many do not wish to discuss it," he said.