Internet Security in Vietnam and Forecasts

 

According to Bkis internet security centre, the number of Vietnamese websites attacked in 2007 reached 342, including 118 sites ruined by domestic hackers and 224 sites attacked by foreign hackers. Bkis detected serious holes in 140 websites, 33,646,000 computers infected with viruses, and 6,752 kinds of new virus in 2007. The most contagious virus was W32.Winib.Worm which infected 511,000 computers.

 

It can be seen that many kinds of new viruses have broken into the domestic computer system since the beginning of 2008. In January, the variant of virus Gaixinh broke out and quickly spread. In only one week during Lunar New Year, more than 29,000 local computers were infected with this virus. In February, up to 1,011 kinds of new viruses appeared, destroying 3.1 million computers. In early March,virus "Tran Quan Hy" penetrated into Vietnam and ruined about 1,000 computers which were seen with “hot” pictures of Tran Quan Hy and some other famous Hong Kong actors.

 

According to the statistic of the Department of Profession Computing Technology, the General Department of Technology under the Ministry of Police in May 2007, more than 14 per cent (1,400) out of nearly 10,000 subscribers of the three Vietnamese biggest ADSL providers were in danger as they were easy for hackers to control the network. The hole lied in the fact that these subscribers still used default modem management accounts of producers while these account codes were publicised.

 

In November 2007, Vietnamese internet users were defrauded when they used the new service of Yahoo, Yahoo! Mash. Evildoers took advantage of the overconfidence of internet users to do fraud. Depending on the demand of users to transfer from the service of Yahoo! 360 blog to Yahoo! Mash one, the frauds sent emails in Vietnamese language to victims and “guided” them to use the new service of Yahoo! Mash without the data loss. In fact, they enticed internet users to provide passwords for their accounts at Yahoo! 360.

 

A typical example for the steal and illegal use of passwords, Adeyemi, a professional hacker, had stolen account and credit card passwords of domestic and international individuals and used these credit cards to book air tickets from low-cost airlines for customers of Hoang Yen Minh Company. The case was detected in October 2007.

 

 

In Security World 2008 conference, PhD. Nguyen Viet The, Head of the Department of Profession Computing Technology, the General Department of Technology under the Ministry of Police, said that the pressing issue of internet security in 2007 derived from the unproper attention of agencies, enterprises and organisations to the matter of internet security, so their fund for internet security is limited.

 

Speaking of this issue, Mr. Ashley Wearne - Vice Chairman of McAfee in Southeast Asia, Australia, New Zealand and India regions once said, “Enterprises can not disuse websites and e-mails for their business activities. However, almost companies have spent only 3 per cent of their budgets on average on IT security, too small fund compared with the increasing attacks of hackers, viruses and spam.”

 

Security holes on websites in Vietnam are resulted mainly from uncareful programming which fails to regularly update relevant software such as operating system, web server, and database server. Open-source softwares are also detected with serious holes. According to the Ministry of U.S. Interior Security, a serious error will occur after each 1,000 code lines in the open source code, which allows hackers to exploit the system.

 

In addition, Vietnam’s policies and legal documents on network criminals are still few and out of date, which makes the government find difficult in penalising this kind of criminal. For instance, the regulation on money fine is now too soft in many cases, compared with the dangerousness and the loss this kind of criminal made.

 

 

Experts forecast that the year of 2008 will see many new variants of virus, more professional and sophisticated internet security hackers who target at social networks. The form of using social networks to defame and blacken other people, degrade the prestige of organisations (agencies and enterprises) will be big problems. This criminal may be for the sake of unhealthy trade competition or even for the sake of personal benefits. The criminal will accordingly have serious impact on the situation of social security and politics. Facing this situation, foreign internet service providers such as Yahoo and Google will have to join hands with Vietnam’s legal agencies when they still want to provide and develop their services in the country.

 

Experts also forecast that securities - a booming sector in Vietnam will become the target of black hackers. On a survey in late 2007, up to 40 per cent of websites out of 60 of Vietnamese securities companies were detected with errors. PhD. The said that grasping these holes, hackers can be able to change the information on trading results, securities indexes, and notify unuseful information on the market. If the errors are not timely detected, hackers may make big changes on the stock market to seek profits and make losses for many investors.

 

Especially for new mobile applications such as Gphone of Google and IPhone of Apple, which are provided for software developers and applications in the future, there are likely holes in these services for hackers to make use. "Banks and online auction floors tend to use mobile facilities". Network criminals will maybe increase on this trend.

 

Mr. Andrew Namboka of Nokia Company said that business information technology infrastructure has showed its holes over the past recent three years. Enterprises should at least recheck the security system in order to assess their situation. He also said that each business should rent a dedicated internet security expert. Besides, they are suggested to employ specialists to manage, control and report on the security demand of the company at some anticipated service level.

 

Mr. Sukhdev Singh, Senior Security Consultant and Technical Manager, IBM Internet Security Systems ASEAN/SA, argued that no individual organisations or government agencies have to be responsible for protecting data of customers. Subjects at all level, ranging from governments, companies to technology providers and clients must hold the responsibility for this task.

 

Many enterprises providing information security services have been established, rooting from the fact that many individuals and enterprises feel confused when facing internet troubles. However, their operation lacks the cooperation and coalition. Finally, Vietnam Information Security Association (VNISA) was set up in mid November 2007 with an aim of linking businesses, organisations and individuals operating in the information security industry. VNISA pledged to cooperate and support providing information security solutions based on three aspects: information security infrastructure, information security policy, and employees for implementation and supervision. This may be a good signal for the internet security industry of Vietnam this year.

 

The fact that users do not obey regulations on internet security and safety has created holes for evildoers to take advantage and attack. Therefore, if internet users are not serious in implementing security processes, obeying security principles, their networks are always threatened although the security technology is advanced with multi layer protection. In general, raising the awareness on internet security is the first crucial element for users to operate IT systems.