AUGUST 25 — No country or organisation is immune to cyber-attacks. Recent threats levelled at the Royal Malaysian Navy (TLDM), US air forces as well the as Nigeria navy on highly classified documents have been leaked and have ended up on the Dark Web. This has raised a heightened awareness of the need to be more secure, vigilant and resilient. TLDM is aware of the stolen military related information and they have confirmed that is already obsolete.
The Dark Web is used for nefarious purposes aiming to disrupt critical infrastructure or sensitive or classified information. It also serves as “criminal underground” to facilitate money laundering and criminal activities.
Political activists can also take advantage of the Dark Web to hide their activities as they can become virtually untraceable and can operate beyond supervision of the law enforcement agencies.
A group of cyber-extortionists on the Dark Web claims to have dirt on current United States President, Donald Trump, and have threatened to publish the information in due time before the election.
Criminologist, Dr Michael McGuire stated that the health care industry, banking and commerce are the targeted sectors as they host a mountain of personal, confidential and private data.
During Covid-19 crisis, hackers have carried out a number of malicious cyber-attacks. Some hospitals are facing ransomware attacks where database and records of patients who has Covid-19 are available in the Dark Web.
Even our Health Ministry is cautioning Malaysians against buying plasma from the Dark Web, amid reports that cybercriminals were selling fake products online as the demand for it has been increasing during the Covid-19 pandemic.
Recently, Singapore suffered its worst-ever cyber-attack where hackers broke into SingHealth's IT systems to steal data and records of 1.5 million in-patients and outpatients and even the types of medication given to Prime Minister Lee Hsien Loong.
Cyber-attackers have targeted Singapore’s education sector to steal these data and credentials, and ultimately to be sold in the Dark Web.
In July 2020, the Royal Military College of Canada’s student information and financial document has also been leaked on the Dark Web
Prior to this, a cybercriminal claimed to have the complete set of records and personal details of 1,164,540 Universiti Teknologi Mara (UiTM) students and alumni who studied between 2000 and 2018. The hackers wanted to prove a point and to tell UiTM to beef up their IT security in the university. The information was eventually sold in the Dark Web.
A few years ago, Richard Huckle who posed as a freelance photographer and an English teacher, got access to impoverished communities in Kuala Lumpur. He had used the Dark Web to post more than 20,000 pictures of children as young as six months old being sexually abused from 2006 to 2014. Richard was jailed for life after admitting to 71 charges of sexual abuse against children in Malaysia.
So, what is Dark Web? There are three layers of Internet: Surface Web, Deep Web and Dark Web.
Like an iceberg, interestingly, the surface web contains only four per cent of the Internet; the remaining 96 per cent is hidden in the part of Deep Web.
However, this is not to say the Deep Web are necessarily malicious. Medical records, academic and legal document are also kept and stored there for protection and privacy purposes.
What is disconcerting about the deep web is a part of it called the Dark Web which is also internationally hidden and not accessible through traditional search engine or standard browsers. To access this level, you need to have a special browser known as Onion Router browser (TOR), originally developed by the US Navy to protect government intelligence communications. It protects users’ privacy, hides all users’ IP addresses which makes it is impossible to be traced.
The organised criminal sites offer their largest marketplace on the dark web for purchasing illegal products and services such as sensitive data, financial transaction, corruption, drugs, contract killers, human organs, child pornography, counterfeit money, fake passports, firearms and stolen bank account information, etc. They even have their respective business models, advertising and collaboration among hackers and criminals and exploit organisations around the clock.
Combating criminal activities operating in the Dark Web environment requires the law enforcement agencies to be more proactive. It demands cyber security experts and technical resources combined with an innovative approach. Hackers are becoming more skilled and sophisticated and some countries make use of the “ethical hackers” to deal with the cyber-attacks and the Dark Web.
What would happen if a cyber-attack takes over the electronic voting system or the government IT network? The government has to be proactive introduce a more serious and dedicated cybercrime unit to tackle the Dark Web.
Malaysia may consider initiating a “National Plan to Fight Illicit Activities in Cyberspace” consisting of the relevant law enforcement agencies and regulators in collaboration with Cybersecurity Malaysia and acquire the knowledge and the knowhow to tackle the Dark Web. This enables the task force to conduct continuous investigations and continuous monitoring to effectively curb serious crimes and activities which includes money laundering.
Today to hide money and making difficult for law enforcement agencies to investigate, corrupt payments and receipts are transacted using bitcoin, a cryptocurrency in the Dark Web.
To plan for the long-term, the government may consider forming a federal crime agency, like the UK National Crime Agency (NCA) with a range of specialised capabilities to effectively fight serious organised crime. Currently, the NCA can respond to a wide range of threats in the country including cybercrime, drug, human and weapon trafficking and economic crime. The NCA has launched a dedicated cybercrime unit to tackle the Dark Web.
The long-term plan represents a national commitment to ensure a safer and secure to the public. To ensure our cyber-space remain immune to cyber-attacks, it has to begin during the design phase. Besides combating cybercrime, greater prevention and mitigation awareness campaigns are very vital aspects in fighting against cybercriminals, militants and white collar criminals especially in the Dark Web.
Even with the best infrastructure, technologies and legislation in place, the human factor that is subjective plays an important part to prevent data breaches. Therefore, integrity of the data handlers are critical to combat cyber threats.
* Datuk Seri Akhbar Satar is director, Institute of Crime & Criminology, HELP University
** This is the personal opinion of the writer or publication and does not necessarily represent the views of Malay Mail
