Information Security News mailing list archives
Parliament webmaster alerted days before hacking report, says MyCERT
From: InfoSec News <isn () C4I ORG>
Date: Thu, 4 Jan 2001 01:18:58 -0600
http://thestar.com.my/tech/story.asp?file=/2001/1/3/technology/03hack&sec=technology By M. MADHAVAN Wednesday, January 3, 2001 PETALING JAYA: The Malaysian Computer Emergency Response Team (MyCERT) said it knew that the Parliament website had been hacked on Dec 27, but had been unable to get in touch with the people managing the website. The hacking, which wiped out all information on the Parliament website and replaced the homepage with words in a foreign language, was first made public by DAP chairman Lim Kit Siang on Dec 30. "We were informed about the hacking at 10pm on Dec 27 from a trusted foreign source, but we could not contact the people involved,'' MyCERT project head Raja Azrina Raja Othman said in a statement today. She said according to MyCERT's sources, this was not the first time the Parliament website had been hacked, but did not provide further details. MyCERT (http://www.mycert.mimos.my) had been expecting an increase in hacking and computer virus attacks during the festive season, and said it had reminded all government agencies in its subscription list to be prepared. "We had also advised these organisations to update their contact information, especially with handphone numbers that could be reached during the holidays,'' Raja Azrina said. The Parliament website (http://www.parlimen.gov.my), which was down at press time, is registered under the Palm Oil Research Institute of Malaysia (Porim), but the listed webmasters did not respond to MyCERT's alert, she said. Under the Computer Crimes Bill 1997, hacking is a criminal act. As yet, no police report has been filed. "We have not been assigned to track down the hacker, but I believe this can be done through an in-depth analysis of the website's servers,'' Raja Azrina said. She said the level of security awareness among Malaysian website operators was still low. "Internet security is very much the responsibility of all levels in an organisation, and people need to be trained,'' she said. "We would also like to correct the misconception among technical personnel that servers that do not show signs of malfunction are clear of intruders. "Some of these servers could be running unauthorised software agents or backdoors that would allow hackers easy entry in the future,'' she added. ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Parliament webmaster alerted days before hacking report, says MyCERT InfoSec News (Jan 03)