The hacker who caused sleepless nights for government IT security experts and forced affected websites to undergo “unscheduled maintenance” in October 2013 has been sentenced to 4 years and 8 months in prison, after he pleaded guilty to 39 counts of misusing a computer and 1 count of drug consumption.
James Raj Arokiasamy aka “The Messiah” was arrested with the assistance of the Malaysian police in his apartment in Kuala Lumpur, Malaysia in November 2013. The Singapore police reportedly expended 2,465 man hours to track him.
The 36-year-old was wanted by the Singapore police for jumping bail in 2011 and had fled to Malaysia, where he committed a series of hackings.
According to court records, James had hacked into at least 7 servers, including but not limited to the PAP Community Foundation website, Ang Mo Kio Town Council website (AMKTC), 3 websites linked to City Harvest Church and pop singer Sun Ho’s website. The hacked websites were defaced and had taunts or threats written on them.
In one of his hacks, James posted the following message on AMKTC’s website:
“I have been to various sites and seen how they take the initiative to secure their systems. You have a brain & you have money. You had a choice. Don’t blame external factors (Anonymous) for this hack. The Messiah.”
He also posted a message apparently mocking MP Ang Hin Kee for his comments on a recent incident:
“MP Ang Hin Kee: I would like to tender my resignation as your minister of parliament. I am incapable and have failed all of you.”
Mr Ang Hin Kee is an MP of Ang Mo Kio GRC. A heated argument had broken out among commuters at Woodlands Bus Interchange and a video which showed a man spitting at 2 female commuters had gone viral. As a result, some netizens commented that Singapore was getting too crowded.
MP Ang then made a public comment asking people not to blame external factors. He said (‘MP Ang Hin Kee: Don’t blame external factors‘), “I have been to crowded places and seen how people accommodate one another. You have a choice. Don’t blame external factors for our behavior.”
Besides hacking, James admitted to using software to scan the servers of several government portals (port scanning) including the websites of the Prime Minister’s Office and the Elections Department. He also hacked a Straits Times blog page as well as gaining access to a server which kept people’s bank statements.
The court heard that as a result of his hacks, affected companies spent $1.36 million to not only fix the damage done, but also revamp security and improve their systems to prevent similar attacks in future.
During sentencing, the judge noted that James had a high degree of premeditation, planning and sophistication.
The offences perpetrated by James Raj, in addition to harming the immediate victims, also have the wider-felt impact of triggering unease and offending the sensibilities of the general public.
“Given the current climate where international and domestic terrorist security threats are more prevalent than before, a threat to the IT systems (and) cyber-attacks in a highly networked country like Singapore, should be visited with exemplary sentences.”