A report about the inadequacy of security features for the Election Commission’s website has prompted a cybersecurity expert to exhort Putrajaya to ensure that citizens’ personal data on government websites are better protected.
The government must invest resources to at least make it difficult for hackers to infiltrate such sites, said SL Rajesh, who heads the computer forensics department of the International Association for Counterterrorism and Security Professionals Centre for Security Studies.
Tech blogger Keith Rozario recently reported that the EC’s website had been marked as insecure by Google Chrome because it didn’t have transport layer security (TLS), which means that data gets transferred across the internet for anyone to see whenever a person searches for his voting information.
“If you’re logged onto the EC website from a kopitiam WiFi, I can see the data you’re sending and receiving just by logging onto the same WiFi,” said Rozario, who created the sayakenahack.com website for people to check if they are among the 46 million whose data were leaked in 2014.
Rajesh told FMT he believed the government should introduce at least minimum cybersecurity standards. For example, he said, it could deter hackers by requiring the installation of CCTVs at places providing WiFi.
“A hacker may then think twice before trying to hack another person’s device through a public network because he is being watched and can be identified.”
He also suggested that the government take steps to increase public awareness of cybersecurity to counter those who teach hacking techniques through online articles and videos.
“It’s important that people realise how vulnerable they are on public WiFi networks,” he said. “Anyone on the same public WiFi network can easily see what you’re doing by just installing free software tools available online.”
Rajesh said the most secure way for anyone to browse on a public network would be to use a virtual private network (VPN).
“A VPN routes your traffic through a secure network even on public Wi-Fi,” he said. “In fact, if I needed to sum up WiFi security in one sentence, it is ‘use a VPN.’”
He also advised internet users to turn on their firewalls, use up-to-date anti-virus software, avoid automatically connecting to WiFi hotspots, turn off the “sharing” feature on their devices and regularly update their browsers and device systems.
Earlier this month, it was reported that data from over 46 million mobile phone numbers from Malaysia had been leaked online.
The data, from Malaysian telcos and mobile virtual network operators, included postpaid and prepaid numbers, customer details, addresses as well as SIM card information.-FMT