While some experts believe that the culprits of the recent attacks to Vietnamese websites were unprofessional hackers, others think that the attacks were really very dangerous.

While some experts believe that the culprits of the recent attacks to Vietnamese websites were unprofessional hackers, others think that the attacks were really very dangerous.

According to CMC InfoSec, a network security solution provider, since early May 2011, more than 300 websites in Vietnam have been defaced and hacked; of which 100 websites have the “.org” or “gov.” domain names. The attacks sourced from Turkey, Israel and China.        

CMC thinks that most of the cases were spontaneous attacks, which were not well organized and carried out by independent groups. The attacked websites contained holes which were found by automatic scanning software – a simple method of network security control.

Ngo Quang Huy from the Vietnam Computer Emergency Response Team (VNCERT), has confirmed that a lot of attacks to businesses’ and government agencies’ websites were carried out from late May to early June. He said that there are signs showing that hackers carried out the attacks from foreign countries, as the IP addresses were sourced from China, Hong Kong, South Korea and the US. Especially, there were Vietnamese IP addresses as well.

Commenting about the attacks, Huy said that the danger levels of the attacks were not high, and that the attacks were just carried out in a spontaneous way.          

Dr Le Trung Nghia, a senior official from the Ministry of Science and Technology, argued that the technologies hackers used in the recent attacks to Vietnamese websites were “not simple”. Especially, he said that the attacks under the deface mode are always very dangerous, because hackers can “sit inside the servers and take the control over the systems”.

A lot of websites’ administrators simply accessed to the administration page to remove the pictures left by hackers and then stated that the problems can be fixed already. In fact, the hackers have penetrated the servers, and this is really a danger.   

Nghia has also pointed out that many websites have not collapsed, but in fact, hackers have intruded into the websites. “It is necessary to let people understand that the recent attacks are really a danger,” he said.    

Vietnamese neglect information security 

Though holding opposite opinions about the risk level of the recent attacks, experts have expressed a common concern that Vietnamese businesses and organizations do not pay much attention to information security solutions.       

At a workshop on information security held in Hanoi several days ago, Trieu Tran Duc, General Director of CMC InfoSec, pointed out the basic errors on the website of the General Fisheries Department, and the website of Viettel, a military telecom company: the source codes were displayed, which paved the way for hackers to easily exploit the link to the administration page.

Duc also pointed out a website which has been hacked for the last many years, but the administrators still have not paid appropriate attention to security solutions – the website of the National Committee on International Economic Cooperation at nciec.gov.vn.     

Duc said that with the obvious errors, even the unprofessional hackers can easily penetrate the websites and change the contents.          

Commenting on the awareness of Vietnamese businesses and organizations on information security, Duc said that Vietnamese servers quickly become the “playing fields” for hackers in the world.

The noteworthy thing is that the indifference to the network security has been kept for a long time, while there has been no improvement. The attacks through SQL Conjection error first appeared in 2002 or 2003.      

It’s necessary to set up information safety standards       

When asked if the state management agencies can set up standards on information security by setting up the requirements for agencies to apply, Huy from VNCERT said that in 2008, the center built up the standards that fit ISO27001 which was then promulgated by the Ministry of Science and Technology in 2009.  

Huy said that VNCERT is building up other sets of standards which agencies will have to apply. Especially, specific standards will be designed for specific fields, especially in the banking sector.

Meanwhile, Vu Quoc Thanh, an information technology expert said that enterprises can apply the standards which have been recognized in the world.