James Raj Arokiasamy (Messiah)

James Raj Arokiasamy (born 1978), who goes by the pseudonym “Messiah”, is a hacker based in Singapore. On 6 September 2023, he went viral on social media after claiming he had hacked into the MINDEF Singapore systems in a podcast episode by local podcast producer, Plan B.^[1]

While affiliated with Anonymous, an international hacking organisation renowned for hacking governments and large corporations in the early 2000s, James Raj launched a number of cybersecurity attacks against the Singapore Government in 2013.^[2]

Background

Career

In 2000, James Raj started learning cybersecurity hacking and attained a diploma in Information Technology.^[3] On his LinkedIn profile, James Raj claims to have created his own backdoor, firewall, and port scanners with the C and C++ programming languages.

James Raj later worked for an unnamed company before quitting to deliver hacking classes for students worldwide. He currently lists himself as a self-employed “Cyber Security Consultant”.^[3]

Controversy over the alleged hacking of MINDEF’s systems (September 2023)

Plan B published three podcast episodes featuring James Raj (6 September 2023)

On 6 September 2023, Plan B featured James Raj in the 614th, 615th, and 616th episodes of its podcast show, titled as follows:^[4]

• #614: Hacker ‘Messiah’
• #615: Cyber Security vs Hacking
• #616: Hacker traumatised by what he found

In the podcast episodes, James Raj made several claims about his hacking activities in 2013 and his subsequent arrest in 2015 as follows:^[4]

1. The Singapore authorities did not charge James Raj as they feared he would fight back.
2. Apart from his warden, James Raj was isolated and barred from human interaction when he was in remand.
3. James Raj was arrested and imprisoned for making a stand against Internet censorship.
4. James Raj was initially served over 400 charges, but the Government offered him a plea deal where he would only plead guilty to 39 charges. This was allegedly done to cover up his ability to hack into many government-related systems.
5. James Raj had hacked into Singapore Land Authority (SLA)’s systems in 2013.
6. James Raj had hacked into MINDEF’s systems in 2013.

Of these claims, James Raj made a copy of the portion where he alleged he had hacked MINDEF’s systems and uploaded it on his personal TikTok account.^[1] He described MINDEF as having taken a strong stance against his actions:

"I hacked into MINDEF, I hacked into a lot of government sectors, but it was embarrassing for them, so they kinda covered a lot of it, and they said, 'Let me make you a deal here if you take this, we will drop charges'.”^[1][4]

In his now-deleted TikTok upload, James Raj claimed Plan B had censored him. Although he had “great fun” during the interview, he was “not too happy about the concern of legal worries [Plan B] had.”^[1]

James Raj also claimed he had managed to retrieve City Harvest Church’s tax documents and passed them to “the prosecution.” He went on to state that the alleged prosecution was unable to use these documents in court as they were acquired illegally.^[1][4]

The Ministry of Home Affairs (MHA), Ministry of Law (MinLaw), and MINDEF refuted James Raj’s claims (13 September 2023)

On 13 September 2023, MHA, MinLaw, and MINDEF issued a joint statement to refute James Raj’s claims on Plan B.^[5][6] The statement was accompanied by an Instagram post from MINDEF, who included a link to it in the caption.^[7]

The statement identified several key falsehoods James Raj had claimed in the podcast episodes, in line with the six points highlighted in the previous section.^[5]

The statement also detailed James Raj’s background, indicating he had initially evaded arrest for drug offences in 2011.^[5] He then committed acts of computer misuse while on the run in Malaysia in 2013.

The statement ended by affirming the Minister for Home Affairs and the Minister of Law’s call for a Correction Direction, under the Protection from Online Falsehoods and Manipulation Act (POFMA).^[5] Under this directive, Plan B was required by law to issue “a notice against each original post, with a link to the Government’s clarification.”

Plan B issued notices on its Instagram and Spotify pages (13 September 2023)

In response to MHA, MinLaw, and MINDEF’s directive, Plan B put up notices to disavow James Raj on its Instagram profile and the Spotify pages for each affected episode.^[4][8] The notices are uniform across both platforms and read as follows:

“CORRECTION NOTICE: Two earlier posts (dated 7 Sep 2023) contain false statements of fact. For the correct facts, visit: https://www.gov.sg/article/factually130923-a.”^[4][7]

Plan B went on to record episode #617 with the title “MINDEF debunks claim.”^[4] In this episode, the three show hosts Darren, Dzar, and Rahman discussed James Raj’s case, where they further affirmed MINDEF’s position against him.

TikTok banned James Raj’s account (13 September 2023)

On the same day, TikTok took down James Raj’s account, which went under the handle @jamesmessiah.^[9] According to screenshot records of his account, James Raj had 7,883 followers and accumulated at least 63,500 likes before he was banned.

2013 Cybersecurity Attacks

Hacking of Sun Ho’s website (2 September 2013)

On 2 September 2013, James Raj, under the guise of “The Messiah”, hacked into the website of Sun Ho. Sun Ho is the wife of City Harvest Church founder and senior pastor Kong Hee. James Raj altered the contents of the website, leaving a long message to criticise Ho.^[10]

Of note was his accusation of Ho having “failed as a wife, as a singer and most importantly… as a human being."^[10] James Raj also threatened to expose Ho’s “hidden agenda”, referencing City Harvest Church’s funds misappropriation case which began in 2012.^[10]

James Raj also uploaded private photos of Ho onto her website, including one of her from her childhood and another of her attending fashion designer Christian Audigier's 50th birthday bash.^[10]

Hacking of the PAP Community Foundation (PCF)’s website (17 October 2013)

On 17 October 2013, James Raj hijacked PCF’s website.^[11] Operating under the same “Messiah” moniker, James Raj proceeded to leave messages on the website, this time stating he was “motivated by anger” over a nine-month-old infant who had suffered second-degree burns at a PCF infant care centre.^[11]

James Raj claimed he had not done as much damage to PCF’s website compared to what he did to Sun Ho’s:

“Usually we would have destroyed your servers and everything on it (ask Sun Ho) but based on circumstances, we decided to give you the benefit of the doubt that accidents do happen. But that in no way takes any blame off you.”^[11]

James Raj ended his message by threatening further action after investigating the burn incident.^[11]

Compromise of Ang Mo Kio Town Council’s website (28 October 2013)

On 28 October 2013, James Raj hacked into Ang Mo Kio Town Council’s website.^[12] James Raj also inscribed a message to mock the authorities, this time presenting it in a two-panel carousel. The first panel read as follows:

“I have been to various sites and seen how they take the initiative to secure their systems. You have a brain and you have money. You had a choice. Don't blame external factors (Anonymous) for this hack. - The Messiah ;)”^[12]

The second panel was a direct attack on then-Ang Mo Kio member of parliament (MP) Ang Hin Kee, whom James Raj impersonated to renounce his position as MP.

James Raj represented Anonymous to threaten the Singapore Government (29 October 2013)

On 29 October 2013, James Raj represented Anonymous to upload a YouTube video, where he directly threatened the Singapore Government.^[13] Uploaded via a YouTube account called “Cecilia Xiao”, James Raj boasted that “The Messiah” was responsible for the previous spate of attacks, stating that they were a “sneak peak” of what he would do if the Government did not comply with his demands.

James Raj’s demands were a response to recently instituted laws requiring “certain news sites to post a $50,000 bond and take down offensive content within 24 hours.”^[13] The following was what he demanded:

“We demand you reconsider the regulations of your framework or we will be forced to go to war with you.”

On 1 November 2013, The Straits Times reporter Irene Tham penned a criticism of James Raj’s video on her newspaper blog in response.^[13]

Irene Tham and The Straits Times’ website were targeted (1 November 2013)

On the same day, James Raj responded to Irene Tham’s criticism by defacing The Straits Times’ website.^[14][15] Specifically he hacked into Irene Tham’s account, using it to post a message with the headline: “Dear ST: You just got hacked for misleading the people!”^[14]

Referencing Irene Tham’s use of the phrase “war against Singapore”, James Raj expressed unhappiness at her choice of words, stating that it “can be very misleading.”^[14] He then gave her “48 hours to make an apology to the citizens of Singapore for trying to mislead them with her hate. In the event she refuses to apologise then we expect her resignation. If those demands are met we will be on our way.”^[14]

He ended his message by claiming he and Anonymous would “paint the streets [of Singapore] red and black with [their] attires” on 5 November 2013.^[14]

James Raj was arrested by Malaysian police (4 November 2013)

On 4 November 2013, James Raj was arrested in Kuala Lumpur, Malaysia, by the Malaysian police. He was discovered to have committed his crimes from Dorchester Apartments.^[16] He was then repatriated to Singapore and handed over to the local police on 5 November 2013.

Initially charged for hacking into Ang Mo Kio Town Council’s website on 12 November 2013, James Raj was also revealed to have committed three drug offences in 2011. Instead of facing his charges, James Raj had absconded and fled to Malaysia.^[16]

In consideration of his flight from Singapore, James Raj was denied bail on 4 December 2013.^[17]

James Raj faced a total of 162 charges (25 August 2014)

On 25 August 2014, James Raj was reported to face a total of 162 charges.^[18] Aside from his aforementioned offences, he was also accused of “scanning City Harvest Church's related web servers and government-related ones including the Prime Minister's Office, prisons and the Ministry of Communications and Information.”

James Raj had also compromised Fuji Xerox’s servers, where he stole at least 647 statements belonging to private banking clients of Standard Chartered Bank.^[18]

James Raj was jailed (30 January 2015)

On 30 January 2015, James Raj was jailed for four years and eight months.^[19] According to Deputy Presiding Judge of the State Courts Jennifer Marie, James Raj’s crimes amounted to a “high degree of premeditation, planning and sophistication:”^[19]

“The offences perpetrated by James Raj, in addition to harming the immediate victims, also have the wider-felt impact of triggering unease and offending the sensibilities of the general public. Given the current climate where international and domestic terrorist security threats are more prevalent than before, a threat to the IT systems (and) cyber-attacks in a highly networked country like Singapore, should be visited with exemplary sentences.”^[19]

References / Citations