KUALA LUMPUR, Sept 16 (Bernama) -- Mimos Bhd, which operates JARING, Malaysia's first Internet Service Provider (ISP), today urged all information technolgy (IT) managers and administrators to review their IT policies and take immediate action by checking and securing all computers and servers within their networks.

Its Vice President for Technology Development, Dr Mohamed Bin Awang Lah, in making this appeal to those in local public and private universities, as well as government departments, said that all compromised servers detected so far were hacked using well known methods.

Compromised servers are those used as launching pads for severe IRC (Internet Relay Chat) abuse which include flooding, denial of service attack and other IRC policy breach activities.

Some guidelines are available through the MyCERT website, he said at a media briefing.

Dr Mohamed attributed these security problems to operational and management weaknesses and not technology issues.

Reminding individual Internet users to protect their personal computers (PCs) in order to avoid being used as the launching pad by irresponsible parties, he said JARING users should read their e -mail regularly and make sure that their mailboxes are not full. All notices and reminders for users are sent through JARING e-mail system.

For further details, users can visit Mimos websites at www.jaring.my and www.mycert.mimos.my

Meanwhile, Dr Mohamed also said that the Aug 16 ban on JARING users from using IRC services provided by US-based IRC service provider, Undernet, had been lifted on Aug 20, 1999.

In response to claims that ISPs in Malaysia were not responsive to complaints made by Undernet over the last two years, he said: "While we cannot speak on behalf of other ISPs in Malaysia, our investigation indicated that neither JARING Abuse Team ( nor MyCERT has ever received such complaints from Undernet administrators until Aug 16, 1999."

"As every complainant to JARING and MyCERT will automatically receive a ticket number for tracking purposes, we have requested Undernet administrators to furnish us the ticket number or copy of their past complaints. Undernet was however unable to furnish us with any of the requested information as proof of its past complaint. We do not intend to pursue this matter further."

"Irrespective of whatever miscommunication that might have existed between Undernet and Jaring in the past, we took its recent complaint very seriously. We have opened direct communication channels betwen both Jaring Abuse Team and Mycert with Undernet administrators," he said.

Mimos has been receiving daily reports since Aug 22, 1999.

Dr Mohamed said that Mimos received the first batch of abuse listing from Undernet on Aug 20 containing 38,323 abuse incidences recorded from Jan 5 to Aug 15, 1999. The abuses can be classified as:

• Cloning: establishing more than two chat sessions at the same time by the same user on the same computer;

• Unsecured Proxy: improperly configured proxy server which allow unauthorised third parties to use the server for abuse purposes;

• Others: severe abuses involving activities such as flooding, harassing and attacking other chat sessions.

Giving the latest statistics of daily abuse incidences it received from Undernet, he said, Mimos managed to identify 18 organisations whose servers (38) had been hacked into and used as launching pads for the majority of the abuse cases. Owners of all these servers have been contacted.

Out of the 38 compromised servers detected so far, 18 (47.4 percent) are from educational organisations, 16 (42.1 percent) are from government organisations and 4 (10.5 percent) are from private organisations. The actual number of educational, government and private organisations involved are 9 (50.0 percent), 6 (33.3 percent) and 3 (16.7 percent), respectively.

Dr Mohamed said that Mimos found that these servers were used as the launching pads by the same group of persons from one of the local universities. "We have reasons to believe that at least 30 more servers in foreign countries have been used for the same purpose by the same group."

Mimos has issued warning e-mails to 160 dialup users consisting of 146 personal and 14 corporate subscribers. Attempts are also made to contact them by telephone.

"We have so far received 26 replies and explanations. Users who continue to abuse or fail to respond within one week of issuance of notice may get their accounts terminated or suspended. We have so far suspended 14 accounts."

Further investigations are still being carried out on all other abused accounts, he added. --BERNAMA