South East Asia has had its fair share of Anonymous excitement lately.
An anonymous hacker calling himself “The Messiah” made hacking threats against Singapore.
Anonymous Indonesia hacked an Australian dry cleaning company, amongst others, in protest against alleged espionage by Canberra.
Anonymous Australia threatened to hack Anonymous Indonesia back.
And “The Messiah” turned his words into actions by hacking a Singaporean journalist’s blog, offended that she had committed synecdoche.
→ Synecdoche is where you use generic words to mean something more specific, like saying “England beat Australia,” when all you really mean is that England’s rugby union players collectively scored more points that their Aussie counterparts during an official match.
Irene Tham of the Straits Times, who had used the word “Singapore” metaphorically, was on the receiving end of The Messiah’s hacking wrath.
It seems she failed to explain explicitly that the threatened hacks were against “the executive arm of the government of the Republic of Singapore,” or words to that more precise, if orotund, effect.
The hacker apparently included what looks like a SHA-256 hash as part of his hack.
As you probably know, hashes like this are often used to validate that you know a secret such as a password, without needing to store the secret itself.
22 66 5e 7b a8 68 c9 0d f3 f0 47 c9 d2 e5 4a 33 02 be 20 f4 15 29 5e 7b 76 12 8d 5f 1f dd 59 44
So, if The Messiah ever wanted or needed to assert his hacking credibility to his Anonymous buddies, he could just produce a message with the hash shown above. (You can’t go backwards from the hash to the message, so owning the message that delivers the hash is a weak form of digital identity.)
He may be regretting leaving a calling card now, assuming he still has the original message somewhere on his computer.
That’s because a 35-year-old man called James Raj is alleged by the Singaporean police to be the hacker in the Straits Times incident, as well as to have hacked other local organisations.
Worse luck for Raj is that he is currently in custody in the city state on hacking charges.
So, if the cops have indeed got the right guy, and a message with the above hash is found somewhere among his digital possessions, it won’t look too good.
Raj was traced to Kuala Lumpur in neighbouring Malaysia – just 45 minutes by air or four hours of determined driving to the north of Singapore across the Straits of Johor.
According to the offical police report, Raj was arrested on 04 November 2013 and brought home – he’s a Singapore national – to face court the next day.
Mind you, things don’t look that good for Raj, with or without the incriminating hash, as he was also apparently wanted for drug-related offences.
As a reuslt, he now also faces three drugs charges in a country that is notoriously intolerant of so-called recreational drug use.
If Raj is convicted – and Singaporean conviction rates are reportedly very high – then he’ll be yet another unanonymous Anon.