KUALA LUMPUR, Thurs. - A group of computer users from a local university is believed to be behind recent abuse of the Internet, according to local service provider Jaring.

They are said to have hacked into 38 computer servers belonging to local educational, government and private organisations for use as launching pads for the online abuse.

Mimos Bhd technology development vice-president Dr Mohamed Awang-Lah said at least 30 more servers in foreign countries might have been used for the same purpose by the group.

He declined to name the university involved but said Jaring had identified 18 organisations whose 38 servers have been hacked.

Of this, 18 are educational organisations, 16 government organisations and four private organisations.

Mohamed also did not specify whether the group responsible were students but said they were among a larger number of local users responsible for 182,000 abuses committed against Undernet, one of the world's largest Internet Relay Chat networks.

Undernet imposed a four-day ban on all local users on Aug 16. The problem of abuse had been so severe that the Undernet servers were completely overtaken for four days from Sept 8.

Of the total abuses claimed to have been committed by local users against Undernet in the past few months, 38,323 have been identified by Jaring as being committed by its subscribers, he said.

IRC networks are mostly private-run services which allow anyone with Internet access to have real time, typed, online conversations (chats) with an almost unlimited number of partners worldwide.

Jaring has also issued warnings to another 160 subscribers for committing the offences against Undernet and has so far suspended 14 accounts.

"We are still investigating the other cases."

There are about 1.5 million local Internet users, and about 500,000 ISP subscribers, of which 230,000 are registered with Jaring.

"All of the abusers use well-known methods in committing the abuses. The techniques for remedy are also well known."

He said the poor security of local universities' and government computer servers made them prime launching pads for the online abuses committed by Malaysians against Undernet since early this year.

"We would like to stress that all these security problems are owing to operational and management weaknesses and not technology issues."

He said the problem of poor security servers was also owing to low awareness among owners of the importance of maintenance, and the lack of trained staff for maintenance purposes.

"But even if you secure your server today, it will not remain safe forever, as the technology is dynamic. Therefore, it's important to have constant reviews and audits of your server."

The three types of abuses committed against Undernet were:

• cloning - establishing more than two chat sessions at the same time by the same user on the same computer;

• unsecured proxy - improperly configured proxy servers which allow unauthorised third parties to use the server for abuse purposes; and,

• other - abuses such as flooding (sending huge packets of information to multiple IRC channels simultaneously), harassing and attacking other chat sessions.

Mohamed said the servers were being used as launching pads because of the low priority these organisations placed on maintenance, the setting up of a specific IT department or having an IT policy.

There are many ways to protect servers from being manipulated by others.

"You can do it yourself, get others to do it, get the service personnel from the computer supplier to do it."

Many organisation servers are also abused by their staff when they use the access without identifying themselves.

"This is the reason why Jaring allows organisational dial-up accounts to create up to 20 supplementary accounts, and family accounts can have up to five supplementary accounts," Mohamed said.

"The purpose is for users to have their own password and identity when they log on to the Internet."

Although there is no direct financial loss for the organisations whose servers had been hacked into, owners have to allocate resources and time to deal with the effects of the abuses.

Mohamed appealed to all IT managers and administrators in local universities and government departments to review their IT policies and take immediate action to check all servers and computers within their networks.

Guidelines are available through Mimos Bhd, Malaysian Computer Emergency Response Team (MyCERT) website at http://www.mycert.mimos.my.

Individual Internet users are also reminded to protect their personal computers in order to avoid being used as a launching pad for abuses. They are advised to visit the website at http://www.jaring.my for futher details and updates.



---

Disclaimers and copyright information