February 20, 2025
KUALA LUMPUR – The government’s plan to launch a cyber-intelligence system to monitor and track illegal activities on the dark web may hit multiple hurdles due to the inherent anonymity and constantly evolving methods used by cybercriminals.
Cybersecurity experts who weighed in on the announcement of a system to combat personal data breaches said that while technology could complement online surveillance, a more effective approach would involve addressing the root cause of such leakages.
They said taking proactive steps such as beefing up cybersecurity infrastructure, enforcing stricter data protection laws and promoting greater public awareness may yield more favourable outcomes.
On Tuesday, Digital Minister Gobind Singh Deo said Malaysia’s first intelligence system for dark web monitoring, called the Threat Intelligence Capacity Support Automation Project for Personal Data Breach Case Management, will be launched in the second quarter of this year.
Cybersecurity specialist Fong Choong Fook said the concept of an intelligence system to monitor the sale of personal data on the dark web though possible theoretically, comes with significant challenges in practice.
He said most of the dark web operates on encrypted networks such as Tor and I2P and marketplaces often use strict access controls with invite-only mechanisms, which make automated monitoring difficult.
“Such systems are technically feasible but not foolproof. It can automate dark web monitoring to a certain extent but cannot fully prevent data leaks or track down criminals without manual intelligence and law enforcement cooperation.
“Many leaks are shared privately rather than openly posted, making automation alone insufficient without the intervention of human intelligence.
“Also, monitoring the dark web involves legal grey areas as many marketplaces operate outside Malaysia. Enforcement may require international cooperation from the authorities overseas such as the Interpol or Aseanapol.
“While the government’s project is a positive step, it must be part of a larger cybersecurity strategy rather than a standalone solution. If not implemented correctly, it risks becoming an expensive but ineffective tool,” he told The Star.
Network security and forensics specialist Asst Prof Dr Vinesha Selvarajah of Asia Pacific University of Technology and Innovation said the dark web is intentionally designed to be anonymous, rendering traditional monitoring ineffective.
She said the government’s latest initiative requires strong technical partnership and ethical considerations.
“There should be a multi-layered approach which includes raising public awareness, educating people on protecting their personal data and strengthening cybersecurity laws by introducing stricter regulations on organisations handling sensitive data,” said Vinesha.
Raymon Ram, who manages cybersecurity governance and data privacy frameworks for companies, said combating the sale of personal data on the dark web necessitates a comprehensive strategy.
He said such intelligence systems employ advanced technologies designed to penetrate clandestine networks in the dark web with the use of automated crawlers and scrapers, which are tools that systematically scan dark web forums, marketplaces and hidden service providers.
Raymon said artificial intelligence and machine-learning algorithms also analyse vast amounts of data to identify anomalies and potential threats which enhance the detection of illicit activities.