Cyber attacks are on the rise in the Kingdom, with dozens of sites targeted in the past month. From teenage computer hackers looking for mischief to the local chapter of Anonymous taking down government sites, Cambodia’s infant hacking culture has made its debut. Bennett Murray reports.
By day, a twenty-something man works as an IT consultant in Western Cambodia, firming up the security apparatus of his clients.
At night, he hacks into government websites as ‘Black Cyber’, or, to go by his more convoluted name, ‘blackcyberzer0’.
As a member of Anonymous Cambodia, the local arm of the international ‘hactivist’ collective known for its politically motivated cyber attacks, he claimed responsibility for the July 7 attack against the National Election Committee (NEC) website, which took the website offline for about 12 hours.
The websites were attacked in protest over alleged government efforts to register illegal Vietnamese to vote in the July 28 election, he said.
The hacking, dubbed ‘Operation Radar’, was followed by the theft of two gigabytes of sensitive data related to the NEC’s voter list, which he said would be leaked Friday -- nine days before the election -- refusing to give any more details.
Anonymous Cambodia is actively recruiting new members as Cambodia’s hacking community grows, although only three took part in the attack on the NEC site, according to the hacker. As the global Anonymous collective has no central command, anyone can declare themselves a member.
“We have an ongoing operation in Cambodia to not just create new blood hackers, but to let others out there know about us,” said Black Cyber. “There are not many Anonymous hackers in Cambodia, but I’m sure there are a lot of other hackers out there.”
In the past month, the Kingdom has seen the emergence of a very modern crime problem as Cambodian hackers launched attacks on websites based in the Kingdom and neighboring countries. Most targets have been private sector websites, including Legend Cinema, Sabay News, Lao Airlines and Sorya Transport.
With the exception of Anonymous, the bulk of the attacks have been carried out by apolitical pranksters who say their aim is to draw attention to faulty security protocols. As a result of the sudden wave of hacking, some companies have re-thought their approach to cyber-security.
Ou Phannarith, head of the Cambodia Computer Emergency Response Team (CamCERT), a cyber-security organisation created by the Council of Ministers, said that these were the first attacks committed by local hackers.
“The Cambodian hackers have just shown up last month, when they attacked the CNC and MyTV websites,” Phannarith said.
“Before that time, there might have been hackers, but they were afraid to show up.”
Although this is not the first time that Cambodian sites have been targeted, attacked websites are now sometimes defaced with Khmer text, and links to the hackers’ Facebook pages show them discussing operations in Khmer.
In the past month, scores of other Cambodian websites have been attacked by what Phannarith said are four distinct groups: Anonymous Cambodia, Team Jek Jean, Jao Komsot, and Latest Khmer Hacker.
Most attacks have been ‘defacement’ activities, which involve replacing a website page with a page of the hacker’s own design. These defaced pages typically contain a message from the hacker warning the webmaster to bolster security.
“I just want them to care about security,” said Jek Jean, the pseudonym of one 17-year-old Phnom Penh-based university student who, along with his friend, also a teenager, has hacked numerous websites, including CNC, MyTV, Sabay and YCT Computer.
Before he started defacing websites, he would search for loopholes and alert the webmasters without inflicting any damage. But after receiving no responses to his warnings, he decided webmasters would only improve security after being attacked.
“I help them by hurting them a bit,” said Jek Jean.
Sok Keang, a staff member at YCT Computer Technologies shop in Phnom Penh, said that his company chose to redesign its website’s security after being hacked by Team Jek Jean earlier this month.
He said that he was angered by the hacking because it interfered with his business, but acknowledged that it alerted them to the need for cyber-security.
Jao Komsot, a pseudonym of a 30-year-old hacker based in Kandal province, said that he creates additional pages on his targeted websites but never defaces the homepage. Because he has no formal training and uses programming scripts created by others, he said that he is a ‘script kiddie’ and not a true hacker.
“I’ve never destroyed their website by changing admin password, defacing their homepage or deleting their web content, I just add only one file into those hacked sites,” said Jao Komsot, who added that he feels compelled to hack poorly protected websites.
“The reason that I do it, because I like to try to do something new. I could not control myself not to do it, when I see a website has vulnerable security.”
Phannarith said these simple defacements constitute the bulk of Cambodian hackers’ activities.
“It seems that they were just having fun with those infected websites, and the motivation behind them being that they want the webmaster or website’s owner to think about security,” he said.
The exception is Anonymous Cambodia, which uses sophisticated distributed denial of service (DDoS) attacks that take websites offline by overwhelming their ability to accept requests from web browsers.
“This team looks like a mature team that could use DDoS attacks against the system,” he said.
After a lengthy email exchange with Anonymous’ Black Cyber, who demanded proof of employment at the Post before consenting to an interview out of fear that he was speaking to a foreign government agent, he agreed to talk about his motivations for his illicit pastime.
“The first reason [for hacking] is for political reasons,” said Black Cyber, citing concerns over Vietnamese voters participating in the election.
“We’re not racist people, we just don’t want people from other countries to come vote for us.”
“If you don’t have any signed paper from our King to become a citizen of this country, you shouldn’t get any certificate or anything else to be able to join our country and become a citizen. So we attacked.”
“The second reason is to enjoy the technology. It’s just like you’re playing a computer game.”
Black Cyber said that he first became involved with Anonymous in 2010 during its ‘Operation Payback’ attacks against financial institutions that had withdrawn services from Wikileaks in the aftermath of the leak of thousands of US diplomatic cables.
“I always read about Anonymous during my training, and then when Operation Payback began, I decided to join,” he said.
His next Anonymous action took place in April 2011, when Anonymous successfully disrupted the PlayStation Network for a day after Sony sued George Hotz, a 21-year-old American hacker, after he successfully hacked into the gaming console’s hardware to enable it to run ‘homebrew’ (programs created by private users) and released the information publicly.
International members of Anonymous took credit for attacks against the Cambodian government in September 2012 in retaliation for the Kingdom’s extradition of The Pirate Bay co-founder Gottfrid Svartholm Warg to Sweden to serve a one-year prison sentence for piracy, and Black Cyber denied personal involvement.
When asked if he would ever consider joining Anonymous, Jek Jean said he would never take part in their political attacks.
“I have my own way, they have their own mission,” he said, adding that he is not a political person and is only interested in the security component of hacking.
Although Cambodian hackers have thus far focused on defacement and DDoS attacks, concerns have been raised that Cambodia’s financial institutions could be at risk, particularly after the National Bank was hacked in 2012 and administration usernames and passwords were leaked.
“Banks in Cambodia are getting more threats from attacks of hackers, cyber-criminals and even other nation states,” Phannarith said at the fifth annual Banking and Microfinance Conference at the InterContinental Hotel last month. “They are mainly for money or political attacks.”
Both Grant Knuckey, CEO of ANZ Royal Bank, and So Phonnary, executive vice president of ACLEDA Bank, insisted that their cyber-security systems were adequate.
The hackers that 7Days spoke to said that they had no intention to commit theft or fraud.
“Hacking a bank account, the idea is not good. We’re not going to destroy or record personal information. We are here to bring stuff about the government out into the internet. That’s all,” said Black Cyber.
“Myself, I don’t think I’m a criminal. The opinions of the other Anonymous members, they might differ from me. But I’m certain I’m not a criminal.”
Regardless of his own feelings about the morality of his hacking, Black Cyber said that he keeps his moonlighting a secret from everyone he knows in the real world.
“If anyone knows, they haven’t told me,” he said. “I’m an IT consultant. I provide security. If they find out, I might not be able to operate.”
When asked if he was afraid of being caught, Black Cyber said he was worried about foreign governments catching on to him.
“The Cambodian government by itself won’t catch us,” he said. “But they might if they collaborate with other agencies like from around the world, like the FBI, CIA or NSA.”
Jao Komsot said that he accepts the possibility he may be caught by local authorities.
“If you ask me whether I am scared or not about doing this? I can say yes, because it is my risk. However, I don’t forget to protect my identity information as well.”
However, Jek Jean said that he would be safe as long as he did not go after government websites. Furthermore, he said, he would soon ‘retire’ from hacking.
“I see many developers waking themselves up and worrying about security,” he said. “My mission is complete.”
But Black Cyber said that Anonymous Cambodia is only getting started. In the future, he would like to mimic the attack launched by Anonymous members in the United States against the US Department of Justice’s Sentencing Commission in January, which transformed the government website into a game of ‘Asteroids’.
Ultimately, Black Cyber said that his hacking is not about him, but about Anonymous’ goal of unveiling government secrecy.
“I am not known within the Anonymous collective and I do not wish to be known. I do, however, wish for my message to be known.”