Time to build better – and secure – websites

 

CYBERSPACE can be a worrisome place for nations and everyone else because there are no physical borders to block. Anywhere really is everywhere in the vast World Wide Web.

 

A hacker who is physically on the other side of the planet can at the same time be as near as the computer next to you, or even on your own computer, on the Internet.

 

So it is disconcerting to read about websites, especially those belonging to the Government, being compromised. This just rams the message home – i.e. distance is no safety factor.

 

It’s even worse to learn about these sites getting hacked almost as soon as they’re launched, like as the 1Malaysia Pengguna Bijak (1MPB) portal was recently. And before that, the portal had gone down just after it went online.

 

Some of these government websites were easily hacked due to poor construction – such errors being the equivalent of leaving the back door to your home ajar in the real world.

 

Malaysia has already been plagued by several embarrassing incidents – involving what could be a dearth of construction skills, a widespread tidak apa attitude or, more disappointing, attempts to cheat – where parts of prominent buildings collapsed.

 

It seems that even in cyberspace, Malaysia cannot get away from such incidents. Case in point: the 1MPB portal going down because it had 3.5 million hits instead of the estimated 300,000 to 400,000 after its launch.

 

Wouldn’t that be like saying a new bridge collapsed because the construction company thought only 300,000 to 400,000 vehicles would cross it on the first few days, when 3.5 million actually showed up?

 

Ridiculous, right? Poor planning, too. That excuse would not hold up in the real world, but it seems to be frequently used and accepted by some when it comes to cyberspace matters.

Especially painful is that it cost the taxpayers RM1.4mil to build the 1MPB portal. For that amount of money, we expect an equally huge amount of skilled programming work and very strong network security.

 

Instead, several vulnerabilities in the coding of the portal were exploited, and the hackers were able to extract usernames, e-mail addresses, encrypted passwords and other information, which could be used for identity-theft activities.

Which brings up the question of how vulnerable the other portals and websites are. What if hackers breach really important sites like that of the Inland Revenue Board? Or that of the Employees Provident Fund? It’s one thing to hack into a site and deface it, quite another if the public loses money or personal data from such attacks.

 

So, are our portals and websites up to scratch? We are about to find out. And soon, because a hacker group has said that it will hack into malaysia.gov.my, the official portal of the Malaysian Government, at 3.30am tomorrow.

 

The group, named Anonymous, said it would hack the portal because the telecommunications industry watchdog in Malaysia – the Malaysian Communications and Multimedia Commission – had ordered several file-sharing websites to be blocked by local Internet Service Providers, among other reasons.

If the site does get hacked, we will bounce back. But we hope that it will also result in a wake-up call for Malaysia’s portals and websites that security shouldn’t be taken for granted and has to be built from the ground up.

 

If there isn’t one, there should be unified strategy and specifications for existing and future government portals and websites, which the developers must adhere to. The owners of these websites must also ensure that all the requirements are met, and that there are regular upgrades and security patches.

 

Sadly, this initiative will likely come after the disaster. But then again, Malaysia seems able to learn its lessons only after a calamity hits.