Thursday 14 November 2013

Singapore Cyber Attacks: Suspected hackers and vandals arrested

* Hacker who called himself 'The Messiah' jailed 4 years and 8 months
By Ian Poh, The Straits Times, 30 Jan 2015

A hacker who called himself "The Messiah" was jailed for four years and eight months on Friday, after targeting computer servers of at least seven organisations in 2013.

James Raj Arokiasamy had pleaded guilty last Friday to 39 computer misuse offences and one count of drug consumption.

The 36-year-old Singaporean operated from an apartment in Kuala Lumpur. He had absconded to Malaysia after skipping police bail in 2011 for drug offences.

The websites he targeted included those of the PAP Community Foundation, Ang Mo Kio Town Council and three linked to City Harvest Church. Many were defaced with taunts or threats.

He used software to scan various government servers, including those of the Prime Minister's Office and the Elections Department. He also hacked a Straits Times blog, and illegally accessed a server that contained bank statements of Standard Chartered Bank clients.

Affected organisations spent about $1.36 million assessing, repairing and restoring the relevant computer systems. To investigate the cyber attacks, the police alone expended more than 2,465 man-hours.

On Friday, Deputy Presiding Judge of the State Courts Jennifer Marie said there had been a high degree of premeditation, planning and sophistication in the way James Raj had committed the offences.

"The offences perpetrated by James Raj, in addition to harming the immediate victims, also have the wider-felt impact of triggering unease and offending the sensibilities of the general public," the judge said.

"Given the current climate where international and domestic terrorist security threats are more prevalent than before, a threat to the IT systems (and) cyber-attacks in a highly networked country like Singapore, should be visited with exemplary sentences."

Hacker admits targeting seven organisations
He pleads guilty in most serious case of hacking brought before a court here
By Ian Poh, The Straits Times, 24 Jan 2015

A HACKER has admitted targeting computer servers of at least seven organisations in 2013 - the most serious case of its kind to be brought before a court here, a court heard yesterday.

James Raj Arokiasamy, who adopted the pseudonym "The Messiah", pleaded guilty yesterday to 39 computer misuse offences and one count of drug consumption. He will be sentenced next Friday (Jan 30).

The 36-year-old Singaporean operated from an apartment in Kuala Lumpur. He had absconded to Malaysia after skipping police bail in 2011 for drug offences.

The websites he targeted included those of the PAP Community Foundation, Ang Mo Kio Town Council and three linked to City Harvest Church. Many were defaced with taunts or threats.

He used software to scan various government servers, including those of the Prime Minister's Office and the Elections Department. He also hacked a Straits Times blog, and illegally accessed a server that contained bank statements of Standard Chartered Bank clients.

Affected organisations spent about $1.36 million assessing, repairing and restoring the relevant computer systems, the prosecution said.

To investigate the cyber attacks, the police alone expended more than 2,465 man-hours.

Investigations revealed that some time in late October 2013, James Raj produced and uploaded a YouTube video with a message purportedly from international "hacktivist" group Anonymous.

The narrator in the video, garbed in a cloak and wearing a Guy Fawkes mask, threatened to "go to war" with the Government by intruding on its servers if it did not rescind a proposed licensing framework for news websites.

After his arrest on Nov 4, 2013, James Raj was found with a suite of hacker tools in his laptop, Deputy Public Prosecutor Sanjiv Vaswani said.

He added that James Raj had uploaded 67 videos to YouTube that contained tutorials on hacking techniques.

A further 119 charges of computer misuse, and two drug-related ones, will be taken into consideration when he is sentenced.

The prosecution said he should be jailed for at least five to six years in all, calling the computer misuse offences "the most extensive and grave incident of hacking to be brought before the Singapore courts".

Defence counsel M. Ravi asked for four years, saying his client had been "misguided" and his acts had helped identify weaknesses in various networks which could have been exploited by more malicious criminals.

For each of his six proceeded counts of illegally modifying the contents of a computer system, James Raj could be jailed for up to three years and fined up to $10,000.

Alleged hacker faces over 100 fresh charges
By Elena Chong, The Straits Times, 26 Aug 2014

MORE than 100 fresh charges of computer misuse were filed yesterday against alleged hacker James Raj Arokiasamy, who used "The Messiah" pseudonym.

Among the 158 charges he now faces are those for hacking into government-related websites, the Fuji Xerox Web server and Web servers for City Harvest Church (CHC) and its co-founder, pop star Ho Yeow Sun.

James Raj, 36, is accused of scanning the Web server for security vulnerabilities and creating log-in credentials for himself 43 times between Aug 28 and Sept 2 last year.

Media reports at the time said he threatened to expose Ms Ho's "hidden agenda" and release her personal data such as e-mail and text messages into the public domain.

On Oct 15, he allegedly made preparations three times to secure illegal access to data held in CHC's websites so that he could get administrator log-in credentials.

Between Oct 18 and Nov 4, James Raj allegedly scanned government-related Web servers to secure unauthorised access to the websites for the prisons, Prime Minister's Office, Singapore Elections Department, Ministry of Communications and Information and Webvisions, a Web hosting site.

He is also accused of hacking data in Fuji Xerox's server 51 times between March 1 and 24 last year.

Previous reports said 647 bank statements of Standard Chartered private banking clients were found in James Raj's laptop. Fuji Xerox was the printer for the bank's customer statements containing account numbers, balances and transaction details.

James Raj, who was arrested in Kuala Lumpur last November, and appeared in court that month for defacing the website of Ang Mo Kio Town Council, was last charged in June with 52 counts of computer misuse.

These included illegal access and attempts to access an unauthorised area of the PAP Community Foundation's Web server.

He is also accused of scanning The Straits Times blog site's Web server and modifying contents of the computer system by publishing two blog articles.

His next pre-trial conference is scheduled for tomorrow.

Man who allegedly calls himself 'The Messiah' is a drug offender on the run
By Francis Chan, The Straits Times, 13 Nov 2013

THE man who allegedly called himself "The Messiah" was unmasked for the first time in court yesterday as a wanted drug offender who had been on the run since 2011.

James Raj Arokiasamy, 35, stood alone in the dock as four criminal charges, including one for hacking into the website of Ang Mo Kio Town Council on Oct 28, were read out to him. The other charges were for drug consumption committed back in May 2011.

He had apparently jumped bail two years ago for the drug offences and had been in hiding until his capture last Monday by the Malaysian police, acting on information from their Singapore counterparts. He was arrested at a Kuala Lumpur condominium where he had carried out the cyber attacks.

The police said yesterday that James Raj is believed to be involved in other cyber intrusions including that of The Straits Times' blog site and the PAP Community Foundation's website. The Straits Times understands that, while hiding behind his moniker, he created the video threatening a wave of cyber attacks to protest licensing rules for news websites here.

His appearance in court capped a week in which suspects were rounded up by the police in connection with separate cases of cyber intrusions and vandalism.

Among them were five men being investigated for the hackings of websites belonging to the Prime Minister's Office (PMO) and the Istana last Friday.

Two of the suspects arrested in connection with the PMO incident are brothers, aged 21 and 27. Police confirmed they have been released on bail, while a third, believed to be their brother-in-law, 31, is assisting the police.

Two other men, a 17-year-old Institute of Technical Education student and a 45-year-old IT professional, are being questioned about the attack on the Istana's site. They have not been arrested.

Another five men were also charged yesterday with three incidents of vandalism in the city area last Tuesday - the day people were urged by The Messiah to mount protests. The five, who have been released on bail, are Muhammad Fitri Abu Kasim, 24; Danial Ryan Salleh, 25; Mohamad Fadzly Aziz, 21; Muhammad Redzwan Baskin, 26; and Muhammad Qamarul Arifin Sa'adon, 22.

The four groups of suspects are neither connected in any way, nor linked to global hacktivist group Anonymous. Police said their acts were "committed in isolation".

A source close to the investigations said that though there is no evidence James Raj is in any way connected to Anonymous, "there is concern that there might be a reaction to his arrest from the amorphous group that is out there". "That is why the Government is taking all the precautions."

The prosecution had earlier told the court that James Raj said he was suffering from attention deficit hyperactivity disorder. Despite his protest, the court ordered for him to be remanded at the Institute of Mental Health for psychiatric evaluation. He will return to court on Nov 26.

Meanwhile, 15 Singaporeans, aged between 16 and 27, are assisting with police investigations into possible offences of taking part in a public assembly without permit.

They were said to be responding to a call to support a march last Tuesday. This even though the police had issued an advisory reminding the public that organising or participating in a public assembly requires a police permit.

* Man jailed for cyber attack on PMO website
By Ian Poh, The Straits Times, 9 Dec 2014

IN A defiant response to a government warning to deal with people threatening attacks on Singapore's cyber infrastructure, a hacking enthusiast tested his skills on the Prime Minister's Office (PMO) website.

Mohammad Azhar Tahir, 28, was sentenced yesterday to two months' jail, for entering unauthorised computer code into the site on Nov 7 last year.

But the jobless man's total term comes to six months, after including punishment for related computer misuse offences.

These included mooching off a neighbour's wireless Internet service, and modifying social media and e-mail accounts that belonged to Ah Boys To Men actor Muhammad Ridhwan Azman, 21.

Mohammad Azhar had targeted the PMO website after hearing about the warning, issued by Prime Minister Lee Hsien Loong about a week after someone claiming links with international "hacktivist" group Anonymous threatened to hit out at Singapore's computer networks.

Instead of proper search terms, Mohammad Azhar entered HTML code into a Google bar embedded in the PMO site. This created a modified copy of the page that referenced Anonymous. Internet users who clicked on a link for the page, which he posted on various social media websites, would see a Guy Fawkes mask and two messages instead of the actual search page. The messages were: "It's great to be Singaporean today" and "ANONYMOUS SG WAS HERE BIATCH".

The actor's social media accounts were tampered with to circulate the script and also make it seem he had been targeted by Anonymous.

Deputy Public Prosecutor April Phang said Mohammad Azhar's acts were a "direct and defiant response" to Mr Lee.

His dissemination of the script spread a false impression that the PMO Web server had been breached, and the site defaced.

His acts "inspired" copycat offences by two others against the Istana website, DPP Phang added. For their intrusions, Delson Moo Hiang Kng, 43, was fined $8,000, while 18-year-old Melvin Teo Boon Wei was placed on a year's probation.

Defence counsel Ferlin Jayatissa said his client had hatched the "misguided" scheme as a "prank" to teach a lesson to the actor, who had been in a dispute with Mohammad Azhar's brother.

The brother, Mohammad Asyiq Tahir, 22, was also dealt with yesterday for computer misuse. The national serviceman was placed on 18 months' probation after pleading guilty to five of 11 offences, none of which concerned the PMO website server.

For each proceeded count of computer misuse, Mohammad Azhar could have been jailed for up to three years and fined up to $10,000.

* Hacker admits attacking PMO website
He also pleads guilty to modifying actor's social media, e-mail accounts
By Ian Poh, The Straits Times, 12 Nov 2014

A JOBLESS man has admitted to entering unauthorised computer code into the Prime Minister's Office (PMO) website on Nov 7 last year, among other offences.

A district court heard yesterday that Mohammad Azhar Tahir, 28, used a Google search bar embedded in the page to create a modified version that referenced international "hacktivist" group Anonymous.

He did this by entering HTML code instead of proper search terms.

Internet users who clicked on a link containing the script, which he posted on various social media websites, would see a Guy Fawkes mask and two messages instead of what the search results page would normally display. The messages were: "It's great to be Singaporean today" and "ANONYMOUS SG WAS HERE BIATCH".

Mohammad Azhar pleaded guilty yesterday to seven of 59 charges under the Computer Misuse and Cybersecurity Act.

These included accessing a neighbour's wireless Internet service and modifying social media and e-mail accounts that belonged to Ah Boys To Men actor Muhammad Ridhwan Azman, 21.

Deputy Public Prosecutor April Phang told the court that there had been widespread concern because it seemed as if the PMO website had been defaced by hackers from Anonymous, although data on its server had not actually been altered.

Mohammad Azhar had effectively masked his identity by using his neighbour's Internet connection, said Ms Phang.

In one instance, he used the actor's Facebook account to publicise the link containing the offending script.

The court heard that Mohammad Azhar had committed the PMO website intrusions with a technique known as cross-site scripting (XSS).

He decided to test his skills on the page's search function after hearing about Prime Minister Lee Hsien Loong's warning that hackers who attack the country's computer networks would be brought to justice.

Mr Lee issued the warning about a week after a person claiming to be from Anonymous issued a threat via a YouTube video to attack Singapore's infrastructure in protest against new licensing rules for news websites.

Similar charges had also been brought against Mohammad Azhar's 22-year-old brother, full-time national serviceman Mohammad Asyiq Tahir.

Mohammad Asyiq pleaded guilty yesterday to five of the 11 counts, which largely involved tampering with Mr Ridhwan's e-mail and social media accounts. None of the offences concerned the PMO website server.

Both brothers are expected to be sentenced on Dec 8. Mohammad Azhar faces up to three years in jail and up to $10,000 in fines for each of two proceeded counts of securing unauthorised access to the website server.

* Brothers initially held for hacking PMO site face 16 charges
By Lim Yan Liang, The Straits Times, 7 Dec 2013

TWO brothers, initially arrested over the hacking of the Prime Minister's Office (PMO) website, now face a total of 16 cybercrime charges between them.

The prosecution yesterday tendered 10 charges in court against Mohammad Azhar Tahir, 27. They include the unauthorised modification of content on the PMO site, illegally accessing a neighbour's wireless Internet service, and hacking into various social media and e-mail accounts of Ah Boys To Men actor Ridhwan Azman.

The younger brother, Mohammad Asyiq Tahir, 21, faces six similar charges, including one for hacking into the Facebook page of his former girlfriend Woo Huijing, on Nov 4.

Azhar, who is unemployed, is accused of hacking into the PMO site on Nov 7, causing it to show an image of a mask and two phrases over what the webpage would normally display. One of those phrases had references to the Anonymous hacktivist group.

The two brothers are also accused of separately hacking into seven different social media and e-mail accounts belonging to Mr Ridhwan on Nov 5.

Yesterday, the 20-year-old entertainer said Asyiq was the former boyfriend of Ms Woo, 19, before he started seeing her.

Asyiq is said to have hacked into the actor's Hotmail, Gmail and Blogspot accounts, and uploaded a video purportedly from the Anonymous group to Mr Ridhwan's YouTube page.

The brothers were released on $10,000 bail yesterday with their passports impounded. Their case will be heard again on Jan 6.

The police had said the duo are not connected to James Raj Arokiasamy, the alleged hacker behind "The Messiah" pseudonym.

The 35-year-old is now said to be linked to the theft of data belonging to Standard Chartered Bank's clients, after the files were found in a laptop seized from him when he was arrested.

Hacking culprits will face full extent of law: PM
Citizens urged to voice clear disapproval of perpetrators
By Irene Tham, The Straits Times, 15 Nov 2013

THE culprits behind the recent hacking of government websites will be dealt with to the full extent of the law, Prime Minister Lee Hsien Loong said yesterday in his first comments since the suspects were rounded up.

"It is not a prank when someone hacks websites and intrudes into computer systems," he said, condemning hacking as a criminal act and "malicious and harmful".

That could happen if, for example, the computers hacked control the electricity grid or a hospital management system.

He was speaking at the opening of the 13th Asean Telecommunications and Information Technology Ministers Meeting. The annual meeting promotes regional cooperation in infocomm efforts to strengthen economies and social development.

PM Lee urged people to speak up against hacking.

"Citizens too should speak up against such acts, and express their clear disapproval of those responsible as well as others who have supported or encouraged the perpetrators," he said.

On Tuesday, the alleged hacker behind the defacement of the PAP Community Foundation and Ang Mo Kio Town Council websites and The Straits Times blog site was charged in court.

James Raj Arokiasamy, 35, a Singaporean, allegedly hid behind the moniker "The Messiah" and created a YouTube video threatening a wave of cyber attacks to protest against licensing rules for news websites here.

Separately, five men were being investigated for last Friday's hacking of websites belonging to the Prime Minister's Office and the Istana.

Outside Singapore, hackers also attacked several government websites in the Philippines early this month and Thai Prime Minister Yingluck Shinawatra's website in May.

Noting the recent cyber invasion in the region, Mr Lee said Asean nations must cooperate to deal with common threats.

Turning to the issue of digital television, he urged Asean countries to accelerate the switch from analogue to digital TV broadcasting to free up scarce spectrum for mobile broadband use.

So far, four out of 10 Asean member nations - Brunei, Indonesia, Malaysia and Singapore - have committed to recycle the 700MHz spectrum band, currently used for television broadcasting, for mobile broadband purposes.

Agreeing on a common spectrum allows mobile roaming and minimises signal interference along coastlines.

Alleged 'Messiah' hacker to claim trial
By Walter Sim, The Straits Times, 16 Nov 2013

JAMES Raj Arokiasamy, the man accused of hacking into the website of a town council and signing off his alleged handiwork with "The Messiah" moniker, plans to fight the charge.

His lawyer M. Ravi said he will be claiming trial to the offence under the Computer Misuse and Cybersecurity Act, but he has "no instructions yet" on the three other drug charges his client also faces.

This comes after the two men spoke to each other for the first time at the end of a High Court hearing yesterday. The session was held to hear an urgent application filed by Mr Ravi to have access to his client, who is remanded at the Institute of Mental Health for psychiatric evaluation.

James Raj, 35, is said to have signed off as "The Messiah" after he allegedly hacked into the Ang Mo Kio Town Council's website on Oct 28. Apart from the cyber attack, the runaway drug offender - who had been in hiding since 2011 - also faces three charges for drug consumption committed then.

In the application, Mr Ravi argued that Singapore citizens "should be entitled to at least a basic safeguard of having access to counsel within 48 hours of their arrest at the latest", if not immediately upon their request.

The debate centred on Article 9(3) of the Constitution, which reads: "Where a person is arrested, he shall be informed as soon as may be of the grounds of his arrest and shall be allowed to consult and be defended by a legal practitioner of his choice".

During the hearing, the defence and prosecution crossed swords over what would constitute a "reasonable time" before an accused is allowed to speak to his defence lawyer.

Mr Ravi argued that even "the most intelligent and educated requires the guiding hand of counsel at every step in the proceedings".

He added: "Without it, even if the accused person is not guilty, he would face the danger of conviction because he does not know how to establish his innocence."

Deputy Public Prosecutor G. Kannan disagreed. "What's sauce for the goose is sauce for the gander. Where in the article is the word immediate?

"The case is a complex one and investigators will require time to carry out investigations into all the offences that he is alleged to have committed," he said.

Justice Choo Han Teck said he was not inclined to give a decision on the constitutional matter without due consideration, and told parties to file submissions. "In the meantime, Mr Kannan, I don't think you'll object to Mr Ravi seeing his client for a few minutes in court." The DPP did not object.

According to the prosecution's submissions, James Raj is "reasonably suspected as having carried out a series of hacking incidents".

He is also suspected of creating the video threatening a wave of cyber attacks here to protest against licensing rules for news websites here.

He was nabbed in Kuala Lumpur on Nov 4, handed over to the police here the next day and charged in court on Tuesday.

A neighbour at his mother's home in Bukit Panjang said she last saw him more than three years ago. She did not want to be named. "I thought he married a Chinese woman."

The case will be heard again on Nov 26 at the Subordinate Courts.

Businessman admits to Istana and PMO website intrusions
By Lim Yan Liang, The Straits Times, 15 Nov 2013

THE businessman questioned by police over the hacking of the Istana's website last week admitted yesterday that he had committed the cyber intrusion in a moment of folly.

He also admitted that he had earlier intruded into the Prime Minister's Office (PMO) website as well.

"It was purely a stupid mistake," Mr Delson Moo told The Straits Times. "My hand was itchy and... I got myself into trouble."

The 42-year-old had declined to be interviewed when he was first approached on Wednesday. But he agreed to speak when contacted again last night.

This after The Straits Times reported yesterday that he was one of two men assisting police with ongoing investigations into the Istana incident. The other is 17-year-old student Melvin Teo.

Both of them knew each other through Facebook but have never met in person, said Mr Moo.

The case against them came to light after James Raj Arokiasamy, the man who allegedly uses "The Messiah" moniker, was charged in court on Tuesday for the cyber attack on the Ang Mo Kio Town Council's website on Oct 28.

Police have said the PMO and Istana incidents are not connected to the case against James Raj.

Mr Moo said he was surfing the Web last Friday morning when he stumbled on a post that claimed the PMO website had been hacked. Attached was a line of computer code that he believed could modify a website's content.

As his own websites had been hacked before - records showed that he is a director of two IT- related firms and an online store - Mr Moo claimed he tried the code-string on the search boxes of his three websites to "test for vulnerabilities" but found none.

The father of a young boy said he then tried the same code on the PMO site and it worked, displaying some text and an image.

After that, Mr Moo said he modified the code to have the Istana website display a picture of an old woman pointing her middle finger, along with a string of offensive words in Hokkien.

He then took a screen capture of what had appeared on the Istana's webpage and posted it on his own Facebook account with the words "Istana also kena", meaning the site had been also compromised.

Mr Moo said he thought nothing more of the matter, until the police came knocking on the door of his home on Sunday evening. Officers seized two of his laptops, one of which was returned after he gave his statement the next day.

Seeking to explain his actions, he said: "We have to understand one thing: I did not exploit the vulnerability, I tested the vulnerability."

Istana site hacking: Businessman and student questioned
Duo not linked to alleged hacker said to be behind 'The Messiah' moniker
By Pearl Lee, Maryam Mokhtar And Linette Lai, The Straits Times, 14 Nov 2013

ONE is an Institute of Technical Education (ITE) student, while the other is a middle-aged, small business entrepreneur.

Melvin Teo, 17, and Mr Delson Moo, 42, are the duo believed to have been questioned by the police last week over a recent alleged hacking of an Istana webpage, The Straits Times learnt yesterday.

On Tuesday, the police did not identify them but revealed that two suspects were involved in the Istana cyber intrusion, along with two others who allegedly hacked into the Prime Minister's Office (PMO) website on the same day - last Friday.

The two pairs are not connected to each other and did not act in concert but they had "exploited a vulnerability of those sites to display pages from other sources", according to the police.

Checks by The Straits Times found that the pair who are connected to the PMO incident are brothers, Mohammad Asyiq Tahir, 21, and Mohammad Azhar Tahir, 27. Both were arrested and have since been released on bail pending further investigations.

Melvin and Mr Moo were not arrested but continue to assist with investigations into the Istana hacking.

None of the four men is connected to James Raj Arokiasamy, the alleged hacker said to be behind the "The Messiah" pseudonym, according to court papers.

When contacted yesterday, Melvin confirmed that he had been questioned by the police about the Istana hacking, but refused to comment further.

Mr Moo also declined to be interviewed when approached at his office in Ubi Crescent but did not deny that he had been questioned by the police.

The businessman had described himself in a blog as a "doting father" of a boy and said he graduated with an IT degree.

He also said he had a "doctorate in the University of Society" - a self-made title he gave himself for "immersing myself in the workforce since I was a young lad".

Official records show that Mr Moo is a director and shareholder of an online store that sells baby products and women's clothes, and two IT-related firms, all of which are run from the Ubi Crescent office. He and Melvin are believed to be Facebook friends.

Like Mr Moo, Melvin writes a blog and is an active user of Facebook and Twitter. But his Facebook page was taken down last night.

Before it was removed, Melvin's Facebook page featured two caricatures of himself, which were similar to the one that apparently appeared on the Istana's website with the words, "Melvin Teo For The Win", when it was hacked last week.

The former Pei Hwa Secondary School student describes himself as a car and computer enthusiast on his Instagram account, which was filled with images of different cars and computer parts.

In September, he posted on his blog that he had started a small project to custom-build a computer for gaming after learning how to do so from watching YouTube videos.

The Istana hacking incident was flagged by the police on Tuesday - the same day James Raj was charged in court for hacking into the website of the Ang Mo Kio Town Council on Oct 28.

The 35-year-old was identified for the first time then as the alleged hacker who had used "The Messiah" moniker. Apart from facing charges under the Misuse of Computer and Cybersecurity Act, the runaway drug offender - who had been in hiding since 2011 - also faces three charges for drug consumption.

He has since been remanded at the Institute of Mental Health for psychiatric evaluation for two weeks, during which he will not be allowed access to any third parties apart from medical personnel. Third parties include the police.

Meanwhile, lawyer M. Ravi yesterday filed an application asking for James Raj to be granted immediate access to him. The application will be heard in the High Court tomorrow.

The Attorney-General's Chambers, responding to Mr Ravi's application said: "Our position in the High Court will be the same as in the Subordinate Courts.

"We will protect the investigation process and strongly oppose any access by counsel while investigations are ongoing."

'Messiah' nabbed upon return to rented KL flat
Malaysian cops enter unit by force after he claims to have lost keys
By Lim Yan Liang And Lester Kong, The Straits Times, 13 Nov 2013

JAMES Raj Arokiasamy's stint as the self-styled "The Messiah" was cut short last Monday, soon after he returned to his rented home in Kuala Lumpur.

Unknown to the 35-year-old, a few dozen plainclothes Malaysian policemen were lying in wait at the upmarket Dorchester Apartment where he had been renting a unit for two years. They swooped in as soon as he sat down in the reception hall at about 2pm, said a security guard who wanted to be known only as Bhimendra.

Following the digital trail left behind by "The Messiah" - the online handle he allegedly used when hacking into, among others, the Ang Mo Kio Town Council website - police pieced together his identity.

They also discovered that their target, a Singaporean, was a wanted man here, having jumped bail in 2011 after he had been charged with drug-related offences.

After he was handcuffed, Malaysian police took him to his apartment unit K11-22, said Mr Bhimendra. But outside his apartment, James Raj apparently claimed he had lost his house keys, added the security guard.

Police then proceeded to enter the unit by force.

"There were signs of forced entry after they left," Mr Bhimendra told The Straits Times. "The owner came back last Wednesday to fix the door."

It was only about five hours later, at 7pm, that police re-emerged from the apartment with James Raj in tow, he said. Guards at the condo said James Raj always left home and came back alone. They did not recall ever seeing him with women or children.

A police spokesman said the arrest was possible because of "the close cooperation and support from the Royal Malaysian Police".

In court yesterday, the prosecution said James Raj had told police he was suffering from Attention Deficit Hyperactivity Disorder and was on medication.

He later said his words were taken out of context and claimed bias on the part of the police, alleging that he had been assaulted "quite badly" during his arrest and had suffered a concussion.

Speaking clearly, he claimed to have been denied a call to his mother and medical attention for more than 30 hours.

"Everything is quite biased against me at the moment... I would feel quite comfortable if I could speak to my lawyer," he told District Judge Kessler Soh.

Despite the protest from defence lawyer M. Ravi, the judge ordered that James Raj be remanded at the Institute of Mental Health for psychiatric evaluation.

During the evaluation, to take up to two weeks, he will not be allowed access to any third parties apart from medical personnel.

The case against him will be heard again on Nov 26.

When contacted, Ang Mo Kio Town Council general manager Victor Wong said that his office was "neutral" upon hearing about the arrest, and had enhanced its security infrastructure after the attack. "We will continue to be vigilant against such security threats," said Mr Wong.

A Ministry of Home Affairs spokesman said much effort and resources have been required to track down the persons responsible for the recent cyber attacks, including those James Raj is responsible for. He added: "We hope that the community will take a strong stand against such anti-social and criminal acts."

Five men charged with vandalism
By Lim Yan Liang, The Straits Times, 13 Nov 2013

FIVE men were charged in court yesterday for allegedly spray-painting slogans like "We are one we are legion expect us", referring to the global hacktivist group Anonymous, along with "TSK", believed to be the logo of a heavy metal band.

Mohamad Fadzly Aziz, 21; Danial Ryan Salleh, 25; Muhammad Qamarul Arifin Sa'adon, 22; and Muhammad Fitri Abu Kasim, 24, had allegedly sprayed those words at about 4am last Tuesday, on the pavement outside Sunshine Plaza at 91 Prinsep Link.

Minutes later, the four suspects sprayed a similar slogan on a nearby pillar.

At both locations, the four men also sprayed the stylised words "TSK", believed to be a band logo, that they then repeated on the pavement of a taxi stand along Waterloo Street at 4.20am.

At about 5am, Mohamad Fadzly and a fifth accused, Muhammad Redzwan Baskin, 26, were suspected to have defaced a wall and pavement at the Scape building at 2 Orchard Link, with a slogan and the logo.

In court yesterday, the five took the stand one at a time as the charges were read to them.

Danial Ryan Salleh indicated through the court translator that he intended to engage a lawyer, and he was given leave by District Judge Kessler Soh to proceed.

The young men were all accompanied by family members, none of whom would speak to the media when approached.

The Straits Times understands that at least one of the suspects is serving his national service.

They were released on bail of $15,000 each and had their passports impounded.

For each charge of vandalism, the suspects face a mandatory punishment of at least three strokes of the cane.

The next mention for the case will be on Dec 10.

* Ex-firefighter gets jail, caning for vandalism
By Elena Chong, The Straits Times, 8 Aug 2014

A FORMER firefighter was sentenced to two months' jail and three strokes of the cane yesterday after he admitted spraying purported anti-government graffiti on a pavement.

Muhammad Qamarul Arifin Sa'adon, 23, was a full-time national serviceman at the time he wrote the words "WE ARE ONE WE ARE LEGION EXPECT US!!" outside Sunshine Plaza.

He was with four accomplices, three of whom are also alleged to have taken part in the vandalism on Nov 5 last year.

They were chatting at a bus stop when one of them said he had received a call from someone in Switzerland claiming to be a member of the "hacktivist" group, Anonymous. He said he was told to spray-paint a message backing its fight against the Singapore Government.

Qamarul went to buy spray paint and wrote the message, along with the logo of his friend's clothing line, as his accomplices kept watch nearby. A manager at the Prinsep Link complex later reported the graffiti to police.

Qamarul was the first among the group to plead guilty to the crime, and was also fined $500 on another charge of stealing a $48 pouch at a Beach Road food centre. Two other charges of vandalising a pillar and a taxi stand were taken into consideration.

Cases against his alleged accomplices - Danial Ryan Salleh, 25; Muhammad Fadzly Aziz, 21; Muhammad Redzwan Baskin, 26; and Muhammad Fitri Abu Kasim, 24 - are at the pre-trial conference stages.

Qamarul's lawyer, Mr K. R. Manicka, said his client comes from a structured family. "He has been found to be consistent in his performance and dedicated in his work," he said of his client, who has finished his national service with the Changi Fire Station.

The lawyer said Qamarul was sincerely remorseful for having brought shame to his family.

Citing aggravating factors, Deputy Public Prosecutor Tan Wee Hao said the offences were pre-meditated and committed during a period of heightened fears about cyber security in Singapore. District Judge Ng Peng Hong agreed that a stiff sentence was warranted to signal that such acts could not be condoned.

** Ringleader gets jail, caning for several offences
By Elena Chong, The Straits Times, 27 Jan 2015

THE ringleader of the Prinsep Link vandalism case was sentenced to two years' jail and three strokes of the cane yesterday for vandalism, theft, sex with a minor and causing grievous hurt.

Freelance disc jockey Danial Ryan Salleh, 26, who faced 15 charges, had pleaded guilty to five charges earlier this month.

He is the last in the group of four to be dealt with over graffiti sprayed on the pavement outside Sunshine Plaza and on a pillar there on Nov 5, 2013.

Two of his three accomplices - Muhammad Qamarul Arifin Sa'adon, 23, and Muhammad Fadzly Aziz, 22 - got two months' jail and three strokes each for vandalism last August while Danial's sentence on this charge alone was five months and caning.

The court heard that the group were at a bus stop along Orchard Road after watching a movie on Nov 4, 2013, when Danial told them of an overseas call he received from someone claiming to be an assistant to the leader of the hacker group "Anonymous".

The caller, from Switzerland, told him to get a group to spray the words: "We Are One. We Are Legion. We Will Never Forgive. We Will Never Forget. Expect Us."

This was supposedly in support of its fight against the Singapore Government.

"Anonymous" had posted a video on YouTube threatening cyber attacks on the Singapore Government in late October that year.

The group agreed to help Danial and "Anonymous". Later, at about 3am, they bought two cans of indelible paint from Mustafa Centre.

As they were passing Sunshine Plaza on the way to their intended destination in Somerset, Danial used black spray paint to write purported anti-government graffiti on the pillar.

Qamarul, Fadzly and Muhammad Fitri Abu Kasim, 25, acted as lookouts. Fitri was later given a 12-month conditional warning.

In the theft cases, Danial had stolen a 12-year-old student's haversack containing a laptop worth $700 and other items at Costa Sands Resort on June 1 last year with his accomplice.

That same month, he filched an earpiece worth $150 from Million Tech at Sim Lim Square.

Through Twitter, Danial came to know a 15-year-old girl in March 2013. He had unprotected sex with her at his home when no one else was around about six months later.

The court heard that on March 19 last year, Danial punched a taxi driver - causing the 61-year-old to suffer facial fractures - for rejecting his unlawful request to ferry five passengers.

He was then intoxicated on alcohol and cough syrup.

Actor files police report on hacking
By Maria Almenoar, The Straits Times, 13 Nov 2013

AH BOYS to Men actor Ridhwan Azman yesterday made a report to the police against cyber hackers who took control of his social media accounts.

The hackers froze him out of his YouTube, Facebook, Twitter, Instagram, blog and two e-mail accounts. But in doing so, they may have left a trail to their identities.

Ridhwan, 20, said he was able to access his Facebook page four days after it was hacked last Tuesday.

When he accessed the administrative section of his Facebook page, he found that two people - unknown to him - had assigned themselves as moderator and manager for his page. One went by the Facebook profile name Farhan Tahir while another used the moniker Lucypher Prometheus. They removed themselves from his account shortly after.

The police said yesterday that it was inappropriate to comment as investigations are ongoing, and could not confirm if these two people are being probed in relation to other cyber hacking incidents.

They also did not confirm if the two are among a group who have been called up by the police to assist in probes into the cyber hacking of the Prime Minister's Office (PMO) and Istana websites.

These individuals, said the police, are aged between 17 and 45. Two suspects involved in the hacking of PMO sites are brothers while a third suspect is helping investigations.

Two other men are being questioned over the hacking of the Istana website.

"I hope they are caught soon... We should be allowed to speak freely and say what we feel is the truth without worrying about these people (hackers)," said Ridhwan, who is currently serving his national service.

"I stand by what I said... I hope the youth won't be gullible about what they see and read online."

Ridhwan, through his YouTube channel, had asked his 16,000 subscribers not to support hacktivist group Anonymous after it threatened to unleash a legion of hackers on the country last month if the Government did not revoke its licensing regime for online news sites.

Hackers retaliated by gaining access to his accounts and shutting him out of them.

"People should also be more careful with their accounts and make sure they are secure... I had a password that was more than 30 characters long but the hackers still cracked it," he said.

Hacking probes show Singapore must be on its guard
By Irene Tham, The Straits Times, 13 Nov 2013

ON NOV 2, when multiple government websites went down for several hours, some Singaporeans wondered if it was the beginning of a new sort of havoc in Singapore.

Four days before, hackers had threatened to hit out at government websites if it did not revoke its licensing regime for online news sites.

A masked man identifying himself as a part of cyber activism group Anonymous delivered an ominous message in a YouTube video threatening to "unleash" a "legion" of hackers on the island's infrastructure.

People wondered what the might of this new digital legion might be.

Could they disrupt essential financial services like ATM withdrawals?

Would they be able to steal personal information like NRIC or credit card numbers from government and retailer sites?

Organised crime groups have been known to do this.

Although the trial has yet to begin, IT experts have already noted that the alleged hackers were not sophisticated operators capable of such deeds.

They have been characterised as low-level troublemakers who used fairly rudimentary methods to gain attention, rather than cause deep and direct damage to people's lifestyles and property.

In the case of the Prime Minister's Office (PMO) and Istana webpages, the hackers exploited a vulnerability known as "cross-site scripting", created when the Google search bar was not installed properly on each of the two government websites.

Mr Aloysius Cheang, Asia-Pacific managing director of Cloud Security Alliance, said it is an "elementary" hacking tool that can be automated by a simple code.

"Even their digital tracks were not covered properly, leading to their quick arrest," said lawyer Bryan Tan, a partner in Pinsent Masons MPillay.

Mr Alvin Tan, director of anti- virus software firm McAfee Singapore and Philippines, said the most dangerous attacks are those that stay unnoticed for a long time "for reasons of espionage or creating higher-level damage".

The outcome of investigations and ensuing trials may indeed confirm these assertions, but the incidents are instructive.

They show that even simple website defacements can rattle some nerves and be embarrassing because of their high visibility.

Yet, their actions have also drawn ire, rather than admiration, which is as it should be.

So far, there is no evidence that James Raj and the others in the PMO and Istana incidents are linked to hackers capable of more serious attacks that can bring about real disruption to daily life.

But there is nothing to prevent the latter group from becoming emboldened by what has happened and more must be done to secure Singapore's IT infrastructure against them.

One hint of this danger is the attacks on government websites three days later on Nov 5, which came from many places overseas and are still being investigated.

Many government websites - including those that process important transactions - encountered unusual "spikes" in traffic throughout Tuesday last week as hackers sought to bring them down through Distributed Denial of Service (DDoS) attacks.

In DDoS attacks, the attacker creates a network using thousands of infected computers worldwide, which are then made to overwhelm a targeted site with a huge spike in traffic.

In some instances, DDoS is combined with malware infiltration into networks and systems to steal personal information.

While the attempts here did not result in any identity thefts, they serve as good reminders that IT security is a rigour that can only be raised, not lowered.

Sharing the burden of cybersecurity
By Senol Yilmaz And Ho Kah Kin, Published The Straits Times, 13 Nov 2013

THE current defacements of government and business websites are a great nuisance to the victims. However, Anonymous, the network of hackers allegedly behind these defacements, declared its intention to create more than just nuisance. In a video last week, the network threatened to attack Singapore's financial sector to "cause financial loss". It remains to be seen whether Anonymous can carry out cyberattacks that would result in significant financial damage.

The fact, however, is that critical infrastructure is highly vulnerable. Last year, for example, the Shamoon virus caused severe disruptions by wiping out data from thousands of computers at Saudi Aramco, the world's largest oil producer. Allegedly carried out by Iran, it took the company two weeks to recover from the attack.

Critical vulnerabilities

IT HAS been demonstrated that when critical infrastructure is attacked, severe disruptions can follow. Further aggravating this situation is that more and more machines are connecting to cyberspace and remotely controlled. These include control systems of gas and oil pipelines. In the near future, even more devices - from those critical for national security to household goods to cars - will be interconnected. When targeted jointly in a mass attack, even private consumer goods could turn into a national security threat.

Given the likely increase in vulnerabilities, governments agonise over the right approach to making cyberspace more secure.

From governments' point of view, protecting critical infrastructure poses two difficulties.

First, in many countries, the operation of critical infrastructure, as well as the physical and intangible components of cyberspace, is in private hands. Due to private ownership, governments often do not exercise immediate operational control. Even standard-setting for the Internet is not always carried out by national governments, or inter-governmental bodies, but in open-standards organisations such as the Internet Engineering Task Force, where governments have limited say.

Second, governments and the private sector have divergent interests: Governments, on the one hand, are concerned with ensuring national security while maintaining or creating an environment conducive for economic activity. The private sector, on the other hand, has as its main objective making profits and serving shareholder interests. In terms of security, it does what it deems "enough", which may not necessarily be sufficient.

In general, every extra dollar spent on security decreases corporate efficiency and shareholder value in the short term. Incentives to invest in additional security measures are often only recognised once perpetrators have successfully compromised systems. This can be too late in the case of a serious cyberattack.

In the context of assigning roles, two diametrically opposing views have emerged. The first argues that corporations have made huge efficiency gains through the computerisation of operations. For example, banks can operate their business more efficiently by allowing their customers to make e-transactions from their homes without interacting with a clerk. Similarly, utilities providers no longer send staff to manually activate valves or switches located away from central operation sites. Rather, the same operation is commanded remotely from a machine, with minimal human action.

For these reasons, it is argued that the private sector should not only reap the efficiency gains of such automation and computerisation but also share the burden of hardening the infrastructure on which they depend.

The opposing view is that securing the nation is one of the most fundamental tasks of governments. Nobody would expect the operator of a hydroelectric power station to protect its dams against enemies' ballistic missiles, so no other standard should apply to figurative cyber-missiles that could result in similar damage.

Arguably, it would be reasonable to share the burden of protecting cyberspace in public-private partnership. But there is no magic formula for assigning the roles that governments and the private sector should assume. The culture of governance differs substantially among countries - from very little public sector involvement to heavy regulation. Still, a three-pronged framework could help in this endeavour: There is need for collaboration, facilitation and regulation.

First of all, close collaboration at all levels is crucial. Exchange of information and best practices, or collaboration in screening and analysing malicious Internet traffic between Internet service providers and governments' computer emergency response teams can reduce cyberthreats.

Secondly, governments can facilitate the implementation of cybersecurity measures by providing reliable guidelines and the right incentives. Investments in additional measures could be awarded tax breaks and low-interest loans could be provided to companies that invest in the resilience of their systems. Furthermore, governments could consider cybersecurity measures that are in place when granting contracts to businesses.

Last but certainly not least, cybersecurity will likely not be achieved without any regulation. Corporations tend to loathe being regulated since it can be burdensome and inhibit profit-making. But governments can develop regulation in close cooperation with the private sector. Equally important, legislative processes need to be accelerated to provide timely guidance to narrow the gap between ill-boding technological advances and regulation. The faster governments react, the less the chance of damage.

Admittedly it is a difficult task to balance the interests of governments and the private sector. However, close public-private partnership can prevent mere cyber-nuisance from transforming into a national security threat and finally lead to a win-win situation: an environment conducive for economic activity in a secure nation.

Senol Yilmaz is an associate research fellow at the Centre of Excellence for National Security, a constituent unit of the S. Rajaratnam School of International Studies, Nanyang Technological University. Ho Kah Kin is head of cybersecurity business development, global cybersecurity, Cisco Systems.

No comments:

Post a Comment