Computer and Network Security, Mamak Style

During a recent conversation with a friend, the topic of intelligence gathering came up. The idea is to utilize available services such as search engines, underground hacker forums, and IRCs to determine security compromise to the organization. The goal is to utilize intelligence to complement current network security monitoring infrastructure and data leakage prevention. For example, I want to know if my IPs are part of a botnet, have been hacked, backdoored, or being used for other malicious means. Yes, I can scour all the logs and stuff like that, but is it enough?

Quite naturally, the subject moved to using Google (or any search engines) to find if your IP addresses are being used maliciously. A simple example is transparent proxy. The underground community uses proxy to cover their tracks and making investigations harder (but not impossible), while blackhat SEOs (search engine optimizations) uses proxying for automated links and comments spamming. The list of available proxies are updated very frequently, and the sources on the net are enormous.

So, how do you know if your webserver has been misconfigured or hacked which turned it to become a proxy server? You do a Google search. Having an interest in .gov.my websites, we searched for www.mampu.gov.my's IP address (202.75.4.243) in Google, giving it a simple search query of "202.75.4.243 proxy" (link). The results are surprising:













Based on Google's search results, it seems that www.mampu.gov.my was listed as a proxy in various forums in July 2009. My guess is the website was probably configured, or hacked. No one knows. A lot more investigations are needed to know how long the proxy was open, and how it was utilized by the underground hackers and blackhat SEOs.

DISCLAIMER: All the information related to computer crimes (i.e. defacements) contained in security.org.my were either collected online from public sources or directly notified to us. Security.org.my is neither responsible for the reported computer crimes nor it is directly or indirectly involved in them.

This is an old news which I have been unable to verify. For non-Malaysian readers, the short of the new is: UMNO have spent RM300 million public funds to hire 300 hackers from Chennai, India, in order to monitor information and news from pro-Pakatan Rakyat bloggers. Sources said that the hackers are paid up to RM100,000 per month, with accommodation and free car each. They have expertise in computer and web hacking, their job is classified as 'top secret' and is under the direct supervision of the Prime Minister's department. They are hired to hack (and destroy?) computer systems belonging to Pakatan Rakyat at the next general election.

Well, this all sounds sensationalist and propagandist - up to you to decide whether there's any truth to the allegations. And don't ask my opinions as I don't have any.

Here's the full news at the Suara Keadilan website: RM300 Juta Upah Penggodam Halang PR Dalam PRU-13

Here's a Google translation: Google Translation

And the obligatory screenshot: