"Greeting Malaysian. We are Anonymous Malaysia. This is message to Government Malaysia. Your security system is low, all data may be leak. This can cause unwanted hacker selling all information," said a man in a Guy Faux mask with an altered voice. It looks familiar!
Anonymous is a well-known, yet exceedingly reclusive, decentralised hacktivist movement, typically associated with cyber-attacks against governmental institutions and corporations. Anonymous is thought to have gotten its name from 4chan, a website launched in 2003 and providing an anonymous space for image-based posting – and designating most of the posters as “Anonymous” posters. Anonymous is linked to attacks on some of the world’s most well-known organizations including Mastercard, Visa, Sony, Nintendo, Apple, Twitter, the Tunisian, Algerian & Zimbabwean government websites, the United States CIA, and government agencies in almost every country in the world. The collective has no direct political affiliation, but instead supports causes related to opposing government control & hypocrisy, censorship and promoting freedom of speech. A Guy Fawkes mask (representing the fight against fascism in the novel and film ‘V For Vendetta’) is normally used to represent the group.
Anonymous Malaysia, a cell of Anonymous, recently took the global hacktivist spotlight to demand more powerful cyber-security safeguards within Malaysian government institutions responsible for the security of personal data related to Malaysian citizens.
Anonymous Malaysia created their official Facebook page on November 17th, 2011, bearing a message to the “Civilians of the world.” Ironically, Anonymous Malaysia’s Facebook page says they,
“…would like to get your attention, in the hope of your following warnings: your communications medium are all so dearly beloved of worship will be destroyed. If you're a hacktivist willing to or a man who just wants to protect his freedom of information and join the cause and kill facebook [SIC] for your own privacy. Facebook has sold information to government agencies and gave secret access to information security firms so they can spy on people from around the world.... You can't hide from reality where you are, Internet people, live….You're neither safe from any government. Someday you'll look back on this and realize what we've done here right, you'll thank the Internet government, we'll not harm you but save.”
Anonymous Malaysia has been atypically active lately, with The Malaysian National Security Council (MKN) issuing a warning notice to all government agencies, urging them to take measures to minimise the impact of possible cyberattacks launched by Anonymous Malaysia. MKN and Malaysia’s National Cyber Security Agency (NACSA) are taking the threat seriously, working closely with the Royal Malaysia Police (PDRM). The MKN planned to deploy measures in accordance with the new Malaysia Cyber Security Strategy plan, launched in October 2020 – but Anonymous Malaysia was not impressed, launching their own campaign against local government websites, titled #OpsWakeUp21.
“We have been silent for a long time,” says a representative of Malaysia Anonymous, “It’s time to open our eyes. We are legion, we do not forgive. We do not forget. Expect us.”
Malaysia is no stranger to hacktivist attacks. In 2011, a successful, coordinated attack shut down 91 government websites after the government blocked access to file-sharing websites like Torrent and Pirate Bay. In 2012, “Operation PTPTN” threatened the National Higher Education Fund Corporation (PTPTN) to stop taking advantage of borrowers by requiring high-interest rates. In 2013, a group called “MALAYSIA Cyb3r 4rmy” went to war with Anonymous Philippines, with both groups launching attacks against several websites before declaring a truce. In 2015, Anonymous threatened “all-out internet warfare” if Prime Minister Najib Razak retained power. Anonymous Malaysia has not confined it’s threats to the internet, threatening to blow up the, then-Police Inspector-Generals (IGP) car. In short, they mean business and are not scared to take their grievances to the streets.
On 17 Feb 2021, in a surprising turn of events, six raids were conducted in Pahang, Johor, Perak and the Klang Valley where eleven men, thought to be part of Anonymous Malaysia were detained. One of the detainees was considered to be the administrator of the Anonymous Malaysia Facebook page. A week later, all were released on bail pending further investigation.
However, even if those detained are part of Anonymous Malaysia, that does not mean there are not more out there. More importantly, those members that are still active may launch a retribution campaign to protest the apprehension of their fellow hacktivists. Malaysian organizations and enterprises now need to be even more vigilant for the near term.
Anonymous and Anonymous Malaysia are historically known for DDOS and web defacement attacks against targets, so this is an escalation in tactics. Understanding these new tactics and how to defend against them should be a priority for every Malaysian organization whether commercial, educational, government or otherwise. Sangfor Technologies has extensive experience in defending against these and other cyberthreats. Sangfor security experts can provide complementary assessment on your ability to defend against cyberattacks and, more importantly, can help you discover if you have already been breached. To find out how, contact our security experts here.