TheStar: Unknown individual warns UiTM to boost portal security or else

UiTM, child

PETALING JAYA: An anonymous individual has issued an online ultimatum to Universiti Teknologi Mara (UiTM) to step up the security on seven portals linked to it.

If the university does not implement Secure Sockets Layer (SSL) and TLS (Transport Layer Security), two cybersecurity protocols, by Feb 4, the person – known only as “AA” – has threatened to release leaked student data to a wider online audience.

Earlier this month, it was reported that the personal records of 1,164,540 students and alumni enrolled at UiTM from 2000 to 2018 had been leaked online.

In the ultimatum posted on the text storage site Pastebin on Jan 29, “AA” threatened to post 100,000 student records a day on Facebook, Twitter, Instagram, Pastebin, Telegram and WhatsApp.

The leaked student records include details like students’ names, MyKad numbers, house addresses, email addresses, campus codes, campus names, programme codes, course levels, student IDs and mobile numbers.

“AA”, who also claims to be the source that tipped off Lowyat.net to the UiTM data breach, claims to have all the leaked student records.

“It would take a basic idiot one day to implement this security measure across all the sites,” claimed “AA”, who sent the Pastebin link with his ultimatum to media outlets, including The Star, yesterday.

The seven portals he wants to see implement better security are the iSTUDENT Portal System, iLearn V3 Login, Electronic Question Paper System, Portal I-Staf, PRISMa, iRMIs and UiTM Consultancy Unit.

However, cybersecurity company LGMS director Fong Choong Fook said while it’s a simple process to purchase and install security certificates like SSL, he doesn’t really think the lack of it as a critical vulnerability.

He said that these security measures protect a user’s data from being hijacked and seen by other parties, but this can only happen if the hacker and the victim are on the same network.

“Say, both you and I are surfing a website in a cafe. If the website is not entirely using HTTPS, I can potentially hijack your traffic and see the content. But, again, this requires tools and skills,” he said.

HTTPS or Hyper Text Transfer Protocol Secure is the secure version of HTTP and encrypts the communications between a user’s browser and the website he or she is surfing.

It is often used to protect transactions like online banking and shopping.

Full article from TheStar

You may also find other interesting LGMS News at the following links:

Malaysian Reserve: Data encryption can deter hackers
TheStar: CIMB assures no security flaw in its online banking portal password input
BFM: Terrifying Technology Tribulations
Malaysian ‘White Hat’ warns of AI powered attacks, launches international hub with MDEC
School examination analysis system has taken down by Education Ministry