[Update: 15 November 2021]
So, last we left off, we were still getting spammed by these Instagram bots and the MCMC weren’t able to help much, because apparently “it didn’t meet the requirements under the Communications and Multimedia Act”. 😐 But lo and behold, the MCMC finally accepted our appeal to re-open the case just two days after the initial publishing of this article. Here’s what they did:
1. They listed down each of the spam accounts one by one.
In the email they sent us, the MCMC team went through the trouble of listing down over 75 Instagram accounts which were used in the spam attacks against us, and checked which ones were active and which ones were deactivated. Of course, there were definitely more than 75 accounts used in the spam attacks, but they actually took the time and effort to go through each and every single one of the 75 accounts. That’s impressive.
2. They reported these spam accounts to Instagram on our behalf.
Like what they did with the account that was made with our full names and pictures, the MCMC reported the list of spam accounts (the active ones) to Instagram on our behalf. Even though this could have been something that we could have done ourselves, the MCMC team did this on our behalf as this was all that they could do, since any further action can only be taken by the Instagram authorities.
3. They acknowledged the actions we’ve taken, and the reports we’ve made.
Lastly, the MCMC stopped communicating like a… uhm.. bot, and acknowledged that we had made several reports to them. They also took a look into our accounts and saw that we had both limited our own comments sections on Instagram and noted that it was probably the best course of action we could have taken.
Though these actions may not guarantee that we won’t be hit by another wave of spam attacks, it does make us feel heard. And to our surprise, we haven’t been hit by any spam comments since we posted this article, so *fingers crossed* that these spam attacks will actually reach their end… someday.
[End of Update] Ok, dats it for the update. Read the rest of the article for context.
We all know that the Internet is a terrifying place. Besides the threat of viruses, online scams, and even the occasional ‘leaked tape’, we also have scary situations like photos of Harith Iskander’s kids being posted on a porn site and BFM’s Instagram account getting hijacked.
But fortunately for them, the MCMC (Malaysian Communications and Multimedia Commission) was there to save the day by intervening. And though the MCMC seems to always be the first on the scene in the event of some form of cyber crime or attack… this probably wouldn’t be the same if your name wasn’t Harith Iskander or BFM.
Both my partner and I found that out the hard way- when we were left helpless after becoming the targets of a cyber-attack which sent hundreds of Instagram bots after us.
Here’s how it unfolded…
It all started with a
(Mc) flurry of notifications from Instagram.
I had just finished a family dinner, when my partner called me right at that moment to tell me that there were hundreds of comments being left on both his Instagram account and mine. So, in my panicked state, I clicked into the hundreds of notifications left by Instagram and saw…
All of the comments were making “accusations” like:
- Borrowing money from people (specifically 6 thousand ringgit, according to the comments)
- Being someone’s mistress
- Cheating on our “families”
- Being a “Sugar
And just to clarify: None of us borrowed money from anyone, nor did we have any “secret families” that we were cheating on/with.
We wish we did have the 6 thousand ringgit though.
But if that wasn’t enough…
Other people and businesses were also getting spammed because of us.
As the comments kept pouring in, we started receiving messages from other people and business accounts who were being hit by the spam comments containing our names. So, we rushed to the nearest police station in the middle of the night in order to make a police report, and put out a mini statement to clarify the situation.
But just when we thought it was over, tragedy struck yet again- This time, with a vengeance. Whoever it was that sent the bots after us had now created a whole Instagram account with both of our full names and pictures, with the words “SCAMMER ALERTS” written across them.
At this point, we were terrified. It no longer seemed like just a “random” attack launched by a syndicate, but a personal one that was being done by someone who was paying very close attention to our activities. We also didn’t know how they got our personal information, and if this was ever going to end. Therefore, we decided that we had to lodge a report with the MCMC on their website.
And then we waited…
And waited again, up until we couldn’t wait any longer and decided to give the MCMC a call.
What came after was basically the stuff of movies… that is, if you like watching long and frustrating movies about government bureaucracy.
We were sent on a wild goose chase over the course of a week.
This whole process that we’re about to explain took place over the course of a week, but we’re just gonna give you guys the shortened version. Oh! And we were still getting spammed about 1 – 3 times a day, the whoooole time that this was going on. Here’s what happened:
1. First, we called the MCMC.
After the MCMC basically ghosted us on our report, we began calling their hotline. Upon picking up our call, they mentioned that they “couldn’t conduct any further investigations” and told us to head back to the police station to get them to investigate it.
2. Then, the MCMC told us to head back to the police station… where we filed a second report.
Right after the call with the MCMC, we immediately rushed over to the police station in the middle of the work-day to get them to investigate the case. However, after speaking to the sergeant in charge and making a second police report (to ask for an investigation), they advised us to head directly to the MCMC’s headquarters in Cyberjaya, saying that they “did not have access to the necessary equipment and databases.”
3. The police directed us to MCMC’s HQ in Cyberjaya… but forgot we were in lockdown.
Wanting to get started on the investigations as soon as possible, we made the decision to take a mini road-trip down to the MCMC’s headquarters in Cyberjaya, where we were greeted by…
Apparently, their offices were closed during the MCO (duh, obviously), which meant that no one was allowed to enter the building unless there was an appointment set up beforehand. So, we started calling the MCMC hotline to try and make an appointment right then and there, while standing right outside their headquarters. But this time, the calls weren’t even going through.
At this point, we felt beyond exhausted and frustrated. Besides calling their hotline, we started to message them via WhatsApp, DM’ed them through their social media accounts, and even tweeted directly at them- but to no avail. There was no way that we could reach them. The few times that the call did go through however, we were forwarded to a few wrong numbers before finally being rerouted to the personal number of one of their trainees.
Thanks to the MCMC trainee (shoutout to her!), it finally seemed like we were actually getting somewhere. She spoke to us about our case and managed to get it picked up by the New Media Department after a few days.
Unfortunately though, this story does not have a happy ending.
The MCMC team were able to take down the Instagram account that was made with our names and photos by reporting the account to Instagram on our behalf. However, they were still “unable” to trace who the person behind the spam attack was, because our situation “did not fulfill the requirements of a crime under the Communications and Multimedia Act 1998“.
And so, after a hellish week spent running from one place to another and calling the MCMC to follow up with their progress, they chose to close our case with no further resolution.
Is it really the MCMC’s fault? Or something much bigger?
Despite the help they’ve provided, the fact of the matter is that the spam comments are still happening to this day. And honestly, we kinda expected it. In most cyberbullying cases, the outcomes are pretty similar to the one we had where there usually isn’t too much of a resolution, and the thing is… it may not actually be the MCMC’s fault.
Here’s the thing: Unless there are actual regulations in place, the MCMC won’t be able to do much either as they’re only able to act within the law since a majority of the regulating would actually need to go through the social platform’s own guidelines. Like for Harith Iskander and BFM’s cases, all that the MCMC was really able to do was to intervene on their behalf and speak to the administrators directly to get them to resolve it.
The problem here is that the law is lacking, since what’s considered “cyberbullying and harassment” is such a grey area. Fortunately though, there are steps being taken towards drafting new anti-cyberbullying laws; so, unless the spamming continues to the point where the laws get changed, there’s really no way for the MCMC to begin their investigations into finding who’s behind this. But if it happens though, we’ll keep you guys updated. 😏👉👉
And ultimately, we did get the help we needed, but it shouldn’t have been this difficult. Because if being heard by the authorities was a difficult task in itself, Malaysians would most likely feel discouraged from speaking up and making reports when faced with a crime.
In the end, the point of this article isn’t for us to go on a rant about what they could have done better, but to highlight the long and tiring process that we had to go through while trying to get help; ’cause in the amount of time we spent calling the MCMC, we could have probably just opened up a whole investigation of our own.
Bonus Info: So, if you ever find yourself in a similar situation…
- Make a police report AND an MCMC report. The authorities won’t be able to do anything if you don’t make a report. Keep records, gather evidence, and assist the authorities in any way possible to get progress in your case.
- Keep the people around you informed. Especially if you had serious accusations being made about you, informing the people around you would greatly reduce the damage they’d make. In fact, these people might also help you to explain to others who may be hit by the same comments.
- If you’re being spammed, manage your comment controls. Unfortunately, it’s near-impossible to report and block every single spam bot that leaves a comment on either yours or someone else’s account. You can check out this guide on how you can manage your comment controls.
- MCMC Protip: Call the complaints hotline before lunchtime (12pm). Most of our time was spent calling the hotline and being hung up on, because apparently we were calling at the wrong time?? We found out that the best time to call the MCMC complaints hotline would be on a work day between the times of 8am – 12pm.
- Prevention Tip: Have less information about yourself made public. The fact that the spammers were able to find our personal information that easily and use it against us was terrifying. So, take your own precautions to reduce the risk of having your private info leaked.
The truth is, whatever happened to us, could have happened to anyone. And unfortunately, for the average rakyat, these are some of the steps that we’ll have to take to keep ourselves protected in an event such as this. Because unless your case is incredibly serious or if you’re someone who’s famous enough to be noticed by MCMC-senpai, chances are a resolution would be far from your reach. For now, at least.