Free Malaysia Today

PM’s Telegram account hacked

I was asked by FreeMalaysiaToday to comment about the effect of the hacking of the Prime Minister’s Telegram account. I said-

Commenting on the matter, lawyer Foong Cheng Leong said the biggest concern in such incidents was the spread of misinformation and the scale of damage it causes.

“If someone uses the account to spread fake news, people could screenshot it and make it go viral. That’s the main danger,” he told FMT.

However, he said it was unlikely that the government would use such platforms when disseminating confidential information.

Phone tapping is the issue, not PKR-Umno pact, says Zaid

I was asked by Free Malaysia Today to add in to the alleged leaked voice recording of political parties leaders, Umno president Ahmad Zahid Hamidi and PKR president Anwar Ibrahim. It was reported that the voice recording was of the two presidents but the source of the leakage is unknown. Zahid Hamidi has claimed that the recording is fake.

Privacy lawyer Foong Cheng Leong told FMT that the power to intercept communications was normally only exercised in cases involving serious offences such as terrorism or organised crime.

He added that phone tapping can only be carried out with permission. For example, interceptions for cases under the Security Offences (Special Measures) Act 2012 must be authorised by the public prosecutor.

On several claims that the government was behind the purported leaked audio recording, Foong said that no one knew for sure if the authorities had tapped the conversation.

“There could also be a possibility that the phones were compromised by the installation of certain mobile applications,” he said, referring to phone hackers.

If this were true, Foong said, there may be an offence committed under the Computer Crimes Act 1997, adding that there could be a cause of action for invasion of privacy or trespassing, among others.

CCTVs in cinema are legal, but…

I was quoted in an article entitled “CCTVs in cinema are legal, but…” the in Free Malaysia Today news portal on 21 March 2017. It was reported that Kuala Terengganu has finally had its first cinema in 20 years. However, CCTV cameras are installed in each of the cinema hall. The cameras will broadcast live the footage from the halls on a big screen placed at the cinema’s lobby.

The relevant extract from my statement is as follow:-

PETALING JAYA: If you’re a cinema owner and you’re subjecting your patrons to CCTV monitoring, you must get their consent before publicly displaying the footage.

Otherwise, you would run afoul of the Personal Data Protection Act (PDPA), said lawyer Foong Cheng Leong in a comment on Lotus Five Star’s decision to monitor activities in the viewing hall of its cinema in Kuala Terengganu.
He said the monitoring was legal but the public display of footage required the consent of those affected.
“As long as people who go to the cinema know that they will be recorded and the recording will be publicly displayed, and they show agreement to this condition by buying tickets, then it’s okay,” he told FMT.

He said the PDPA required a privacy notice to be published to tell moviegoers how the CCTV footage would be used.

The 5th theatre of war

I was quoted by Prakash in an article published on Free Malaysia Today on 14 April 2013.

The 5th theatre of war
April 14, 2013

The key to preventing such massive debilitating attacks is to ensure nations have what is called Cyber Intelligence and Response Technology (CIRT) technology.

By Prakash

Cyber attacks, similar to the recent attack on South Korea’s military and financial industries, is where the next frontier of war will be.

If and when nations resort to cyber attacks on a worldwide scale, the destruction of vital military, banking and other commercial data will be similar yet not altogether identical to the horrendous banality that nuclear weapons promise.

“It is the fifth theatre of war,” declared Simon Whitburn to FMT on the dangers posed by cyber warfare.
The key to preventing such massive debilitating attacks, according to Lars Voedisch, principal consultant and managing director of Precious Communications, is to ensure nations have what is called Cyber Intelligence and Response Technology (CIRT) technology.

Combining a mix of network forensics, host forensics, malware analysis and large-scale data auditing, CIRT technology gives critical information on malfunctioning software thus crucially preventing and pre-empting any whole scale meltdown of computer systems in a country.

Even as the world knows of Malaysia’s Cyberjaya special zone that opened to deliberate fanfare in 1998, it is unclear if the nation has the kind of technology to deter potential attacks.

“If you don’t have the most sophisticated and up to date preventive technology, like CIRT, you are vulnerable and open to cyber attacks, both on a small and destructive scale’, Voedisch warned.

An even larger problem, according to him, is that it would take a single well coordinated attack to inflict untold damage.

“Even in the corporate world and financial industries, a lack of protection risks the whole industry coming to a halt, destroying the industry’s reputation for starters, and resulting in years of backlash from the public, and in terms of internal rebuilding,” Voedisch explained.

CIRT dovetails data protection

Yet what is highly recommended but alas not quite readily available is the free availability of the technology because the United States – where the technology is believed to have originated from – regulates the flow of the expertise on ideological grounds.

That restriction may prove a ‘tipping point’ in the battle against cyber criminals because technologically savvy criminals always think on their feet and conceive “new and more elusive means of targeting” stressed Voedisch.

CIRT technology will prove particularly instructive when Malaysia’s long-awaited data protection law takes effect.

The Act which has been hampered by a string of legal legerdemain and other technicalities is designed to protect and prevent the kind of callous damage hackers and cyber criminals are wont to do.

Despite the protracted lead up, many Malaysian companies are still not prepared for the eventual implementation of the law, according to the Star newspaper that quoted Malaysian lawyer Foong Cheng Leong. Foong pointed out during his many talks on the Personal Data Protection Act (PDPA), he noticed many companies have not even started their compliance exercise.

Data protection and the right to privacy have been exercising both the Singaporean and Malaysian governments. Though Malaysia initially had thought about data protection in 2001, Malaysian companies are still not prepared for the full implementation of the Act, according to sources.

That leaves Kuala Lumpur especially vulnerable to attacks of any kind which when coupled with the carefree adoption of computers by ordinary folks and the lack of education programmes in the country makes the entire episode of a delayed implementation of the act, doubly worrisome.

Under Malaysian law data collection parties are required to give their subjects a written notification in the national language whereas no such stipulation applies in Singapore.

Singapore’s law, moreover, requires the data collection party to state the purpose of the collection, use or disclosure of the personal data. And the collecting party is then required to provide a contact address for queries by individuals.

Multiple vantage points

Yet in the larger scheme of things is a compelling, overriding need for the kind of cyber security that Malaysia’s PDPA is requesting.

With technologies like Forensics Toolkit and malware available in Malaysia, the edge with CIRT is an ability to analyse what is happening across the entire entreprise from multiple vantage points.

CIRT enables cyber security personnel to proactively and reactively detect, analyse, and security threats in the most efficient manner by correlating network and host data within a single interface.

It also enables large-scale auditing and the correlation of network and host data, allowing organisations to quickly chase down and re-orientate any spillage of data and files with embedded malware.

Prakash is a free lance commentator and author of Inciting Injury-An Expose to Workplace Bullying in Singapore. He runs Nash School of Journalism and can be reached at

 Scroll to top