Sunday August 19, 2012
What the hack happened?
By LISA GOH
lisagoh@thestar.com.my
Losing your personal particulars to hackers can lead to financial losses, heartaches, loss of reputation - and sometimes friends, too.
IT starts out so innocently. A simple vote request by an acquaintance for a competition on Facebook; one click and law student Sharlyn J. discovers she has been hacked and locked out of all her social media accounts emails, Facebook, Twitter, Skype and MSN Messenger.
“I clicked on the link and a new window popped up. It looked exactly like Facebook - the colour and the fonts - but I didn't double check the URL. That was my mistake.
“The site required me to type in my email address and password. I was a little reluctant at first but the girl kept pleading for me to vote for her so in the end, I did. Right after that, I knew something was wrong. I got locked out of all my accounts,” says Sharlyn, 19, of the incident last May.
If that wasn't bad enough, within the hour, she received a text message that said “Hi Sharlyn. Your full name is , your IC number is , your IP address is , you are a student at college etc.” The hacker demanded money in exchange for getting her accounts back.
Gone in a second: It’s a nightmare for anyone who has discovered that his or her personal particulars have gone into the wrong hands. “He/she even said I'm not asking for much, just RM300. You can report to the police, but there's no point. I can't be tracked.'
“That person had all my personal particulars. I was really freaked out. I had just started college and was living on my own. What if he had my home address as well?”
Failing to get a response from Sharlyn, the hacker then sent another text message, offering her a discount of RM150.
“I called my mum and told her what happened. I was really scared but I ignored him. I lodged a police report and opened new accounts the next day to tell all my friends to delete the old ones,” she says.
However, even weeks on, the hacker was still assuming her identity and chatting with her friends - as she found out later. She never got any of her accounts back.
In other instances, the identity thief doesn't come to you for money. He goes to your friends, as local film producer Wendy Wong discovered.
Early last month, Wong sent her notebook for servicing. After getting her notebook back two weeks later, her problems started. When she logged into her email account, there was a prompt saying that the account was in use.
She didn't think much of it, but then came phone calls asking if she was all right and if she was stranded in Spain.
Her email account had been hacked. Assuming her identity, the hacker emailed all her contacts to tell them she had lost her wallet and asked them to send money so she could settle her hotel bill in Spain. The hacker asked her contacts to send her RM10,929 (2850) via Western Union to an address in Madrid.
“I was in Kuala Lumpur all the while. Good thing some of my friends called me to check before sending money over. I had friends who were already planning to transfer the money,” Wong says, adding that she was alerted of the situation by an mStar journalist who had called her to ask if she was indeed stranded in Spain.
Several attempts to change her password failed as the hacker made repeated assaults on her account. Wong has since lodged a police report and alerted the customer service of her email account provider.
“This has affected my reputation. Those who know me well would know I would never go around asking people for money. But what about those I have just met, or are just starting a business partnership with? What would they think of me?”
For that reason, Wong held a press conference early this month to clear her name and to alert all her contacts of her predicament.
“It's not so easy for me to just get another email address as that's where my contacts reach me. But it looks like I don't really have much choice now,” she laments.
When it comes to hacking and identity theft, the most important thing is doing everything you can to make sure it doesn’t happen in the first place. - Nigel Tan Symantec Malaysia systems engineering director Nigel Tan says that when it comes to identity theft, more often than not, it's an opportunistic crime, and it's a two-step process.
“Someone steals your personal information, then uses that information to impersonate you to commit fraud. It's important to understand this two-step approach, because your defences also must work on both levels,” says Tan, who is Symantec's principal consultant for Asia South.
According to the Symantec Internet Security Threat Report for the year 2011, a total of 232 million identities were breached worldwide, and of that, 80.5% were by hackers.
In 2011, the Malaysian Communications and Multimedia Commission (MCMC) recorded a total of 199 hacking complaints, and six identity theft complaints. For this year up till Aug 9, MCMC recorded 141 hacking complaints, with no identity thefts as yet.
Under the law, hacking itself is an offence under the Computer Crimes Act 1997, says KL Bar Information Technology Committee co-chairman Foong Cheng Leong.
Section 4 of the Act, for example, finds “unauthorised access with intent to commit or facilitate commission of further offence” a crime, whereby a person convicted could be liable to a fine not exceeding RM150,000, or to imprisonment for a term not exceeding 10 years, or both.
Further offences, such as cheating, can be pursued under the Penal Code, Foong explains. Victims can also file civil suits if the perpetrator is known to them.
However, identity theft could prove to be more than a mere inconvenience for victims, in light of Section 114A of the Evidence Act 1950, as it holds the account owner responsible for any material published from his/her account, “unless the contrary is proved”.
This amendment to the Act, passed in Parliament in April this year, drew heavy objections from various quarters.
On Thursday, Information, Communications and Culture Minister Datuk Seri Dr Rais Yatim announced that the Cabinet has decided to maintain it.
Hacker’s victim: Wong is worried that her reputation may have been marred by the stranger’s doings. But what drives hackers to hack and steal another person's identity?
Where previously the motive would have been to gain fame, Tan says more often than not these days, it's for financial benefits. Social media sites have also not been spared.
“Hackers want to get into the social media because they want to exploit that circle of trust. When you see an email or link sent by someone you know, you're more likely to respond,” he says.
His advice?
“Never ever click on links. Open a new browser and type in the URL. If you get a phone call from a bank saying your account has some issues, and they require your personal information, hang up and call the bank directly and ask them if they really have a problem with your account,” he says. (Refer to chart for more Do's & Don'ts.)
He also advocates using different passwords for different accounts and changing them regularly (once every 90 days is ideal). Using the two-factor identification facility (where both a password and a code sent to your mobile is needed to access an account) where available would also act as a deterrent.
“It's important to understand how easily personal data is linked these days. Information that can be easily found on Facebook can include your place of birth, your mother's name and other personal details. And these are usually the security questions banks use.
“Personal information flows so easily from one thread to another, and hackers are always waiting to exploit that,” he says.
And sometimes, it's all a matter of being aware of the personal information you give out. “When a site or a person (even in legitimate circumstances) asks you for certain personal information, just stop and just ask yourself, Do they really need that information and am I comfortable in giving that information?'
Give it some consideration, and if you don't think they do, then don't give it. “When it comes to hacking and identity theft, the most important thing is doing everything you can to make sure it doesn't happen in the first place.”
- Families of top brass should not bid for gov’t contracts, says MACC panel
- Malaysia to work hard for UN Security Council seat
- Respect the rule of law, Senate chief tells Karpal
- Fishermen slammed for selling off free engines
- Cops urge motorists to avoid roads near Dataran PJ Thursday evening
- EC: Special team to find out why indelible ink was not indelible
- Banting murders: Thilaiyalagan never met Sosilawati and friends
- Sabah moves to nullify rape victim's marriage to alleged rapist
- Sarawak ministers, assemblymen get three-fold pay hike
- Low’s Cabinet appointment will not change his principles, says Tunku Aziz
- Saturday rally near Amcorp Mall to go on despite official warning
- Merged Education Ministry to have workforce of half a million
- Security guards jailed for killing alleged Nigerian conman
- Coconut yogurt anyone?
- Court postpones return of Genneva directors’ assets
- Alliance full year profit up 7% to RM538mil
- Bumi Armada's earnings up 22% to RM109.67mil, order book RM12.2b
- Dayang bags RM2bil contract from Shell
- CIMB earnings up 37.1% to RM1.386b in Q1, 2013
- MMHE Q1 earnings down 35% to RM50.59m
- KLCI closes a shade below record high
- AmIncome Flexi bond fund to attract RM200m investments
- EPF invests additional US$1.3b overseas
- MIDA: Investments up 44% on-year to RM49.3b in Q1
- Prague metro plans to launch love train for singles
- iGate sacks chief executive Murthy after sexual harassment probe
- Eversendai Q1 earnings slip 13.1% to RM23.68m on timing differences
- US asks judge to deny S&P's motion to dismiss fraud lawsuit
- Perdana Petroleum bidding for over RM1b contracts
- IOI Corp Q3 earnings up just 2.8% to RM567.8m (Update)
- 6.0 quake off Russia's far-east Kamchatka coastline: USGS
- Death toll rises to 21 in Indonesian mine collapse
- Dozens dead as tornado hits Oklahoma City (Updated)
- No new H7N9 cases in China for a week: government
- Villagers discover ancient ball game statue in Mexico
- British PM survives gay marriage vote
- Kerry to help ink $2.1 bn defense accord with Oman
- Yahoo unveils makeover of flickr site
- China crush arch rivals Indonesia
- Former Asian phenom takes slow route to success
- Plenty for Hafizh as 55 is significant in his early racing career
- Yi Ting on a mission
- Razif: Indiscipline the cause of senior players’ poor performances
- Cool V Shem believes he will be too hot for rivals to handle
- Spirited Malaysian team vow to deliver against Germans
- Japan hope to reach their first semis in tourney
- KLHC to rule the roost if other teams don’t raise their game
- Malaysia have their work cut out in the World League
- Gobi’s fate to be decided by MHC’s administrative committee
- Andre nails it with last jump
- Grace hammers home a point with two golds
- Delia one step away from main draw after easy win
- Sharon believes KPT circuit is excellent for squash’s future
- Rape accused defends marriage to 13-year-old, says it was mutual
- MAS flew baby home with doctor's certification, says CEO Ahmad Jauhari
- Wee: MCA shouldn’t join Government
- ‘Boycott will be self-defeating’
- AirAsia: Child not allowed on board because of chicken pox
- The best ways to national unity
- Group upset over man marrying underage victim
- Mustapa against call to boycott products of Chinese firms
- Zahid: I will not interfere with decisions of HODs
- Former top judge questions Enforcement Agency Integrity Commission
- Rape accused defends marriage to 13-year-old, says it was mutual
- Malindo set to operate from Subang Skypark
- Sarawak ministers, assemblymen get three-fold pay hike
- Coconut yogurt anyone?
- MAS flew baby home with doctor's certification, says CEO Ahmad Jauhari
- The best ways to national unity
- Plaza Rakyat may be revived
- ‘Boycott will be self-defeating’
- Court postpones return of Genneva directors’ assets
- Not taken for a good ride and not ungrateful
RSS
