UM hack - feckless activism is not justified - Commander S THAYAPARAN (Retired) Royal Malaysian Navy
Monday, October 21, 2019
Malaysiakini : COMMENT | “Propensities and principles must be reconciled by some means.”― Charlotte Brontë, 'Jane Eyre'
As anyone at Malaysiakini
would tell you, I am the least computer savvy person in Malaysia. This
is why the recent UM website hack is terrifying to me. Any hack is
terrifying to me. The most troubling aspect of any hack is the invasion
of privacy. This pales in comparison to the despondency and lack of
trust which settles in after you have been through the wringer
attempting to rectify the situation.
If you are like me, someone
who has very little knowledge of how these things work, the loss of
privacy and the subsequent scramble to “protect” whatever information is
out there, the bureaucratic hassle of setting things in order becomes
an ordeal. It is much worse if you are older and have to rely on more
tech savvy people to help you navigate the aftermath of your personal
information getting out there.
There are a couple of issues I want to unpack about this hack on UM. Over the years writing for Malaysiakini
I have made friends with numerous people who consider hacking a form of
activism or a business endeavor. They send me articles on ethics,
famous hacks and, most interesting for me, chat group conversation about
the various communities who sometimes have agendas, but more often
believe in some form of anarchy.
Over the years, I have had offers to dox people who contribute in the
comment section because the comments were deemed racist or blatant
lies. I have always emphatically said no.
It may not be in
the same category, but why would I want to put anyone through that? It
never fails to amaze me that people who claim to believe in free speech
(and anarchy) are willing to sanction those practicing it (often
irresponsibly and cowardly), most often under the cover of anonymity.
the hack was first announced, the number of emails I received from
people who were gleeful that UM got hacked troubled me. I have no idea
why they would think that a data dump of personal information from
academic and non-academic staff would be something to be celebrated.
If you have an issue with the way how activist Wong Yan Ke (above) was treated, why does this translate to a feeling of schadenfreude
for people who have no dog in this fight? If you are angry with the
vice chancellor who made racists remarks, why treat the staff as
collateral damage? If you think that Universiti Malaya’s security
measures are a joke, why punish the people who work there or use the
A couple of comments made to the media reflecting the
underlying anxiety of students and staff about the hack, are worth
considering. "This is not the right way and platform to
express their feelings. Why affect other innocent students and the
operating system of the university?" "I think it's acceptable
for this unknown party to hack the UM E-pay portal as a protest. But
that's if they do not take any advantage of the students' financial
Apparently, before the hack, there were WhatsApp messages
warning students and staff not to use the system because it was infected
with malware. The messages I assume were meant to mitigate the damage
done, but present a whole new set of problems. It is not inconceivable that people would start spreading hoax messages just to disrupt the usage of systems which are targeted
for political or personal reasons. Also it is much like dropping
leaflets in a community before you bomb the hell out of it. Pointless
and an insincere attempt at empathy.
There is making a statement
with your hack, and then there is malicious intent. Some would claim
that the two are not mutually exclusive, but I think it can be. MrX, the
hacker(s), who made the run on UM, said that they were not to blame,
but UM for not prioritizing security.
If they had just hacked the
site and made it known that UM security was a joke, this at least would
have some sort of utilitarian value that could be justified. Instead,
the hackers released the personal information of staff, including bank
account information and pay slips, which is mala fide.
words, they wanted to hurt people and not just demonstrate that security
was a joke. What is worse is that they claim to be on the side of UM
students. Is there some form of monolithic perspective when it comes to
the “situation” in UM? Friends who work there claim that there
are issues that the “management” has been avoiding for years, but the
question remains, how leaking the personal information of staff helps
the situation. I would argue that what this has done is make the
I have also received numerous emails from people
who were affected by this hack and the steps they had to take to rectify
the situation. Reading about their problems is an exercise in blood
pressure control. I would not know what to do, if I were in their
Many are afraid of identity theft and are paranoid if
money in their bank accounts would still be there. I know a couple of
people who have been compulsively checking their accounts at the ATM,
and then wondering if their pin numbers have also been hacked. Paranoia
sets in quickly, which I suppose is the intent of people who engage in
Wong Yan Ke disavows the actions of the hackers, but
says: “(However) This shows that people are against what the university
is the problem. The university staff did not do anything. I get that it
easier to make the case that the whole institution is to blame instead
of focusing on just the VC. Indeed, I assume that Wong’s act of protest
was against the VC and not the entire staff of UM. Furthermore,
when Wong says: “What we need to highlight here is not whether they are
supporting me or not, but we need to highlight that there is a breach of
security, which means the security of our (UM) website is prone to
risks,” is disingenuous.
If the hackers had just hacked the
system without the data dump of personal information, then the only
thing we should be concerned about is how UM’s security is wanting. However, what these hackers did was dump the personal info of staff, and
in the process caused distress to many people who do not have a dog in
this fight beyond working to support their families by working for UM.
The hackers claim they did this in solidarity with UM students.
nuance of the hack and the harm it caused people should be what any
activists who claim to rely on first principles should be concerned
about, and not gaining political mileage from the hack while disavowing
If activism has mala fide consequences, or the perception is
that it is acceptable to have collateral damage while making a point,
how does this sort of activism serve the rakyat? It is like protesters
damaging public or private property and then claiming “forget about all
that and think of the greater “good”.
To quote Omar (from the TV series 'The Wire') the bandit who stole from drug dealers: “A man gotta have a code.”