The Memo: 23 Mar—31 Mar 2024

The Memo's latest issue summarises significant security news from Mar 23—31, 2024: the dismantling of a major militant group in the Philippines, petrol bomb attacks in Malaysia, arrest of a suspected Israeli hitman in Kuala Lumpur, terrorist attack in Moscow, and the discovery of a malicious code.

In brief:

  • Abu Sayyaf dismantled after 30 years, says Westmincom chief.
  • Petrol bombs hit KK Marts over "Allah" socks, sparking outrage.
  • Malaysia arrests Israeli with arms, suspected in gang rivalry.
  • Deadliest Moscow terror kills 115; ISKP claims attack; Russia blames West.
  • Malicious code found in xz Utils compression tool affects Linux distributions.

1. Updates and incidents in Maritime Southeast Asia

i. Philippines

The chief of the Western Mindanao Command (Westmincom), Lt. Gen. William Gonzales, announced that the Abu Sayyaf Group (ASG) has been effectively dismantled as an organisation after operating for over three decades. He stated that all individuals of high value, including the leadership, have been neutralised, with the remaining 14 members in Sulu and six in Basilan now "laying low". Gonzales expressed confidence that the conditions set by the General Headquarters (GHQ) have been met, allowing the Armed Forces of the Philippines (AFP) to formally declare that ASG has been dismantled.

Why does it matter: The dismantling of ASG may mark a significant reduction in terrorism and security threats in the Philippines, potentially leading to increased safety and stability in areas affected by the group's decades-long activities.

ii. Malaysia

Two KK Mart convenience stores, located in Perak (March 26) and Kuantan (March 30), were targeted with petrol bomb attacks, triggered by controversy over socks sold at these stores that had the word “Allah” printed on them. Senior executives of the minimart chain already faced formal charges for offending religious sentiments by selling these socks. Images of the socks displayed at a KK Supermart store ignited significant backlash on social media among Muslims, who found the association of Allah—the Arabic word for God—with feet to be offensive.

Why does it matter: The incident underscores the importance of addressing the roots of provocation, often linked to dog-whistling on social media that exploit what might be a manufacturing oversight, thus fueling the actions of those responsible. Political leaders should maintain caution in their remarks to avoid intensifying negative emotions. The backlash and resulting violence also point to the challenges businesses face in navigating diverse social landscapes, emphasising the need for careful consideration of cultural and religious sentiments in global commerce.

Authorities in Malaysia arrested an Israeli national, Shalom Avitan, on March 27 at a hotel on Jalan Ampang, finding him in possession of six pistols and 200 rounds of ammunition. Initial Malaysian media reports described him as an Israeli "spy" and "intelligence officer" who had arrived in Kuala Lumpur from the United Arab Emirates on March 12. However, subsequent reports from Israeli news source suggest that Avitan has connections to the Musli Brothers crime family, allegedly on a mission to assassinate Eran Haya, the leader of a rival gang, believed to be in Malaysia. Malaysia, a predominantly Muslim country, does not have formal diplomatic ties with Israel.

Warga Israel Shalom Avitan dikatakan dalam misi bunuh pemimpin geng seteru  di Malaysia
Figure 1: Passports and mug shot of suspected Israeli hitman, Shalom Avitan.

Why does it matter: The misreporting highlights a critical issue within the media: the preference for sensationalism over the core values of accuracy and fairness in journalism. Such practices compromise the media's credibility and fail to safeguard individuals' rights against misinformation, detracting from the cultivation of informed and responsible public discourse. Considering Malaysia's firm support for Palestine amidst Israeli strikes on Gaza, such misreporting could incite unnecessary panic. Additionally, the arrest also sheds light on a serious breach of both international and local laws related to arms trafficking, underlining the formidable challenges nations encounter in their efforts to combat organised crime and ensure public safety.

2. Crocus City Hall Attack, Moscow

In Russia's deadliest terror incident in recent years, four gunmen in combat attire killed at least 115 people and injured 145 with gunfire and explosives at a major concert hall on Moscow's outskirts. Russian authorities detained 11 suspects. The attackers were identified as Tajik nationals. Three children were among the casualties, with approximately 60 individuals suffering critical injuries. Visuals showed Crocus City Hall engulfed in flames, with videos capturing the panic as assailants fired at bystanders and set off explosives. The Islamic State's Khorasan Province affiliate (ISKP or IS-K) claimed responsibility for the attack. Despite previous warnings from the US about a potential terror threat, President Vladimir Putin dismissed them. Nevertheless, Putin and the Kremlin tried to blame Ukraine and the West for the attack. Following the incident, Russia immediately heightened security measures and cancelled public events. Following the incident, Central Asian migrants in Russia are facing severe backlash.

Why it matters: Despite its diminished presence in Afghanistan, the attack showcases ISKP's ability and determination to execute high-profile attacks beyond its immediate region. The Moscow incident underlines its threat on an international scale, elevating security worries throughout Europe and accentuating the worldwide challenge IS and its affiliates pose through continuous recruitment and expansive operational scope. The incident also highlights the rising xenophobia against Central Asians.

3. Cybersecurity and emerging technology issues

Researchers discovered a malicious backdoor in the xz Utils compression tool, versions 5.6.0 and 5.6.1, affecting several Linux distributions, including those from Red Hat and Debian. Developer Andres Freund identified the compromise, which targeted beta releases of Fedora Rawhide, Debian testing, unstable, experimental distributions, and a stable release of Arch Linux. Despite potential risks, no production systems were impacted, as the backdoor's early detection prevented widespread harm. The backdoor, which compromised SSH authentication by injecting malicious code into sshd functions, originated from obfuscated updates made by JiaT75, a key xz Utils developer. This breach could have allowed unauthorized access to systems via SSH. The compromised versions were promptly replaced in affected distributions, including a rollback in the HomeBrew package manager for macOS to a safe version of xz Utils.

Why it matters: The discovery highlights the vulnerabilities that can be introduced even in widely trusted tools and the potential impact on the security of major Linux distributions and other systems relying on these tools. The fact that the malicious versions could have been incorporated into production releases without early detection is a reminder of the continuous threat of software supply chain attacks. This discovery also underscores the importance of early detection and response.

Subscribe to Chasseur Group

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.