Bribery and corruption behind Football match fixing in Malaysia

Online gambling on football matches in Asia has reached hundreds of millions of dollars each season – with the risk that those involved in making or receiving large scale bets would seek to manipulate the results by threats or bribes of the players, managers or officials.

Malaysia and the Malaysia Super League (Liga Super Malaysia) is a keen target for such match fixers seeking to cream off winnings from the illegal bookmakers.

To combat this threat, the Football Association of Malaysia (FAM) has engaged FIFA’s Early Warning System (EWS) in an effort to combat the issue of match fixing in the country. The FIFA Early Warning System was implemented in August 2016 by the Malaysia Super League (MSL) and will also be extended to international matches hosted in Malaysia. The Football Association of Malaysia have been given a good deal as they won’t have to spend any money on the system, which normally sells for RM100,000 per football season.

The Early Warning System, which was started operations in 2007, is a fraud detection system that monitors betting trends to spot rapid changes in odds being offered and also provides match result analysis. The Early Warning System monitors FIFA competitions, including the World Cup and all qualifying matches, and also works closely with the Asian Football Associations.

Rumours of match-fixing in the Malaysia Super League are nothing new as a number of corruption scandals have surfaced in the past.

The low point for Malaysian football came in 1994-95, when more than one hundred footballers were disciplined with punishment ranging from life bans to suspensions from playing for up to four years. Investigations by Royal Malaysian Police found that there had been gross interference by gambling syndicates to fix the results of games – allegedly physically threatening players who refused to assist. Among those involved included Malek Rahman, Matlan Marjan and Azizol Abu Hanafiah. The arrests and punishments came under a law then known as ‘Emergency Ordinance’, where players could be detained and banished from the game if suspected of fixing matches [the law has since been repealed].

Malaysia came under the football match fixing spotlight again in 2009, when the Malaysian national team played friendly matches against Zimbabwe in Kuala Lumpur – but the games were arranged by notorious convicted match-fixer Wilson Raj Perumal, a Singapore national.

Malaysia managed to beat a higher-ranked Zimbabwe side 4-0 and 1-0 – raising suspicion with the Early Warning System and so the games were investigated by FIFA.

Following an investigation, FIFA revoked the ‘A’ international classification for both matches once it was discovered that a Zimbabwean club team, Monomotapa United, was masquerading as the Zimbabwean national team and were not approved by the Zimbabwean Football Association.

Also in 2009, Lesotho were beaten 5 to nil by Malaysia in a friendly game – with many Lesotho players witnessed going on a shopping spree after the game; generating suspicion as to whether the match result had been interfered with by outsiders.
Since this debacle in 2009, the Football Association of Malaysia has been working with the Malaysian Anti-Corruption Commission (MACC) to investigate suspect results and monitoring players, support staff and identified match fixers. In addition to providing data of betting trends, the Early Warning System will also provide

  • a confidential whistle-blower system
  • a dedicated integrity phone number and email address for anonymous tips to be submitted
  • a monitoring process for all matches in the Malaysian Super League to identify results which may suggest match fixing has been involved
  • an investigation unit to follow up on leads

The Football Malaysia Limited Liability Partnership (FMLLP) Chief Executive Kevin Ramalingam said the implementation of a fraud detection system would uphold the league’s integrity. Kevin Ramalingam added the system will be able to pinpoint players who are likely involved in fixing matches.

Pen drive `of allegations’
Corruption and dishonesty within Malaysian football became a hot topic in September 2016 after
Youth and Sports Minister Khairy Jamaluddin submitted a pen drive, supposedly containing documentary evidence of misconduct, to the Malaysian Anti-Corruption Commission.

Khairy Jamaluddin stated that he had received the pen drive from the Tengku Mahkota of Johor, Tunku Ismail Sultan Ibrahim, in August 2016. The pen drive purportedly contained a 280-page report detailing misconduct and corruption within the Football Association of Malaysia.

However, the Malaysian Anti-Corruption Commission investigation director Azam Baki later reported the commission had examined the contents of the pen drive, but found no evidence under the MACC Act 2009.

 

Ransomware attacks surge in Malaysia

Ransomware has become a critical threat for small and medium sized businesses in Malaysia and across South East Asia due to the ease with which Bitcoin makes extracting ransoms from their victims.

Ransomware is simple but toxic. Malicious software is inadvertently installed on the victim’s computer by way of hoodwinking the victim into clicking on an unsafe link or attachment to an email. Once downloaded, the software then starts to encrypt files on the computer system – ranging from documents through to data sets. Once the software has encrypted enough files, these files are locked to the user and a message is displayed with instructions demanding a ransom be paid to unlock the files. A failure to pay the ransom means the files remain locked and essentially are useless.

Over the past year, Ransomware has emerged as one of the most significant attacks in the hacker arsenal to small and medium sized businesses. Unlike other forms of cyber theft, which often involve stolen credit card numbers or healthcare information, Ransomware acts directly on the victim, locking down their system or data hostage until a ransom payment is made.

Recent Ransomware Attacks
The Hollywood Presbyterian Medical Centre in Los Angeles paid around $17,000 to unlock files in February 2016, following an attack that paralysed a large amount of the hospital’s computer systems. This attack was sophisticated; cybercriminals broke into a hospital server the month before. After two weeks of reconnaissance of the system, the hackers struck on a Friday night, when the hospital’s IT staff was off for the weekend, encrypting data on 800 computers and 130 servers; rendering documents and data unreadable, ranging from patient records through to prescriptions.

In Canada, the University of Calgary paid a demanded $20,000 after a Ransomware cyberattack on its computer systems. The University IT team noticed certain files had become encrypted and managed to quarantine other files and systems from the attack. However, certain valuable files containing research data had already been locked down and so the University opted to pay the ransom to recover the files.

Ransomware Figures
According to Symantec Corporation, Malaysia ranks as 47th globally, and 12th in the Asia Pacific, for Ransomware attacks. In 2015, Malaysians experienced around 5,000 ransomware attacks – or 14 attacks per day.

Recent research conducted by a Cyber Security Research Centre indicated that around half of the victims infected with Cyptolocker agreed to pay the ransom demanded. Though it is understandable that they wanted to retrieve their locked down data files, the payment of such ransoms spurs other hackers to jump in to the activity and create new forms of Ransomware.

Once considered a consumer problem, Ransomware has morphed to target entire networks of computers at hospitals, universities and businesses. That has made it a far more serious and costly threat.

Different Types of Ransomware
Cyptolocker was the first successful Ransomware – able to be used by hackers with medium capability but managed to fleece victims of millions of dollars in 2013 and 2014.

Newer versions of Ransomware include CryZip, Locky, Zepto, Cerber and CryptXXX and UltraCrypter

Many Ransomware attacks exploit known `zero day’ errors in software on computer systems. These holes and vulnerabilities can be found in operating systems or else individual programs, such as web browsers.

The software companies often release updates and patches to close these holes but the hackers depend on owners not installing updates – so the Ransomware can squeeze through and infect the system

Common ways of Ransomware Infection
The traditional and most effective way for a hacker to infect a computer system is by way of email attachments with malware contained inside. Often these attachments are apparently benign Microsoft Office files such as Word or Excel but can include photos or PDFs.

Effective hackers spend some time researching their victim to create emails from spoofed addresses they may trust or else name documents which use a project name or location the victim is familiar with. The victim is then tricked in to opening the document as the name of the document appears real or else they trust the sender, not knowing the sending email address has been faked.

Other hackers may try to infect a computer system by way exploit kits on infected webpages which the victim may use – often on pornographic sites or other sites which pop up and attract visitors.

Once the attachment is unzipped and run or the exploit kit runs, the infection process follows these steps:

1. During the encryption process, the malware generates the public key based on the encrypted private key
2. The malicious software begins encrypting accessible files [often the targeted extensions such as .docx or .xls
3. Once enough files have been processed, the malicious software locks all encrypted files with a private key
4. The computer system still works but cannot access these locked files
5. A ransom note is presented in three formats: text, image, and web page informing the victim of the attack and the need to make a Bitcoin transfer to obtain the encryption key to unlick the targeted files

Use of Bitcoin
The utilisation of Bitcoin has also fuelled the spread of Ransomware. Bitcoin is now the preferred payment method of most Ransomware infections because it allows users to send and receive money from anywhere in the world, often anonymously.

What Can You Do If You’re Infected by Ransomware?
Unfortunately, there is little you can do to recover your files once your system is infected with a Ransomware attack and the files are encrypted. The best defence is to have a full back up stored on a separate drive so that you can reinstall the data. However, make sure to isolate your backup to prevent these files also being encrypted and locked down.
1. Isolate the infected machine
It’s important that the system is taken offline, as the hackers essentially control your computer and could use it to gain access to other systems on the network.

2. Weigh up the pros and cons of paying a ransom
As with any form of ransom, you are not guaranteed to obtain cooperation from the hackers – they may demand further payment or else you may be the target of a repeat (and potentially more costly) ransom attack in the future.

Can you be sure that the Ransomware will indeed be unlocked? If it is unlocked, can you be sure that it hasn’t been pre-programmed to repeat its encryption and demand a higher ransom?

[However, anecdotal information indicates that the hackers want their business model to work and thus do release the data upon payment].

3. Recovery
Run endpoint security software to discover and remove the Ransomware software. If it cannot detect the threat, wipe the machine and remove the operating system.

4. Restore
Review your recent data backups and restore files and operating systems with the most recent back-up.

5. Alert Law Enforcement
In Malaysia the agency is CyberSecurity Malaysia and can be contacted via website www.cybersecurity.my

In Singapore the agency is the Cyber Security Agency of Singapore – see
https://www.csa.gov.sg/singcert/about-us/faqs for details

Though they probably won’t be able to provide immediate assistance, such attacks need to be reported in an effort to track the hackers.

Do you need to know more about our services and how Regents can assist you with preventing information loss? Simply go to our Cyber Threats page for our phone numbers or else send an email to contactus@regentsriskadvisory.com with your contact details and we will respond at once.