PETALING JAYA: An academic and a cybersecurity expert have cautioned Putrajaya against making light of a recent report that Chinese hackers had targeted military and other bodies in the country.
Benjamin Barton of University of Nottingham Malaysia warned that Beijing could leverage on the information obtained to suit its interest, and SL Rajesh of the International Association for Counterterrorism and Security Professionals-Centre for Security Studies said it would be prudent to do a thorough risk assessment.
Barton, who teaches international relations, said there was a risk of long-term and covert infiltration to obtain and exploit personal information about key individuals in politics, business, the armed forces and civil society.
“These hackers could serve as battering rams for leverage on behalf of the Chinese government,” he told FMT.
“Should Malaysia stray too far diplomatically in a direction that displeases Beijing, the latter could use the information obtained against Malaysia and compromise the country’s political, strategic and economic planning.”
Bloomberg reported last week that Chinese hackers had targeted military and civilian organisations in several Southeast Asian countries.
The report quoted US-based cybersecurity firm Insikt as saying Malaysia, Indonesia and Vietnam were the top three targeted countries over the past nine months.
It said those targeted had similar territorial claims or strategic infrastructure projects, suggesting the involvement of the state in the hacking.
The hackers focused on the offices of the Thai and Malaysian prime ministers, the foreign affairs ministries of Indonesia and Malaysia as well as their militaries, it said.
Defence minister Hishammuddin Hussein dismissed the claims as unconfirmed, saying: “We cannot be acting just based on reports from private companies. If not, we wouldn’t be getting any sleep.”
He said the country’s intelligence units and the Cyber Defence Operation Centre were constantly monitoring the threat posed by hackers and there had been no official reports of state-sponsored hackers attacking the defence ministry.
China had earlier brushed aside Insikt’s findings.
Barton said if China’s intelligence services had gained access to sensitive information, it could, to some extent, be an attempt by Beijing to influence policymaking in Malaysia or to protect its core interests.
“The only risk is, of course, that this could backfire on the Chinese if poorly used or exploited too forcefully,” he said. “After all, it is in China’s interest to maintain harmonious relations with Malaysia through consent rather than relying on coercion.”
Rajesh said the custom malware used by the hackers had been created to target influential individuals or groups in the country.
He said a thorough risk assessment and incident response plan was needed to determine and coordinate vulnerabilities.
An incident response plan is the documentation of a set of instructions or procedures to detect, respond to and limit the consequences of a malicious cyberattack against an organisation’s information system.
“Implementing a firewall to create a powerful defence system and continuously monitoring incoming and outgoing online traffic can help mitigate future attacks,” he said. - FMT
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.