Fake Indigenous Australian artworks openly for sale

Indigenous Australians [also known as `Aboriginals’] settled in Australia over 50,000 years ago [some estimates say possibly 100,000 years ago] and created their own cultures that have unique aspects not found elsewhere on earth, such as the boomerang and `dingo’ dogs.

Indigenous Australians across Australia have different languages and varied languages and customs –they also have unique artworks which reflect the different landscapes and topography of the country. Indigenous Australians art is highly distinctive and creative and once you see the styles you quickly identify with them; the exceptional wildlife of Australia – from wombats to echidnas – often feature in the art works.

Australian Traditional Indigenous art includes Rock painting, Wood carvings (Punu), weaving and paintings featuring symbols, cultural aspects and religious influences. Indigenous Australian artists such as Clifford Possum Tjapaltjarri, Emily Kame Kngwarreye and Gloria Tamerre Petyarre have achieved worldwide fame for their artworks and collectors will pay millions of dollars to have an original work by these top artists.

However, recent surveys have found that around 80 per cent of these ‘Aboriginal art’ products marketed to tourists are thought to be fakes, made by either non-Indigenous Australians or else imported from overseas.

Sadly, it appears that many tourists are not overly bothered with the idea of non-Indigenous people creating Indigenous styled art to pass off as legitimate – fakes that compromise Intellectual Property.

As some tourist markets attract international tourists, it’s easy for some people to sell fakes to people that don’t know much about Aboriginal art.

What is the current situation?
According to the Arts Law Centre of Australia, it is estimated that around 80 per cent of the pieces marketed to tourists in shops are inauthentic. The Association of Northern, Kimberley and Arnhem Aboriginal Artists (ANKAAA) states that fake art is now affecting the legitimate Aboriginal art market.

The problem has become so large that the Australian Competition and Consumer Commission (ACCC) is taking legal action against a company it claims made misleading representations about Aboriginal people making its’ products; when the products were made and imported from Indonesia.

Spotting suspect fake artworks
Advice from the Association of Northern, Kimberley and Arnhem Aboriginal Artists suggest the following methods to spot a fake:

• Look out for conflicting styles on the same piece
• For example, the x-ray styles of Arnhem Land with the heavy line work of the Kimberley included on the same item
• Varnish on wooden pieces indicates that they are not authentic art works
• Use of glossy paints with very bright contrasting colours

How to fix this Intellectual Property problem?

• Introducing a certification scheme by the commonwealth government so people know they’re buying legitimate works
• Enhanced protection for Indigenous intellectual property
• More legal help for artists who are worried their work has been copied without consent
• Proper labelling requirements for souvenirs sold in Australia

see http://ankaaa.org.au/publication/purchasing-aboriginal-art-ethical-buying-guide/ for further information.


Issues with Listening Devices – aka `bugs’

Technical Surveillance is the security industry term for that laypeople would normally call a `bug’ – essentially a listening device that can be placed inside an office, vehicle, room etc. The Technical Surveillance device can then record conversations or else capture images of the people inside the office or room. Technical Surveillance device can have the ability to record the sound or vision in situ, whilst others can broadcast the data via cable or wireless to a separate recording device.

Though so much personal and corporate data is now stored digitally on computers and mobile phones [which may fall prey to cyber hackers], conversations between executives or activity which is sensitive are still vulnerable to be compromised by an outside party and utilised for corporate espionage, fraud / theft, extortion or even public humiliation of an individual.

With the internet offering a free and nearly anonymous broadcast system; sensitive conversations or images belonging to an organisation can be disseminated across the globe and be impossible to remove or take down. An example would be images of a female changing room at a store or business – outraging the modesty of the victim and tarnishing the reputation of the company.

Most people generally view Technical Surveillance as the stuff of spy movies or a John Grisham book, where the agent is dressed in black and installs a listening device under the desk or a video camera in a picture frame. Not only does this make the movie more exciting, it does demonstrate that placing a Technical Surveillance can be fairly easy.

Another misapprehension is that Technical Surveillance is too expensive or complex to be considered by a competitor to make the threat real. Obtaining covert listening devices has never been easier – a simple search on Google or eBay will display devices that are under $100 and which can be deployed by an amateur. With the advent of legitimate electronic devices such as phone chargers, power packs etc being placed in office locations by employees, it is easy to overlook that an outsider has placed a voice-activated listening device inside the room.

There are many reasons why a Technical Surveillance listening device might be used against a company or other entity. The most common objective is with obtaining confidential, proprietary and dynamic information for competitive advantage. Such information provides insights into likely company performance, new products or services and marketing strategies – all hugely useful to a competitor.

Mergers and acquisition information, financial details and market expansion plans are also strongly desired by outsiders. Board meetings, discussions in executive offices and finance department information are often targeted using Technical Surveillance devices.

An unsavoury development of the use of these devices is that covert video cameras have been placed by perverts in common areas such as washrooms, showers or changing rooms to video people in a state of undress. Though the intent is not espionage, the effects on the victim and organisation are devastating. Some shopping malls and major retailers have taken steps to make regular checks for any covert video cameras and report to Police any suspect devices.

South Korea has experienced a serious issue whereby hidden cameras have been secreted in locations including public bathrooms, swimming pools, changing rooms etc to record offensive images of women. These images are later uploaded to internet websites for voyeurs to watch. The problem has gotten so bad that Seoul city government has created a team of fifty marshals to inspect bathrooms, changing rooms etc around the city with equipment to spot any concealed cameras.

Recent developments in the availability of cheap, small, & disposable listening devices has created another opportunity for a hostile party to covertly monitor your business environment. These disposable listening devices run on low power and have plug-in peripherals such as cameras & microphones with large SD card storage – so they can save data on the SD cards for physical collection later, they possess the best traits of a non-radio frequency emitting device to make detection even harder.

Just as cyber criminals pose a threat to a company by probing for holes in computer security systems, companies need to be aware that Technical Surveillance listening devices can pose an immediate threat – from the eavesdropping of executive meetings through to voyeur images of a changing or bathroom in a store, hotel, office or club. Prevention is better than cure and every company should be assessing such a threat and the harm they can cause.

Spear Phishing Attacks in Malaysia

The integrity of Malaysian commercial and government computer systems continues to be threatened by the increase of spear phishing attacks by groups based overseas.

Phishing attacks occur where mass emails are sent out to multiple users enticing them to click on a link or open an attachment – which releases a malware payload to infect the smart phone, computer or IT system. Phishing messages often appear to come from a large and well-known company or website with a broad membership base, such as Google or PayPal; seeking to play on numbers with the larger the audience, the higher the chances of victims being successfully duped.

Spear Phishing Attacks
In the case of spear phishing attacks, the apparent source of the email is likely to be an individual within the recipient’s own professional or social group – generally someone in a position of authority or else from someone the target knows personally. The term `spear’ indicates that the target has been selected and their background researched, to increase the chances of success or else because the target is significant.

The main delivery vector for spear phishing attacks over the past few years has been via email. In Malaysia, email attacks were the most favoured weapon for a wide range of cyber-attacks in the country. During 2016, authorities discovered that one out of every 130 emails sent to users in Malaysia contained a malicious link or attachment. This has been an increase of four times in one year, indicating the growing problem for companies to protect their systems.

Spear Phishing Attack in Malaysia
An example of a successful spear phishing attack occurred in 2014 when around 30 computers at Malaysian law enforcement agencies covering the disappearance of Malaysian Airlines MH370 airplane were reportedly hacked, with perpetrators making off with confidential data on the missing aircraft.

Asia News Network reported in 2014 that the computers of ‘high-ranking officials’ in several Malaysian aviation and security agencies were hacked with classified information removed. The point-of-entry for the compromise was said to be a spear phishing attack, with a malicious executable file in the format of a PDF file. When the attachment was opened, the user’s machine would be infected with malware, allowing the hacker to gain access to their PC from outside and send stolen information back to an IP address in China.

The spear phishing email, with the subject line ‘Over the South China Sea’ and dated on 09 March 2014 – just one day after the Malaysian Airlines MH370 aircraft went missing – contained ‘sophisticated’ malware that was disguised as a news article reporting on the missing Boeing 777.

The timing of the email indicates that the malware was prepared prior to MH370 disappearing and launched by persons unknown to break into Malaysian government systems to extract information. Some Malaysian government agencies reported that their network was congested with email transmitting out of their servers – The emails contained confidential data from the officials’ computers including the minutes of meetings and classified documents. Due to the nature of cyberattacks, it is difficult to be certain who exactly was behind the attack and though the exfiltration IP address was in China, the attackers could be located anywhere around the globe.

Spoofed Email Addresses
Another phase of spear phishing attacks has been users receiving spoofed emails instructing targets to reset their Gmail or other online email password – diverting the target to a spoofed site where they enter their username and password. This information is captured by the attackers, allowing them access to the online email account. This method was used by attackers to access the Gmail account of John Podesta, former chairman of the 2016 Hillary Clinton presidential campaign. The hackers then downloaded emails, attachments, reports etc – details from Podesta’s emails were later leaked online to upset the Clinton campaign.

As the email attack vector is expected to continue to expand, employees and systems administrators should be aware that caution needs to be used before opening attachments or clicking on spurious web links. Effective filters and email security programs for effective Secure Email Gateway such as MailMarshal should be implemented as a first step to prevent users receiving infected emails.

Recent industry surveys in Malaysia have indicated that five out of every six large companies have been targeted with spear-phishing attacks. Small scale businesses also saw an increase with spear phishing attacks – often with attacks seeking access to online bank account details.

Current studies in Malaysia and the USA have noted that attackers were using stolen email account details from one corporate victim to spear-phish other victims within the company – often moving on to access those with higher administration permissions and so access more of the network and databases.

Ongoing Threat
Spear phishing attacks present a real and current danger to company, organisation and government computer systems – only effective filtering tools, education of users to the threats and continued vigilance can prevent these attacks.

Bribery and corruption behind Football match fixing in Malaysia

Online gambling on football matches in Asia has reached hundreds of millions of dollars each season – with the risk that those involved in making or receiving large scale bets would seek to manipulate the results by threats or bribes of the players, managers or officials.

Malaysia and the Malaysia Super League (Liga Super Malaysia) is a keen target for such match fixers seeking to cream off winnings from the illegal bookmakers.

To combat this threat, the Football Association of Malaysia (FAM) has engaged FIFA’s Early Warning System (EWS) in an effort to combat the issue of match fixing in the country. The FIFA Early Warning System was implemented in August 2016 by the Malaysia Super League (MSL) and will also be extended to international matches hosted in Malaysia. The Football Association of Malaysia have been given a good deal as they won’t have to spend any money on the system, which normally sells for RM100,000 per football season.

The Early Warning System, which was started operations in 2007, is a fraud detection system that monitors betting trends to spot rapid changes in odds being offered and also provides match result analysis. The Early Warning System monitors FIFA competitions, including the World Cup and all qualifying matches, and also works closely with the Asian Football Associations.

Rumours of match-fixing in the Malaysia Super League are nothing new as a number of corruption scandals have surfaced in the past.

The low point for Malaysian football came in 1994-95, when more than one hundred footballers were disciplined with punishment ranging from life bans to suspensions from playing for up to four years. Investigations by Royal Malaysian Police found that there had been gross interference by gambling syndicates to fix the results of games – allegedly physically threatening players who refused to assist. Among those involved included Malek Rahman, Matlan Marjan and Azizol Abu Hanafiah. The arrests and punishments came under a law then known as ‘Emergency Ordinance’, where players could be detained and banished from the game if suspected of fixing matches [the law has since been repealed].

Malaysia came under the football match fixing spotlight again in 2009, when the Malaysian national team played friendly matches against Zimbabwe in Kuala Lumpur – but the games were arranged by notorious convicted match-fixer Wilson Raj Perumal, a Singapore national.

Malaysia managed to beat a higher-ranked Zimbabwe side 4-0 and 1-0 – raising suspicion with the Early Warning System and so the games were investigated by FIFA.

Following an investigation, FIFA revoked the ‘A’ international classification for both matches once it was discovered that a Zimbabwean club team, Monomotapa United, was masquerading as the Zimbabwean national team and were not approved by the Zimbabwean Football Association.

Also in 2009, Lesotho were beaten 5 to nil by Malaysia in a friendly game – with many Lesotho players witnessed going on a shopping spree after the game; generating suspicion as to whether the match result had been interfered with by outsiders.
Since this debacle in 2009, the Football Association of Malaysia has been working with the Malaysian Anti-Corruption Commission (MACC) to investigate suspect results and monitoring players, support staff and identified match fixers. In addition to providing data of betting trends, the Early Warning System will also provide

  • a confidential whistle-blower system
  • a dedicated integrity phone number and email address for anonymous tips to be submitted
  • a monitoring process for all matches in the Malaysian Super League to identify results which may suggest match fixing has been involved
  • an investigation unit to follow up on leads

The Football Malaysia Limited Liability Partnership (FMLLP) Chief Executive Kevin Ramalingam said the implementation of a fraud detection system would uphold the league’s integrity. Kevin Ramalingam added the system will be able to pinpoint players who are likely involved in fixing matches.

Pen drive `of allegations’
Corruption and dishonesty within Malaysian football became a hot topic in September 2016 after
Youth and Sports Minister Khairy Jamaluddin submitted a pen drive, supposedly containing documentary evidence of misconduct, to the Malaysian Anti-Corruption Commission.

Khairy Jamaluddin stated that he had received the pen drive from the Tengku Mahkota of Johor, Tunku Ismail Sultan Ibrahim, in August 2016. The pen drive purportedly contained a 280-page report detailing misconduct and corruption within the Football Association of Malaysia.

However, the Malaysian Anti-Corruption Commission investigation director Azam Baki later reported the commission had examined the contents of the pen drive, but found no evidence under the MACC Act 2009.


Ransomware attacks surge in Malaysia

Ransomware has become a critical threat for small and medium sized businesses in Malaysia and across South East Asia due to the ease with which Bitcoin makes extracting ransoms from their victims.

Ransomware is simple but toxic. Malicious software is inadvertently installed on the victim’s computer by way of hoodwinking the victim into clicking on an unsafe link or attachment to an email. Once downloaded, the software then starts to encrypt files on the computer system – ranging from documents through to data sets. Once the software has encrypted enough files, these files are locked to the user and a message is displayed with instructions demanding a ransom be paid to unlock the files. A failure to pay the ransom means the files remain locked and essentially are useless.

Over the past year, Ransomware has emerged as one of the most significant attacks in the hacker arsenal to small and medium sized businesses. Unlike other forms of cyber theft, which often involve stolen credit card numbers or healthcare information, Ransomware acts directly on the victim, locking down their system or data hostage until a ransom payment is made.

Recent Ransomware Attacks
The Hollywood Presbyterian Medical Centre in Los Angeles paid around $17,000 to unlock files in February 2016, following an attack that paralysed a large amount of the hospital’s computer systems. This attack was sophisticated; cybercriminals broke into a hospital server the month before. After two weeks of reconnaissance of the system, the hackers struck on a Friday night, when the hospital’s IT staff was off for the weekend, encrypting data on 800 computers and 130 servers; rendering documents and data unreadable, ranging from patient records through to prescriptions.

In Canada, the University of Calgary paid a demanded $20,000 after a Ransomware cyberattack on its computer systems. The University IT team noticed certain files had become encrypted and managed to quarantine other files and systems from the attack. However, certain valuable files containing research data had already been locked down and so the University opted to pay the ransom to recover the files.

Ransomware Figures
According to Symantec Corporation, Malaysia ranks as 47th globally, and 12th in the Asia Pacific, for Ransomware attacks. In 2015, Malaysians experienced around 5,000 ransomware attacks – or 14 attacks per day.

Recent research conducted by a Cyber Security Research Centre indicated that around half of the victims infected with Cyptolocker agreed to pay the ransom demanded. Though it is understandable that they wanted to retrieve their locked down data files, the payment of such ransoms spurs other hackers to jump in to the activity and create new forms of Ransomware.

Once considered a consumer problem, Ransomware has morphed to target entire networks of computers at hospitals, universities and businesses. That has made it a far more serious and costly threat.

Different Types of Ransomware
Cyptolocker was the first successful Ransomware – able to be used by hackers with medium capability but managed to fleece victims of millions of dollars in 2013 and 2014.

Newer versions of Ransomware include CryZip, Locky, Zepto, Cerber and CryptXXX and UltraCrypter

Many Ransomware attacks exploit known `zero day’ errors in software on computer systems. These holes and vulnerabilities can be found in operating systems or else individual programs, such as web browsers.

The software companies often release updates and patches to close these holes but the hackers depend on owners not installing updates – so the Ransomware can squeeze through and infect the system

Common ways of Ransomware Infection
The traditional and most effective way for a hacker to infect a computer system is by way of email attachments with malware contained inside. Often these attachments are apparently benign Microsoft Office files such as Word or Excel but can include photos or PDFs.

Effective hackers spend some time researching their victim to create emails from spoofed addresses they may trust or else name documents which use a project name or location the victim is familiar with. The victim is then tricked in to opening the document as the name of the document appears real or else they trust the sender, not knowing the sending email address has been faked.

Other hackers may try to infect a computer system by way exploit kits on infected webpages which the victim may use – often on pornographic sites or other sites which pop up and attract visitors.

Once the attachment is unzipped and run or the exploit kit runs, the infection process follows these steps:

1. During the encryption process, the malware generates the public key based on the encrypted private key
2. The malicious software begins encrypting accessible files [often the targeted extensions such as .docx or .xls
3. Once enough files have been processed, the malicious software locks all encrypted files with a private key
4. The computer system still works but cannot access these locked files
5. A ransom note is presented in three formats: text, image, and web page informing the victim of the attack and the need to make a Bitcoin transfer to obtain the encryption key to unlick the targeted files

Use of Bitcoin
The utilisation of Bitcoin has also fuelled the spread of Ransomware. Bitcoin is now the preferred payment method of most Ransomware infections because it allows users to send and receive money from anywhere in the world, often anonymously.

What Can You Do If You’re Infected by Ransomware?
Unfortunately, there is little you can do to recover your files once your system is infected with a Ransomware attack and the files are encrypted. The best defence is to have a full back up stored on a separate drive so that you can reinstall the data. However, make sure to isolate your backup to prevent these files also being encrypted and locked down.
1. Isolate the infected machine
It’s important that the system is taken offline, as the hackers essentially control your computer and could use it to gain access to other systems on the network.

2. Weigh up the pros and cons of paying a ransom
As with any form of ransom, you are not guaranteed to obtain cooperation from the hackers – they may demand further payment or else you may be the target of a repeat (and potentially more costly) ransom attack in the future.

Can you be sure that the Ransomware will indeed be unlocked? If it is unlocked, can you be sure that it hasn’t been pre-programmed to repeat its encryption and demand a higher ransom?

[However, anecdotal information indicates that the hackers want their business model to work and thus do release the data upon payment].

3. Recovery
Run endpoint security software to discover and remove the Ransomware software. If it cannot detect the threat, wipe the machine and remove the operating system.

4. Restore
Review your recent data backups and restore files and operating systems with the most recent back-up.

5. Alert Law Enforcement
In Malaysia the agency is CyberSecurity Malaysia and can be contacted via website www.cybersecurity.my

In Singapore the agency is the Cyber Security Agency of Singapore – see
https://www.csa.gov.sg/singcert/about-us/faqs for details

Though they probably won’t be able to provide immediate assistance, such attacks need to be reported in an effort to track the hackers.

Do you need to know more about our services and how Regents can assist you with preventing information loss? Simply go to our Cyber Threats page for our phone numbers or else send an email to contactus@regentsriskadvisory.com with your contact details and we will respond at once.

US Navy officials charged in ‘Fat Leonard’ fraud

A Malaysian national operating from naval bases in Singapore and across Asia has managed to cause one of the biggest criminal fraud cases in US Navy history. US government investigators have detained and charged multiple US Navy officials for offences relating to bribery and corruption.

The Malaysian national is named Leonard Glenn Francis – widely known as “Fat Leonard” – who operated Glenn Defense, a maritime service company which held more than $200 million worth of contracts to resupply and refuel US Navy vessels across Asia.

The scandal became public in September 2013 when federal investigation agents Leonard Glenn Francis, from his base in Asia to San Diego in a sting operation. Leonard Glenn Francis believed that Glenn Defense was on the cusp of being awarded further US Navy contracts; instead he was arrested and charged with bribery and corruption offences. Leonard Glenn Francis has since pleaded guilty to bribing “scores” of US Navy officials with prostitutes, cash, gifts, expensive meals and other indulgences over a decade.

Leonard Glenn Francis has allegedly now admitted to cheating the US Navy out of at least US$35 million by ways of forging invoices, overbilling, running kickback schemes and gouging for standard maritime services. Essentially, Leonard Glenn Francis bribed senior officers within the US Navy so that they would turn a blind eye to the increased charges.

Leonard Glenn Francis operated a sophisticated machine to penetrate various levels of the US Navy establishment to ensure he obtained the information he needed and covered his tracks where necessary. Leonard Glenn Francis allegedly recruited three officers within the US Navy to act as paid moles for the contractor, Glenn Defense Marine Asia, by leaking intelligence about criminal investigations into the company or other information to give the firm an unfair advantage over competitors.

It is alleged that Leonard Glenn Francis and Glenn Defense had:

  • Bribed US Navy officers with access to prostitutes and gifts of cash or electronic items
  • Corruptly arranged the US Navy to grant diplomatic clearance to Glenn Defense so that it could avoid inspections and dodge customs duties into the Philippines
  • Bribed a retired commander to leak Naval Criminal Investigative Service (NCIS) files to Glenn Defense to help the firm thwart fraud inquiries.

Leonard Glenn Francis adeptly identified personnel on ship and shore, civilian and uniform, who were willing to work with him to defraud the US Navy. Leonard Glenn Francis even hired retired IS Navy officers who then helped recruit active-duty officers to assist with supplying information.

With the high level contacts with US Navy decision makers, Leonard Glenn Francis was able to have ships steered to certain ports where Glenn Defense could easily overcharge the Navy for services.

Leonard Glenn Francis benefited from the US Navy ignoring warnings over the years from honest US Navy personnel, some who requested reviews and cancellations of contracts due to the huge charges for services that Leonard’s company billed. When he fell under suspicion, Leonard Glenn Francis had a Navy criminal investigator pass him internal documents about investigations into Glenn Defense.

Leonard Glenn Francis was an adept networker and worked hard to cultivate relationships in the Navy. He chose to host lavish parties for US Navy officers at select restaurants and bars, spending freely to entertain. Leonard Glenn Francis would then start the bribery process by giving small gifts to individual officers such as whisky or the services of a prostitute – those that accepted the gifts were then targeted to obtain information whilst the gifts were increased in frequency and value.

In 2008, Leonard Glenn Francis targeted one US Navy officer based at the Fleet Logistics Centre in Yokosuka, Japan. The officer was involved in the naval supply system, responsible with providing logistics support for ships, awarding and overseeing contracts.

This officer provided internal US Navy information on ship schedules, port visits, and how the service would handle ship servicing contracts and controlling costs. Leonard Glenn Francis exploited this information so that he could charge excessive costs. In exchange, the officer received more than US$100,000 in cash, stays at luxury hotels and the services of prostitutes.

Leonard Glenn Francis built up a web of contacts throughout the US Navy – including those on contract review boards, which could recommend and approve bidders for Navy contracts. Leonard Glenn Francis would then have his contacts steer contracts for servicing ships to Glenn Defense in Thailand and the Philippines.

The federal investigation has established that Leonard Glenn Francis ran a decade-long scheme by which he defrauded the US Navy out of tens of millions of dollars by targeting a handful of key points in Asian operations of the fleet.

So far, federal investigators have charged 14 individuals and prosecutors have said that as many as 200 others are under investigation. According to US Navy officials, nearly 30 admirals are under scrutiny for possible criminal or ethical violations.