Police don’t discount possibility of an inside job.
The police are attempting to block an alleged attempt to sell millions of personal details allegedly stolen from the National Registration Department.
Bukit Aman Commercial Crime Investigation Department director Kamarudin Md Din said this was the first step taken by the police upon learning of the matter yesterday (Sept 27).
He said the police are also attempting to identify the persons involved in the alleged leak and do not discount the possibility of an inside job.
“We are working to block (the selling). That was the early action we are taking before we try to identify (those responsible).
“That is what we are going to do immediately – to block the data (from being sold online),” he said during a press conference at the Jinjang police station in Kuala Lumpur.
Earlier on Tuesday (Sept 28), tech blog lowyat.net reported that a 31.8GB dataset – ostensibly containing personal records of four million Malaysians held by the NRD – was being sold.
The seller is seeking payment of 0.2 BTC (approximately RM35,030.79 at the time of writing).
This dataset was advertised on an online forum notorious for selling stolen personal information from all over the world.
Based on a sample shown by the seller, the dataset is supposed to contain birthdate, email, gender, mailing address, phone number, MyKad number, permanent address, race and religion in the json format.
The seller claimed that the data was obtained from the “myIdentity API” through the Inland Revenue Board, better known by its acronym LHDN, website.
‘Everyone is a suspect’
Kamarudin said police received a report on the issue yesterday, lodged by a NRD deputy director at the Putrajaya district police headquarters.
Following this, they opened an investigation under Section 420 of the Penal Code and Section 4(1) of the Computer Crimes Act 1997.
“We are investigating and trying to determine where the data leak has happened, whether from NRD or the LHDN,” Kamarudin said.
“Police do not discount the possibility that there is involvement of an inside job. At this juncture, everyone is a suspect.”
He said police will be working together with other related agencies including the Communications and Multimedia Commission, Cyber Security Malaysia and National Cyber Security Agency (Nacsa) in the probe and to further strengthen the security of the government’s database system.
By : HARIZ MOHD – MALAYSIAKINI