Man who allegedly calls himself 'The Messiah' is a drug offender on the run
By Francis Chan, The Straits Times, 13 Nov 2013
THE man who allegedly called himself "The Messiah" was unmasked for the first time in court yesterday as a wanted drug offender who had been on the run since 2011.
James Raj Arokiasamy, 35, stood alone in the dock as four criminal charges, including one for hacking into the website of Ang Mo Kio Town Council on Oct 28, were read out to him. The other charges were for drug consumption committed back in May 2011.
He had apparently jumped bail two years ago for the drug offences and had been in hiding until his capture last Monday by the Malaysian police, acting on information from their Singapore counterparts. He was arrested at a Kuala Lumpur condominium where he had carried out the cyber attacks.
The police said yesterday that James Raj is believed to be involved in other cyber intrusions including that of The Straits Times' blog site and the PAP Community Foundation's website. The Straits Times understands that, while hiding behind his moniker, he created the video threatening a wave of cyber attacks to protest licensing rules for news websites here.
His appearance in court capped a week in which suspects were rounded up by the police in connection with separate cases of cyber intrusions and vandalism.
Among them were five men being investigated for the hackings of websites belonging to the Prime Minister's Office (PMO) and the Istana last Friday.
His appearance in court capped a week in which suspects were rounded up by the police in connection with separate cases of cyber intrusions and vandalism.
Among them were five men being investigated for the hackings of websites belonging to the Prime Minister's Office (PMO) and the Istana last Friday.
Two of the suspects arrested in connection with the PMO incident are brothers, aged 21 and 27. Police confirmed they have been released on bail, while a third, believed to be their brother-in-law, 31, is assisting the police.
Two other men, a 17-year-old Institute of Technical Education student and a 45-year-old IT professional, are being questioned about the attack on the Istana's site. They have not been arrested.
Another five men were also charged yesterday with three incidents of vandalism in the city area last Tuesday - the day people were urged by The Messiah to mount protests. The five, who have been released on bail, are Muhammad Fitri Abu Kasim, 24; Danial Ryan Salleh, 25; Mohamad Fadzly Aziz, 21; Muhammad Redzwan Baskin, 26; and Muhammad Qamarul Arifin Sa'adon, 22.
The four groups of suspects are neither connected in any way, nor linked to global hacktivist group Anonymous. Police said their acts were "committed in isolation".
A source close to the investigations said that though there is no evidence James Raj is in any way connected to Anonymous, "there is concern that there might be a reaction to his arrest from the amorphous group that is out there". "That is why the Government is taking all the precautions."
The prosecution had earlier told the court that James Raj said he was suffering from attention deficit hyperactivity disorder. Despite his protest, the court ordered for him to be remanded at the Institute of Mental Health for psychiatric evaluation. He will return to court on Nov 26.
A source close to the investigations said that though there is no evidence James Raj is in any way connected to Anonymous, "there is concern that there might be a reaction to his arrest from the amorphous group that is out there". "That is why the Government is taking all the precautions."
The prosecution had earlier told the court that James Raj said he was suffering from attention deficit hyperactivity disorder. Despite his protest, the court ordered for him to be remanded at the Institute of Mental Health for psychiatric evaluation. He will return to court on Nov 26.
Meanwhile, 15 Singaporeans, aged between 16 and 27, are assisting with police investigations into possible offences of taking part in a public assembly without permit.
They were said to be responding to a call to support a march last Tuesday. This even though the police had issued an advisory reminding the public that organising or participating in a public assembly requires a police permit.
Istana site hacking: Businessman and student questioned
Duo not linked to alleged hacker said to be behind 'The Messiah' moniker
By Pearl Lee, Maryam Mokhtar And Linette Lai, The Straits Times, 14 Nov 2013
ONE is an Institute of Technical Education (ITE) student, while the other is a middle-aged, small business entrepreneur.
Melvin Teo, 17, and Mr Delson Moo, 42, are the duo believed to have been questioned by the police last week over a recent alleged hacking of an Istana webpage, The Straits Times learnt yesterday.
On Tuesday, the police did not identify them but revealed that two suspects were involved in the Istana cyber intrusion, along with two others who allegedly hacked into the Prime Minister's Office (PMO) website on the same day - last Friday.
The two pairs are not connected to each other and did not act in concert but they had "exploited a vulnerability of those sites to display pages from other sources", according to the police.
Checks by The Straits Times found that the pair who are connected to the PMO incident are brothers, Mohammad Asyiq Tahir, 21, and Mohammad Azhar Tahir, 27. Both were arrested and have since been released on bail pending further investigations.
Melvin and Mr Moo were not arrested but continue to assist with investigations into the Istana hacking.
None of the four men is connected to James Raj Arokiasamy, the alleged hacker said to be behind the "The Messiah" pseudonym, according to court papers.
When contacted yesterday, Melvin confirmed that he had been questioned by the police about the Istana hacking, but refused to comment further.
Mr Moo also declined to be interviewed when approached at his office in Ubi Crescent but did not deny that he had been questioned by the police.
The businessman had described himself in a blog as a "doting father" of a boy and said he graduated with an IT degree.
He also said he had a "doctorate in the University of Society" - a self-made title he gave himself for "immersing myself in the workforce since I was a young lad".
Official records show that Mr Moo is a director and shareholder of an online store that sells baby products and women's clothes, and two IT-related firms, all of which are run from the Ubi Crescent office. He and Melvin are believed to be Facebook friends.
Like Mr Moo, Melvin writes a blog and is an active user of Facebook and Twitter. But his Facebook page was taken down last night.
Before it was removed, Melvin's Facebook page featured two caricatures of himself, which were similar to the one that apparently appeared on the Istana's website with the words, "Melvin Teo For The Win", when it was hacked last week.
The former Pei Hwa Secondary School student describes himself as a car and computer enthusiast on his Instagram account, which was filled with images of different cars and computer parts.
In September, he posted on his blog that he had started a small project to custom-build a computer for gaming after learning how to do so from watching YouTube videos.
The Istana hacking incident was flagged by the police on Tuesday - the same day James Raj was charged in court for hacking into the website of the Ang Mo Kio Town Council on Oct 28.
The 35-year-old was identified for the first time then as the alleged hacker who had used "The Messiah" moniker. Apart from facing charges under the Misuse of Computer and Cybersecurity Act, the runaway drug offender - who had been in hiding since 2011 - also faces three charges for drug consumption.
He has since been remanded at the Institute of Mental Health for psychiatric evaluation for two weeks, during which he will not be allowed access to any third parties apart from medical personnel. Third parties include the police.
Meanwhile, lawyer M. Ravi yesterday filed an application asking for James Raj to be granted immediate access to him. The application will be heard in the High Court tomorrow.
The Attorney-General's Chambers, responding to Mr Ravi's application said: "Our position in the High Court will be the same as in the Subordinate Courts.
"We will protect the investigation process and strongly oppose any access by counsel while investigations are ongoing."
'Messiah' nabbed upon return to rented KL flat
Malaysian cops enter unit by force after he claims to have lost keys
By Lim Yan Liang And Lester Kong, The Straits Times, 13 Nov 2013
Malaysian cops enter unit by force after he claims to have lost keys
By Lim Yan Liang And Lester Kong, The Straits Times, 13 Nov 2013
JAMES Raj Arokiasamy's stint as the self-styled "The Messiah" was cut short last Monday, soon after he returned to his rented home in Kuala Lumpur.
Unknown to the 35-year-old, a few dozen plainclothes Malaysian policemen were lying in wait at the upmarket Dorchester Apartment where he had been renting a unit for two years. They swooped in as soon as he sat down in the reception hall at about 2pm, said a security guard who wanted to be known only as Bhimendra.
Following the digital trail left behind by "The Messiah" - the online handle he allegedly used when hacking into, among others, the Ang Mo Kio Town Council website - police pieced together his identity.
They also discovered that their target, a Singaporean, was a wanted man here, having jumped bail in 2011 after he had been charged with drug-related offences.
After he was handcuffed, Malaysian police took him to his apartment unit K11-22, said Mr Bhimendra. But outside his apartment, James Raj apparently claimed he had lost his house keys, added the security guard.
Police then proceeded to enter the unit by force.
"There were signs of forced entry after they left," Mr Bhimendra told The Straits Times. "The owner came back last Wednesday to fix the door."
It was only about five hours later, at 7pm, that police re-emerged from the apartment with James Raj in tow, he said. Guards at the condo said James Raj always left home and came back alone. They did not recall ever seeing him with women or children.
A police spokesman said the arrest was possible because of "the close cooperation and support from the Royal Malaysian Police".
In court yesterday, the prosecution said James Raj had told police he was suffering from Attention Deficit Hyperactivity Disorder and was on medication.
He later said his words were taken out of context and claimed bias on the part of the police, alleging that he had been assaulted "quite badly" during his arrest and had suffered a concussion.
Speaking clearly, he claimed to have been denied a call to his mother and medical attention for more than 30 hours.
"Everything is quite biased against me at the moment... I would feel quite comfortable if I could speak to my lawyer," he told District Judge Kessler Soh.
Despite the protest from defence lawyer M. Ravi, the judge ordered that James Raj be remanded at the Institute of Mental Health for psychiatric evaluation.
During the evaluation, to take up to two weeks, he will not be allowed access to any third parties apart from medical personnel.
The case against him will be heard again on Nov 26.
When contacted, Ang Mo Kio Town Council general manager Victor Wong said that his office was "neutral" upon hearing about the arrest, and had enhanced its security infrastructure after the attack. "We will continue to be vigilant against such security threats," said Mr Wong.
A Ministry of Home Affairs spokesman said much effort and resources have been required to track down the persons responsible for the recent cyber attacks, including those James Raj is responsible for. He added: "We hope that the community will take a strong stand against such anti-social and criminal acts."
Five men charged with vandalism
By Lim Yan Liang, The Straits Times, 13 Nov 2013
By Lim Yan Liang, The Straits Times, 13 Nov 2013
FIVE men were charged in court yesterday for allegedly spray-painting slogans like "We are one we are legion expect us", referring to the global hacktivist group Anonymous, along with "TSK", believed to be the logo of a heavy metal band.
Mohamad Fadzly Aziz, 21; Danial Ryan Salleh, 25; Muhammad Qamarul Arifin Sa'adon, 22; and Muhammad Fitri Abu Kasim, 24, had allegedly sprayed those words at about 4am last Tuesday, on the pavement outside Sunshine Plaza at 91 Prinsep Link.
Minutes later, the four suspects sprayed a similar slogan on a nearby pillar.
At both locations, the four men also sprayed the stylised words "TSK", believed to be a band logo, that they then repeated on the pavement of a taxi stand along Waterloo Street at 4.20am.
At about 5am, Mohamad Fadzly and a fifth accused, Muhammad Redzwan Baskin, 26, were suspected to have defaced a wall and pavement at the Scape building at 2 Orchard Link, with a slogan and the logo.
In court yesterday, the five took the stand one at a time as the charges were read to them.
Danial Ryan Salleh indicated through the court translator that he intended to engage a lawyer, and he was given leave by District Judge Kessler Soh to proceed.
The young men were all accompanied by family members, none of whom would speak to the media when approached.
The Straits Times understands that at least one of the suspects is serving his national service.
They were released on bail of $15,000 each and had their passports impounded.
For each charge of vandalism, the suspects face a mandatory punishment of at least three strokes of the cane.
The next mention for the case will be on Dec 10.
Actor files police report on hacking
By Maria Almenoar, The Straits Times, 13 Nov 2013
By Maria Almenoar, The Straits Times, 13 Nov 2013
AH BOYS to Men actor Ridhwan Azman yesterday made a report to the police against cyber hackers who took control of his social media accounts.
The hackers froze him out of his YouTube, Facebook, Twitter, Instagram, blog and two e-mail accounts. But in doing so, they may have left a trail to their identities.
Ridhwan, 20, said he was able to access his Facebook page four days after it was hacked last Tuesday.
When he accessed the administrative section of his Facebook page, he found that two people - unknown to him - had assigned themselves as moderator and manager for his page. One went by the Facebook profile name Farhan Tahir while another used the moniker Lucypher Prometheus. They removed themselves from his account shortly after.
The police said yesterday that it was inappropriate to comment as investigations are ongoing, and could not confirm if these two people are being probed in relation to other cyber hacking incidents.
They also did not confirm if the two are among a group who have been called up by the police to assist in probes into the cyber hacking of the Prime Minister's Office (PMO) and Istana websites.
These individuals, said the police, are aged between 17 and 45. Two suspects involved in the hacking of PMO sites are brothers while a third suspect is helping investigations.
Two other men are being questioned over the hacking of the Istana website.
"I hope they are caught soon... We should be allowed to speak freely and say what we feel is the truth without worrying about these people (hackers)," said Ridhwan, who is currently serving his national service.
"I stand by what I said... I hope the youth won't be gullible about what they see and read online."
Ridhwan, through his YouTube channel, had asked his 16,000 subscribers not to support hacktivist group Anonymous after it threatened to unleash a legion of hackers on the country last month if the Government did not revoke its licensing regime for online news sites.
Hackers retaliated by gaining access to his accounts and shutting him out of them.
"People should also be more careful with their accounts and make sure they are secure... I had a password that was more than 30 characters long but the hackers still cracked it," he said.
Hacking probes show Singapore must be on its guard
By Irene Tham, The Straits Times, 13 Nov 2013
By Irene Tham, The Straits Times, 13 Nov 2013
ON NOV 2, when multiple government websites went down for several hours, some Singaporeans wondered if it was the beginning of a new sort of havoc in Singapore.
Four days before, hackers had threatened to hit out at government websites if it did not revoke its licensing regime for online news sites.
A masked man identifying himself as a part of cyber activism group Anonymous delivered an ominous message in a YouTube video threatening to "unleash" a "legion" of hackers on the island's infrastructure.
People wondered what the might of this new digital legion might be.
Could they disrupt essential financial services like ATM withdrawals?
Would they be able to steal personal information like NRIC or credit card numbers from government and retailer sites?
Organised crime groups have been known to do this.
Although the trial has yet to begin, IT experts have already noted that the alleged hackers were not sophisticated operators capable of such deeds.
They have been characterised as low-level troublemakers who used fairly rudimentary methods to gain attention, rather than cause deep and direct damage to people's lifestyles and property.
In the case of the Prime Minister's Office (PMO) and Istana webpages, the hackers exploited a vulnerability known as "cross-site scripting", created when the Google search bar was not installed properly on each of the two government websites.
Mr Aloysius Cheang, Asia-Pacific managing director of Cloud Security Alliance, said it is an "elementary" hacking tool that can be automated by a simple code.
"Even their digital tracks were not covered properly, leading to their quick arrest," said lawyer Bryan Tan, a partner in Pinsent Masons MPillay.
Mr Alvin Tan, director of anti- virus software firm McAfee Singapore and Philippines, said the most dangerous attacks are those that stay unnoticed for a long time "for reasons of espionage or creating higher-level damage".
The outcome of investigations and ensuing trials may indeed confirm these assertions, but the incidents are instructive.
They show that even simple website defacements can rattle some nerves and be embarrassing because of their high visibility.
Yet, their actions have also drawn ire, rather than admiration, which is as it should be.
So far, there is no evidence that James Raj and the others in the PMO and Istana incidents are linked to hackers capable of more serious attacks that can bring about real disruption to daily life.
But there is nothing to prevent the latter group from becoming emboldened by what has happened and more must be done to secure Singapore's IT infrastructure against them.
One hint of this danger is the attacks on government websites three days later on Nov 5, which came from many places overseas and are still being investigated.
Many government websites - including those that process important transactions - encountered unusual "spikes" in traffic throughout Tuesday last week as hackers sought to bring them down through Distributed Denial of Service (DDoS) attacks.
In DDoS attacks, the attacker creates a network using thousands of infected computers worldwide, which are then made to overwhelm a targeted site with a huge spike in traffic.
In some instances, DDoS is combined with malware infiltration into networks and systems to steal personal information.
While the attempts here did not result in any identity thefts, they serve as good reminders that IT security is a rigour that can only be raised, not lowered.
Sharing the burden of cybersecurity
By Senol Yilmaz And Ho Kah Kin, Published The Straits Times, 13 Nov 2013
By Senol Yilmaz And Ho Kah Kin, Published The Straits Times, 13 Nov 2013
THE current defacements of government and business websites are a great nuisance to the victims. However, Anonymous, the network of hackers allegedly behind these defacements, declared its intention to create more than just nuisance. In a video last week, the network threatened to attack Singapore's financial sector to "cause financial loss". It remains to be seen whether Anonymous can carry out cyberattacks that would result in significant financial damage.
The fact, however, is that critical infrastructure is highly vulnerable. Last year, for example, the Shamoon virus caused severe disruptions by wiping out data from thousands of computers at Saudi Aramco, the world's largest oil producer. Allegedly carried out by Iran, it took the company two weeks to recover from the attack.
Critical vulnerabilities
IT HAS been demonstrated that when critical infrastructure is attacked, severe disruptions can follow. Further aggravating this situation is that more and more machines are connecting to cyberspace and remotely controlled. These include control systems of gas and oil pipelines. In the near future, even more devices - from those critical for national security to household goods to cars - will be interconnected. When targeted jointly in a mass attack, even private consumer goods could turn into a national security threat.
Given the likely increase in vulnerabilities, governments agonise over the right approach to making cyberspace more secure.
From governments' point of view, protecting critical infrastructure poses two difficulties.
First, in many countries, the operation of critical infrastructure, as well as the physical and intangible components of cyberspace, is in private hands. Due to private ownership, governments often do not exercise immediate operational control. Even standard-setting for the Internet is not always carried out by national governments, or inter-governmental bodies, but in open-standards organisations such as the Internet Engineering Task Force, where governments have limited say.
Second, governments and the private sector have divergent interests: Governments, on the one hand, are concerned with ensuring national security while maintaining or creating an environment conducive for economic activity. The private sector, on the other hand, has as its main objective making profits and serving shareholder interests. In terms of security, it does what it deems "enough", which may not necessarily be sufficient.
In general, every extra dollar spent on security decreases corporate efficiency and shareholder value in the short term. Incentives to invest in additional security measures are often only recognised once perpetrators have successfully compromised systems. This can be too late in the case of a serious cyberattack.
In the context of assigning roles, two diametrically opposing views have emerged. The first argues that corporations have made huge efficiency gains through the computerisation of operations. For example, banks can operate their business more efficiently by allowing their customers to make e-transactions from their homes without interacting with a clerk. Similarly, utilities providers no longer send staff to manually activate valves or switches located away from central operation sites. Rather, the same operation is commanded remotely from a machine, with minimal human action.
For these reasons, it is argued that the private sector should not only reap the efficiency gains of such automation and computerisation but also share the burden of hardening the infrastructure on which they depend.
The opposing view is that securing the nation is one of the most fundamental tasks of governments. Nobody would expect the operator of a hydroelectric power station to protect its dams against enemies' ballistic missiles, so no other standard should apply to figurative cyber-missiles that could result in similar damage.
Arguably, it would be reasonable to share the burden of protecting cyberspace in public-private partnership. But there is no magic formula for assigning the roles that governments and the private sector should assume. The culture of governance differs substantially among countries - from very little public sector involvement to heavy regulation. Still, a three-pronged framework could help in this endeavour: There is need for collaboration, facilitation and regulation.
First of all, close collaboration at all levels is crucial. Exchange of information and best practices, or collaboration in screening and analysing malicious Internet traffic between Internet service providers and governments' computer emergency response teams can reduce cyberthreats.
Secondly, governments can facilitate the implementation of cybersecurity measures by providing reliable guidelines and the right incentives. Investments in additional measures could be awarded tax breaks and low-interest loans could be provided to companies that invest in the resilience of their systems. Furthermore, governments could consider cybersecurity measures that are in place when granting contracts to businesses.
Last but certainly not least, cybersecurity will likely not be achieved without any regulation. Corporations tend to loathe being regulated since it can be burdensome and inhibit profit-making. But governments can develop regulation in close cooperation with the private sector. Equally important, legislative processes need to be accelerated to provide timely guidance to narrow the gap between ill-boding technological advances and regulation. The faster governments react, the less the chance of damage.
Admittedly it is a difficult task to balance the interests of governments and the private sector. However, close public-private partnership can prevent mere cyber-nuisance from transforming into a national security threat and finally lead to a win-win situation: an environment conducive for economic activity in a secure nation.
Senol Yilmaz is an associate research fellow at the Centre of Excellence for National Security, a constituent unit of the S. Rajaratnam School of International Studies, Nanyang Technological University. Ho Kah Kin is head of cybersecurity business development, global cybersecurity, Cisco Systems.
Related
No Effort Spared to Find Hackers: PM Lee
Government agencies on alert after hackers threaten attacks
A pretty messed-up Messiah
The Messiah Saga: Some men just want to watch the world burn
No Effort Spared to Find Hackers: PM Lee
Government agencies on alert after hackers threaten attacks
A pretty messed-up Messiah
The Messiah Saga: Some men just want to watch the world burn