Hacker trying to cash in on 'Datuk' obsession


MELAKA: A hacker is trying to cash in on the obsession with honorary titles by offering to unlawfully insert names into an official website that lists genuine recipients of such awards.

The website belongs to Bahagian Istiadat dan Urusetia Persidangan Antarabangsa (Biupa), a protocol unit under the Prime Minister’s Department.

Biupa is responsible for listing the recipients of federal and state honorary titles.

A 33-year-old car salesman who asked to be identified only as Sam said the hacker sent out a WhatsApp message offering his services in early November.

Sam said he was sceptical about the services offered by the hacker, who called himself “Zacky”.

The message told recipients to visit the Biupa website at www.istiadat.gov.my to check whet­her or not their names were listed there.

Those who wanted to be listed in the system were told to call the telephone number included with the message.

A service fee of between RM2,000 and RM5,000 is charged.

Those who called Zacky said he claimed that he was appointed to add the names of award recipients into the system.

Zacky is also said to offer another service in which he charges an exorbitant sum for those with dubious titles to get listed on the site.

However, The Star’s attempts to contact Zacky at the number provided went unanswered.

It is learnt that officials from Biupa found about 50 dubious names – people who were not recipients of any federal or state title – in the system in November and have rectified the listing so that the website now shows only actual recipients of awards.

Top officials from the unit also lodged two police reports at Putrajaya police headquarters between Nov 15 and 24 over the scam.

For the record, access to the website is only granted to Biupa officials and the hacker apparently managed to infiltrate a highly secure site where others had tried before and failed.

It is believed that Zacky used a common attack vector known as SQL injection to infiltrate the site. SQL injection uses malicious code to manipulate a database and access confidential information.

A successful SQL injection could also enable a hacker to gain administrative rights to a website.

MCA Public Services and Complaints Department head Datuk Seri Michael Chong said the hack was startling.

“If they got into a government website, it is very serious.

“The authorities should come down hard on the hacker to deter future incidents,” he said when contacted yesterday.

Chong, who is also an exco member of the Council of Federal Datuks Malaysia, added that fake titles were becoming rampant but the cases of which he is aware mostly involve fake identification cards and medals.

“Our (cyber) security should be increased.

“Those responsible for this should be charged under the Prevention of Crime Act,” he added.

Get 20% OFF The Star Digital Access

Monthly Plan

RM 13.90/month

RM 11.12/month

Billed as RM 11.12 for the 1st month, RM 13.90 thereafter.

Best Value

Annual Plan

RM 12.33/month

RM 9.87/month

Billed as RM 118.40 for the 1st year, RM 148 thereafter.

Follow us on our official WhatsApp channel for breaking news alerts and key updates!
Courts & Crime , pingat

Next In Nation

Network School in Forest City told to shut down, says Johor MB
Journalism must remain rooted in ethics as AI reshapes media landscape, says PM Anwar
Malaysia Fest 2026 to promote unique Malaysian agro-products in Singapore
Star Media Group wins big at MPI-PETRONAS Malaysian Journalism Awards
One dead, two missing after falling from same bridge in two separate incidents
Teen girl killed, three injured in Lojing crash
Ramanan objects to Kota Damansara data centre, issue to be brought to Cabinet
Landslide partially blocks Tapah-Cameron Highlands road
Sungai Sepetang pollution due to collapse of treatment pond embankment
Foreigner nabbed for attacking college student with iron rod in Setapak

Others Also Read