Network security 2006: unstable from many sides.
'Which website will be hacked in 2007?'
It is a question of headache for Vietnamese network administrators after a year of instability in security. Forecasting, in 2007, Vietnamese black hat hacker will focus more on illicit profiteering goals.
It is a question of headache for Vietnamese network administrators after a year of instability in security. Forecasting, in 2007, Vietnamese black hat hacker will focus more on illicit profiteering goals.
With an "unstable side" of 2006, cyber threats are posing many challenges to mass administrators of Vietnamese websites and systems in 2007.
Sad reality
" Please help me " - Pink shouted in the phone - " An article just wrote that my team and I were attacking with bad intentions on government websites. While we were a hacker group "white hat" is completely in good faith and always informs the site administrators when a security error is discovered . "
Pink's real name is Duc Tien - Director of a security service company in Hue. Pink is Tien's nick on the internet, he is also the head of a group of central hackers.
Pink and his team are quite active in hacking, security, he gave me evidence to control many websites named .vn domain. These include .gov.vn sites (domain names belong to Government websites).
" Two months ago I checked the MOT server, discovered and reported an error, but did not hear back and the error was not fixed. I was young but I knew what to do in accordance with the law, so the impact The system of sites where we check errors is not happening ". - Pink confirmed.
In mid-December 2006, Pink sent to PV VietNamNet a long version of websites that he confirmed that he had discovered an amazing security error that had both large servers and websites of some leading ministries.
" I affirm that the VA server has an error from the vf . org.vn site , allowing hackers to upload backdoor (a" back door "virus to help hackers access the system many times without the knowledge of the network administrator).
izabacn . gov.vn SQL errors injections heavy, pcw . com.vn errors can steal cookies; ba . aptech.com and stock exchange HN according to me also know that someone used to enter. Both hut . edu.vn , hoidongg . gov.vn more . very much, tell no more! "
Security awareness: Still a "luxury" thing?
" The security awareness of many units is still very low " - Pink continued - " Recently, a industry header's website failed, I informed, and the backdoor link was deleted, but I did not hear back. Many other sites like Hoi . org.vn , m.st.gov.vn . we have also reported errors but have not fixed them ".
" Sadly, many technical staff, network administrators . are responsible for managing the system directly - very reproachful! The best programmers and administrators can make mistakes, but many people Never accept wrong. Do not cooperate with goodwill hackers, a lot, sometimes when it comes to people with higher responsibilities, they fill up, saying that they have never received any feedback .
Pink insists that he is fully active. Automatic error checking of websites mostly happens only after the group sees information about errors of online sites. " Many other sites have already entered, I only check and report bugs to admin, I do it completely free with good intentions, a part also aims to build credibility to develop our company later! ".
No information about the purpose that Pink claims is true as he said, but having so many important websites now with security bugs is an indisputable reality.
A list of hundreds of .vn websites (Vietnamese domain names) that have been hacked by foreign hackers has recently been posted on Zone-H. Perhaps there is no need to say anything more about these numbers.
Profiteering goal: The risk of hanging over the head
A security expert warned: " 2007, attacks for fame will diminish due to the suppression of regulatory agencies, but hacking for self-seeking purposes will increase! ".
Many people working at cybersecurity centers and website administrators, when asked, said that it was like the process that took place in the world, after the "big hit" period of "newbie crowd" ( hacker apprentices), Vietnamese hackers will withdraw into "quieter" operations, but will aim at profit-seeking goals.
The most obvious "goal" is probably online prediction systems, or service management computer systems and mobile content service charges.
Attacks aimed at these systems to get information, even change the content of competitions, games or customer promotions to win prizes - will most likely be organized . Next Meanwhile, GameOnline can also become a "make-up" object for black-hat hackers.
At the end of 2006, PV was seen by a group of high school students taking advantage of the gaps in the telecom service provider 's billing system, using prepaid sim cards that are running out of money for instant messaging. rush to deposit "no" for GameOnline account, then convert to game currency and sell for cash on the internet .
After such tricks, if qualified, hackers will likely attack straight into the GameOnline management systems, even cheating or causing unfair results to profit.
From the perspective of website administrators and the online system, if in 2006, dozens of "well-known" website attacks caused the security picture to bring many uncertainties, fear that the situation Network security in 2007 is even more worrisome than that.
"Better late than never"!
Network security is not the only technical measure to fix and protect the system after it has been erected and has been compromised, attacked, installed viruses, backdoors. Network security is a process that needs to be taken into account from the beginning.
Visualizing this problem, a security expert once said, website systems, especially websites of state agencies in Vietnam, were created like houses without fences and locked doors.
Only when they saw the houses next to them being painted on the wall by bad guys, could they find a way to build a fence, without controlling the floor that had been secretly tunneled or not !?
" A lot of websites now have hacked backdoor hackers, some sites are silently controlled at the same time, " Pink said.
While the sense of security is weak, some websites have been previously visited by hackers and until now the intruder still has the ability to control the system, this is extremely common.
Until now these sites have not been attacked because hackers are not motivated. If at any time the engine appears, the hacker only needs to perform a few simple movements . That is, the pages were not hacked until then, but were under long-term control!
However, whether these risks occur or not, one thing is always true that as soon as we seriously consider information security, we have made a significant step forward.
So many experts say that it is still very fortunate that in 2006, attacks on the Internet happened a lot, but not really caused terrifying damage.
Luckily, thanks to it, there is a tremendous change in recognition, as well as a series of real needs for system security.
Most recently, two of the ministries in Vietnam had a serious working session with experts from the network security centers and the Ministry of Post and Telematics, to discuss the issue of improving the security of their website system. .
The Phong
- Website of ASUStek circuit board firm is attacked by hackers
- The website of the Facebook boss is hacked
- Chodientu.vn is attacked by hackers
- Software to check the security level of the Web Application
- Web site hacker world No. 1 was ... hacked
- NASA is hacked, data of mission travel is stolen
- The US State Department website in Russia is hacked
- Phishing tool allows you to create a ghost website in ... 2 seconds
- Website '1 million' has legal trouble
- The first website in the world is 25 years old
What is the Snapdragon SiP chip? How to create a yellow circle around the mouse cursor on Windows Edit the Boot.ini file in Windows XP 3 ways to restart the remote computer via the Internet Vietnam computer market: Looking back a year How to restore deleted applications on Android How to increase the capacity of C drive on Windows 10, 8, 7 ... 8 security features of Windows operating system