Bribery and corruption behind Football match fixing in Malaysia

Online gambling on football matches in Asia has reached hundreds of millions of dollars each season – with the risk that those involved in making or receiving large scale bets would seek to manipulate the results by threats or bribes of the players, managers or officials.

Malaysia and the Malaysia Super League (Liga Super Malaysia) is a keen target for such match fixers seeking to cream off winnings from the illegal bookmakers.

To combat this threat, the Football Association of Malaysia (FAM) has engaged FIFA’s Early Warning System (EWS) in an effort to combat the issue of match fixing in the country. The FIFA Early Warning System was implemented in August 2016 by the Malaysia Super League (MSL) and will also be extended to international matches hosted in Malaysia. The Football Association of Malaysia have been given a good deal as they won’t have to spend any money on the system, which normally sells for RM100,000 per football season.

The Early Warning System, which was started operations in 2007, is a fraud detection system that monitors betting trends to spot rapid changes in odds being offered and also provides match result analysis. The Early Warning System monitors FIFA competitions, including the World Cup and all qualifying matches, and also works closely with the Asian Football Associations.

Rumours of match-fixing in the Malaysia Super League are nothing new as a number of corruption scandals have surfaced in the past.

The low point for Malaysian football came in 1994-95, when more than one hundred footballers were disciplined with punishment ranging from life bans to suspensions from playing for up to four years. Investigations by Royal Malaysian Police found that there had been gross interference by gambling syndicates to fix the results of games – allegedly physically threatening players who refused to assist. Among those involved included Malek Rahman, Matlan Marjan and Azizol Abu Hanafiah. The arrests and punishments came under a law then known as ‘Emergency Ordinance’, where players could be detained and banished from the game if suspected of fixing matches [the law has since been repealed].

Malaysia came under the football match fixing spotlight again in 2009, when the Malaysian national team played friendly matches against Zimbabwe in Kuala Lumpur – but the games were arranged by notorious convicted match-fixer Wilson Raj Perumal, a Singapore national.

Malaysia managed to beat a higher-ranked Zimbabwe side 4-0 and 1-0 – raising suspicion with the Early Warning System and so the games were investigated by FIFA.

Following an investigation, FIFA revoked the ‘A’ international classification for both matches once it was discovered that a Zimbabwean club team, Monomotapa United, was masquerading as the Zimbabwean national team and were not approved by the Zimbabwean Football Association.

Also in 2009, Lesotho were beaten 5 to nil by Malaysia in a friendly game – with many Lesotho players witnessed going on a shopping spree after the game; generating suspicion as to whether the match result had been interfered with by outsiders.
Since this debacle in 2009, the Football Association of Malaysia has been working with the Malaysian Anti-Corruption Commission (MACC) to investigate suspect results and monitoring players, support staff and identified match fixers. In addition to providing data of betting trends, the Early Warning System will also provide

  • a confidential whistle-blower system
  • a dedicated integrity phone number and email address for anonymous tips to be submitted
  • a monitoring process for all matches in the Malaysian Super League to identify results which may suggest match fixing has been involved
  • an investigation unit to follow up on leads

The Football Malaysia Limited Liability Partnership (FMLLP) Chief Executive Kevin Ramalingam said the implementation of a fraud detection system would uphold the league’s integrity. Kevin Ramalingam added the system will be able to pinpoint players who are likely involved in fixing matches.

Pen drive `of allegations’
Corruption and dishonesty within Malaysian football became a hot topic in September 2016 after
Youth and Sports Minister Khairy Jamaluddin submitted a pen drive, supposedly containing documentary evidence of misconduct, to the Malaysian Anti-Corruption Commission.

Khairy Jamaluddin stated that he had received the pen drive from the Tengku Mahkota of Johor, Tunku Ismail Sultan Ibrahim, in August 2016. The pen drive purportedly contained a 280-page report detailing misconduct and corruption within the Football Association of Malaysia.

However, the Malaysian Anti-Corruption Commission investigation director Azam Baki later reported the commission had examined the contents of the pen drive, but found no evidence under the MACC Act 2009.


Ransomware attacks surge in Malaysia

Ransomware has become a critical threat for small and medium sized businesses in Malaysia and across South East Asia due to the ease with which Bitcoin makes extracting ransoms from their victims.

Ransomware is simple but toxic. Malicious software is inadvertently installed on the victim’s computer by way of hoodwinking the victim into clicking on an unsafe link or attachment to an email. Once downloaded, the software then starts to encrypt files on the computer system – ranging from documents through to data sets. Once the software has encrypted enough files, these files are locked to the user and a message is displayed with instructions demanding a ransom be paid to unlock the files. A failure to pay the ransom means the files remain locked and essentially are useless.

Over the past year, Ransomware has emerged as one of the most significant attacks in the hacker arsenal to small and medium sized businesses. Unlike other forms of cyber theft, which often involve stolen credit card numbers or healthcare information, Ransomware acts directly on the victim, locking down their system or data hostage until a ransom payment is made.

Recent Ransomware Attacks
The Hollywood Presbyterian Medical Centre in Los Angeles paid around $17,000 to unlock files in February 2016, following an attack that paralysed a large amount of the hospital’s computer systems. This attack was sophisticated; cybercriminals broke into a hospital server the month before. After two weeks of reconnaissance of the system, the hackers struck on a Friday night, when the hospital’s IT staff was off for the weekend, encrypting data on 800 computers and 130 servers; rendering documents and data unreadable, ranging from patient records through to prescriptions.

In Canada, the University of Calgary paid a demanded $20,000 after a Ransomware cyberattack on its computer systems. The University IT team noticed certain files had become encrypted and managed to quarantine other files and systems from the attack. However, certain valuable files containing research data had already been locked down and so the University opted to pay the ransom to recover the files.

Ransomware Figures
According to Symantec Corporation, Malaysia ranks as 47th globally, and 12th in the Asia Pacific, for Ransomware attacks. In 2015, Malaysians experienced around 5,000 ransomware attacks – or 14 attacks per day.

Recent research conducted by a Cyber Security Research Centre indicated that around half of the victims infected with Cyptolocker agreed to pay the ransom demanded. Though it is understandable that they wanted to retrieve their locked down data files, the payment of such ransoms spurs other hackers to jump in to the activity and create new forms of Ransomware.

Once considered a consumer problem, Ransomware has morphed to target entire networks of computers at hospitals, universities and businesses. That has made it a far more serious and costly threat.

Different Types of Ransomware
Cyptolocker was the first successful Ransomware – able to be used by hackers with medium capability but managed to fleece victims of millions of dollars in 2013 and 2014.

Newer versions of Ransomware include CryZip, Locky, Zepto, Cerber and CryptXXX and UltraCrypter

Many Ransomware attacks exploit known `zero day’ errors in software on computer systems. These holes and vulnerabilities can be found in operating systems or else individual programs, such as web browsers.

The software companies often release updates and patches to close these holes but the hackers depend on owners not installing updates – so the Ransomware can squeeze through and infect the system

Common ways of Ransomware Infection
The traditional and most effective way for a hacker to infect a computer system is by way of email attachments with malware contained inside. Often these attachments are apparently benign Microsoft Office files such as Word or Excel but can include photos or PDFs.

Effective hackers spend some time researching their victim to create emails from spoofed addresses they may trust or else name documents which use a project name or location the victim is familiar with. The victim is then tricked in to opening the document as the name of the document appears real or else they trust the sender, not knowing the sending email address has been faked.

Other hackers may try to infect a computer system by way exploit kits on infected webpages which the victim may use – often on pornographic sites or other sites which pop up and attract visitors.

Once the attachment is unzipped and run or the exploit kit runs, the infection process follows these steps:

1. During the encryption process, the malware generates the public key based on the encrypted private key
2. The malicious software begins encrypting accessible files [often the targeted extensions such as .docx or .xls
3. Once enough files have been processed, the malicious software locks all encrypted files with a private key
4. The computer system still works but cannot access these locked files
5. A ransom note is presented in three formats: text, image, and web page informing the victim of the attack and the need to make a Bitcoin transfer to obtain the encryption key to unlick the targeted files

Use of Bitcoin
The utilisation of Bitcoin has also fuelled the spread of Ransomware. Bitcoin is now the preferred payment method of most Ransomware infections because it allows users to send and receive money from anywhere in the world, often anonymously.

What Can You Do If You’re Infected by Ransomware?
Unfortunately, there is little you can do to recover your files once your system is infected with a Ransomware attack and the files are encrypted. The best defence is to have a full back up stored on a separate drive so that you can reinstall the data. However, make sure to isolate your backup to prevent these files also being encrypted and locked down.
1. Isolate the infected machine
It’s important that the system is taken offline, as the hackers essentially control your computer and could use it to gain access to other systems on the network.

2. Weigh up the pros and cons of paying a ransom
As with any form of ransom, you are not guaranteed to obtain cooperation from the hackers – they may demand further payment or else you may be the target of a repeat (and potentially more costly) ransom attack in the future.

Can you be sure that the Ransomware will indeed be unlocked? If it is unlocked, can you be sure that it hasn’t been pre-programmed to repeat its encryption and demand a higher ransom?

[However, anecdotal information indicates that the hackers want their business model to work and thus do release the data upon payment].

3. Recovery
Run endpoint security software to discover and remove the Ransomware software. If it cannot detect the threat, wipe the machine and remove the operating system.

4. Restore
Review your recent data backups and restore files and operating systems with the most recent back-up.

5. Alert Law Enforcement
In Malaysia the agency is CyberSecurity Malaysia and can be contacted via website

In Singapore the agency is the Cyber Security Agency of Singapore – see for details

Though they probably won’t be able to provide immediate assistance, such attacks need to be reported in an effort to track the hackers.

Do you need to know more about our services and how Regents can assist you with preventing information loss? Simply go to our Cyber Threats page for our phone numbers or else send an email to with your contact details and we will respond at once.

US Navy officials charged in ‘Fat Leonard’ fraud

A Malaysian national operating from naval bases in Singapore and across Asia has managed to cause one of the biggest criminal fraud cases in US Navy history. US government investigators have detained and charged multiple US Navy officials for offences relating to bribery and corruption.

The Malaysian national is named Leonard Glenn Francis – widely known as “Fat Leonard” – who operated Glenn Defense, a maritime service company which held more than $200 million worth of contracts to resupply and refuel US Navy vessels across Asia.

The scandal became public in September 2013 when federal investigation agents Leonard Glenn Francis, from his base in Asia to San Diego in a sting operation. Leonard Glenn Francis believed that Glenn Defense was on the cusp of being awarded further US Navy contracts; instead he was arrested and charged with bribery and corruption offences. Leonard Glenn Francis has since pleaded guilty to bribing “scores” of US Navy officials with prostitutes, cash, gifts, expensive meals and other indulgences over a decade.

Leonard Glenn Francis has allegedly now admitted to cheating the US Navy out of at least US$35 million by ways of forging invoices, overbilling, running kickback schemes and gouging for standard maritime services. Essentially, Leonard Glenn Francis bribed senior officers within the US Navy so that they would turn a blind eye to the increased charges.

Leonard Glenn Francis operated a sophisticated machine to penetrate various levels of the US Navy establishment to ensure he obtained the information he needed and covered his tracks where necessary. Leonard Glenn Francis allegedly recruited three officers within the US Navy to act as paid moles for the contractor, Glenn Defense Marine Asia, by leaking intelligence about criminal investigations into the company or other information to give the firm an unfair advantage over competitors.

It is alleged that Leonard Glenn Francis and Glenn Defense had:

  • Bribed US Navy officers with access to prostitutes and gifts of cash or electronic items
  • Corruptly arranged the US Navy to grant diplomatic clearance to Glenn Defense so that it could avoid inspections and dodge customs duties into the Philippines
  • Bribed a retired commander to leak Naval Criminal Investigative Service (NCIS) files to Glenn Defense to help the firm thwart fraud inquiries.

Leonard Glenn Francis adeptly identified personnel on ship and shore, civilian and uniform, who were willing to work with him to defraud the US Navy. Leonard Glenn Francis even hired retired IS Navy officers who then helped recruit active-duty officers to assist with supplying information.

With the high level contacts with US Navy decision makers, Leonard Glenn Francis was able to have ships steered to certain ports where Glenn Defense could easily overcharge the Navy for services.

Leonard Glenn Francis benefited from the US Navy ignoring warnings over the years from honest US Navy personnel, some who requested reviews and cancellations of contracts due to the huge charges for services that Leonard’s company billed. When he fell under suspicion, Leonard Glenn Francis had a Navy criminal investigator pass him internal documents about investigations into Glenn Defense.

Leonard Glenn Francis was an adept networker and worked hard to cultivate relationships in the Navy. He chose to host lavish parties for US Navy officers at select restaurants and bars, spending freely to entertain. Leonard Glenn Francis would then start the bribery process by giving small gifts to individual officers such as whisky or the services of a prostitute – those that accepted the gifts were then targeted to obtain information whilst the gifts were increased in frequency and value.

In 2008, Leonard Glenn Francis targeted one US Navy officer based at the Fleet Logistics Centre in Yokosuka, Japan. The officer was involved in the naval supply system, responsible with providing logistics support for ships, awarding and overseeing contracts.

This officer provided internal US Navy information on ship schedules, port visits, and how the service would handle ship servicing contracts and controlling costs. Leonard Glenn Francis exploited this information so that he could charge excessive costs. In exchange, the officer received more than US$100,000 in cash, stays at luxury hotels and the services of prostitutes.

Leonard Glenn Francis built up a web of contacts throughout the US Navy – including those on contract review boards, which could recommend and approve bidders for Navy contracts. Leonard Glenn Francis would then have his contacts steer contracts for servicing ships to Glenn Defense in Thailand and the Philippines.

The federal investigation has established that Leonard Glenn Francis ran a decade-long scheme by which he defrauded the US Navy out of tens of millions of dollars by targeting a handful of key points in Asian operations of the fleet.

So far, federal investigators have charged 14 individuals and prosecutors have said that as many as 200 others are under investigation. According to US Navy officials, nearly 30 admirals are under scrutiny for possible criminal or ethical violations.


Questionable hiring practices in Asia causes Conflict of Interest for banks

The UK based Barclays Bank PLC has become the latest international bank to reveal that U.S. authorities are investigating some of their hiring practices in Asia – suggesting a conflict of interest. Sources indicate that Barclays Bank is alleged to have improperly recruited friends and family members of Asian government officials as well as top executives in the region with which the bank had previous dealings.

The Securities and Exchange Commission [SEC] is known to be already making inquiries into around a dozen banks in the U.S. and Europe regarding similar aspects of their foreign personnel recruiting. HSBC Holdings PLC has also recently disclosed that it had received information requests from the SEC as to their hiring practices around potential hires with ties to Asian government officials. Such inquiries by the SEC have been active since August 2013, when J.P. Morgan Chase & Co. disclosed that the SEC was likewise reviewing its hiring processes in Asia.

One recent report in the WSJ stated that J.P. Morgan Chase & Co. had hired friends and family members of executives at seventy-five percent of the major Chinese companies it helped take public in Hong Kong during the decade long boom in Chinese IPOs of major firms. The numbers reportedly came from a document compiled by the bank as part of a federal bribery investigation into the behaviour.

Other US Banks with operations in Hong Kong are rumoured to have hired friends and family members of senior executives at major Chinese companies, which were taken public in Hong Kong between 2005 and 2013. There are questions as to whether such hiring activity would breach current U.S. foreign-bribery laws.

“Sons and Daughters” China personnel hiring program

A 2015 inquiry by US Authorities further revealed the leading US bank J.P. Morgan had hired over 200 candidates said to be part of China’s business and political elite under a system supposedly known internally as “Sons and Daughters”. U.S. authorities are still investigating the program to determine whether this activity may have constituted bribery under the U.S. Foreign Corrupt Practices Act. The FCPA makes it illegal for US companies to give anything of value to a foreign official with the intention of improperly influencing their decisions.

Such conflict of interests can occur when departments within an organisation take actions with disclosing sensitive issues to legal or compliance officers. Some of the Banks currently under investigation by the US Authorities may have pursued an advantage by recruiting personnel with insight to possible deals, without fully disclosing these personal connections to legal counsel within the banks. Failure to develop, or enforce, suitable Standard Operations Procedures [SOPs] regarding the method for hiring personnel, coupled with poor oversight by senior management and reporting structures probably contributed to this situation.

Tips for Avoiding a Conflict of Interest

  1. Have a system to check for conflicts of interest – make sure such checks are documented and all levels of managements are aware of the requirement for such checks
  2.  Even if there is no conflict at the start of a relationship, keep your radar on as the matter proceeds – and even after it ends. Some conflicts appear over time. Others may arise after the matter is concluded.
  3. Take action at the slightest hint of a conflict arising – Talk to any clients and management overseeing the matter at the first instance
  4. Don’t just keep silent and look the other way – encourage all levels of management to speak up once a problem arises
  5. Full disclosure and client briefings can often defuse a sticky situation and prevent a bad situation getting far worse

Do you need to know more about our services and how Regents can assist you with investigations? Simply go to our Contact Us page for our phone numbers or else send an email to with your contact details and we will respond at once.



Mobile Phone Thefts

Ever since mobile phones became an essential tool for businesspeople, their theft and resale has posed a security problem for companies. The latest smart phones are not only costly, they can also contain crucial data relating to the company and the personnel working there.

Other than taking the obvious security steps such as not leaving a phone on the table or checking pockets for the mobile phone on exiting taxi [a common way to lose a phone], there a number of technical actions that can be taken:

1.    Ensure that the phone has a security PIN plus a locked SIM
2.    Install tracking software that can be activated remotely should the phone go missing
3.    Have all data backed up to the cloud
4.    Where possible, have critical data encrypted

Once one of your personnel discovers that a mobile phone has been stolen or gone missing, have your IT people start to track the phone using the installed software. Alert the telecom provider so that the phone can be deactivated and prevented from making costly calls or downloads – often the telecom provider can locate the phone quicker. If you suspect that the phone has been stolen, make a Police report so that they can identify the thief with the help of the tracking process.

It should be noted that to counter thefts of mobile phones and their reuse / sale, some telecom providers have now created a registry of reported missing or stolen phones via the serial number or IMEI embedded in the phone. Therefore, should a missing or stolen mobile phone be placed on such a register, a telecom provider checking this phone before signing up a new client would flag this problem.

This cooperation between telecom providers in the USA has made it much harder, if not impossible, to reactivate a flagged phone. That’s the good news. Here’s the bad: the database only applies to the USA and other countries are slow on implementing a similar program.

This means that for those phone owners living outside the USA, there is little protection with recovering or cancelling their missing phones. And savvy iPhone thieves have realized that the way to get around these restrictions is by selling phones overseas.

There is already a steady trade of second hand mobile phones being traded in when users want a new phone. These old phones may then be reconditioned and shipped overseas where customers will buy them at a discounted price. Some dishonest players use these channels to sell found or stolen phones for instant cash.

Whether the phone was lost by accident or stolen by a thief, the process of re-sale and use by a third party exposes the data on your missing or stolen mobile phone to being downloaded and used as part of an identity theft attack. A locked and secure mobile phone is essential – make sure you have a six figure PIN installed.

This is a threat that will only increase as we store more and more data on our mobile phones. To give some idea on the scale of the problem today; take note that in the USA it is estimated that the loss and theft of mobile phones cost consumers over $30 billion in 2012, while around 110 smartphones are said to be lost or stolen each minute in the USA.

Now, where did I put my phone……..

Do you need to know more about our services and how Regents can assist you with theft or IT security issues? Simply go to our Contact Us page for our phone numbers or else send an email to with your contact details and we will respond at once. Visit our Fraud Investigations webpage for more information.

Fraud audits for companies and organisations

Fraud is an ever increasing problem for companies and organisations of all sizes. According to the Certified Fraud Examiners recent survey in 2008 in the USA alone, around US$994 Billion was lost to fraudulent activity. Fraud is a different form of commercial crime, the very nature of how it is carried out means that the victims are unaware of the fraud unless it is uncovered during an audit, an investigation, a whistleblower or else it becomes so substantial that it begins to serious damage the very wellbeing of the business. As business continues to move faster and payments and transactions move ever more onto computers and the internet, the scope for fraud grows ever larger.

Based upon this, how can you be sure that you and your company are not unwitting victims of fraud right now?  One method to answer these questions and take steps to prevent fraud is to have an external expert conduct a forensic anti-fraud audit on your business or organisation.

Broadly speaking a forensic anti-fraud audit seeks to:

1.    Identify the opportunities for fraud within your business;
2.    Identify the controls and procedures which protect your business from fraud [and those that don’t];
3.    Verify financial transactions that are not adequately protected from fraud as being valid or suspect; and
4.    Fix, introduce and monitor controls to protect your business from ongoing

Transactional fraud

  • Transactional fraud occurs whereby employees or managers responsible for making payments to employees [pay roll], suppliers, creditors or financial organisations make false or erroneous payments to themselves or entities they control. Transactional fraud provides the widest scope for dishonest employees to defraud the company or organisation.

A simple example is the use of double payments. The employee pays a legitimate supplier normally via EFT then makes another payment via cheque for the same amount to themselves or as `cash’. The employee then enters this additional transaction as a further payment to the supplier and keeps the money for themselves. This results in the business appearing to be less profitable unless the fraud can be identified and halted.

Other dishonest employees create false or `ghost’ suppliers while they create false invoices for goods never supplied or services never provided. The dishonest employee then creates and approves illicit transactions to supposedly pay for these fictitious goods or services.

Areas which a fraud audit can take action include:

  • Confirm whether a supplier is genuine, verify address and business records [are the contact details the same as an employee?]
  • Via data mining with company and bank data, match transaction to invoices to identify over payments or unjustified payments;
  • Look for double payments within a short time period;
  • Examine pay roll lists and verify against data mined transaction data to determine ghost employees or over time claimed but not worked

Fuel charge fraud
Employees are commonly given an expense account for fuel purchased in relation to travel to / from work plus travel on the behalf of the company meeting clients, attending meetings etc. Often such expenses are not closely monitored and unjustified or dishonest claims can quickly surface.

A fraud audit focusing on possible fuel charge would seek to review the available records and data in relation to fuel claims and:

  • Review details as to size of petrol tank for claimed car and mileage completed
  • Match quantities [in litres] of fuel purchased to size of fuel tank – does the receipt indicate that more fuel was purchased than could be fitted in the tank? Are they filling up their spouses’ vehicle at the same time?
  • Review the frequency of fuel purchases to claimed mileage – do the purchases fit the mileage and seem reasonable
  • Compare the address of the fuel station against the claimed travel route – if a trip was from KL to Melaka, why does the receipt show an address in Ipoh? Do the dates match for the claimed travel

Fraud audit purposes
A fraud audit review seeks to provide the comfort that fraudulent activity had not occurred whilst identifying improvements and efficiencies for internal controls with an implementation plan and ongoing monitoring.

A fraud audit seeks to supply enable a company with a better understanding within the business of the need for improved fraud risk management processes and effective management of a
potentially damaging incident in terms of reputation.

However fast your business is growing or how large the company has become, remember that “Fraud can happen to anyone, including well run and respected businesses” and may be happening right now eating away at your profits and will only get worse until it is addressed.

Do you need to know more about our services and how Regents can assist you with preventing fraud and money laundering? Simply go to our Fraud Investigation page for further details and us send an email to with your contact details and we will respond at once.