Surveys and investigations have raised high alert on internet and information security in Vietnamese organisations and companies. However, regulations to detect and punish hackers fail to keep pace with the rapid development of this type of crime.
Actual situation
In 2006, Vietnam had 235 websites with domain .vn hacked and controlled by foreign hackers. This figure was provided by Zone-H (
www.zone-h.org), a reliable website listing hacked websites. Notably, up to 40 websites used .gov.vn domain, dedicated to governmental offices from central to provincial levels including ministries, branches, and provincial/municipal people’s committees. Apart from non-profit administrative organisations’ websites, hackers aimed a series of attacks at ecommerce websites and portals. Some hackers coordinated in hi-tech criminal rings to steal credit accounts, launder money and operate under cash-out laws.
According to the Bach Khoa Internetwork Security Centre (BKIS), in 2006, 90 per cent of 340 hacked websites belonged to well known organisations and companies. In January 2007 alone, more than 20 Vietnamese websites were hacked. This signals a year of problems for internet security.
Apart from attacking network systems and databases of organisations and enterprises, hackers in Vietnam also transmitted computer viruses in 2006. Over the year, 880 new viruses appeared and infected more than 16 million computers.
According to the Vietnam Computer Emergency Response Team (VNCERT), if each computer needed US$2 to disinfect viruses, each week 1.4 million infected computers take US$2.8 million to repair damage from virus attacks. Mr Nguyen Viet The, Director of Professional Information Technology Department under the Ministry of Public Security, said real damages include not only the time to survey and repair, but also the negative effects on the work process and efficiency. Additionally, most companies and organisations are facing shortages of human resources with network security knowledge to block hackers.
Addressing the conference and exhibition “Network security and data protection 2007” recently in Hanoi, Mr Linus Lai, Research Director of IDC, warned that each company should regard network security as an integral part of its development strategy. He said hackers illegally accessed the systems of organisations and enterprises, not only for simple mischievousness but also for seeking profit by stealing personal information and money. He also warned users against storing account numbers, ID numbers and passwords in mobile devices, because stored information can be moved to other devices used by hackers.
Settlement - still weak
To control the spread of internet crime in Vietnam, the Prime Minister decided to set up Vietnam Computer Emergency Response Team (VNCERT) to fight national IT crime. Besides, the police investigators have joined forces to suppress and deter IT criminals. However, Vietnamese rules against this kind of crime are weak and ineffective.
Under current rules, only activities specifically stipulated in the Criminal Code are considered crimes. Hence, it is impossible for this kind of crime to be brought to trial. Regarding this issue, Deputy Minister of Justice Hoang The Lien said the (money) fines stipulated by current laws were too light in comparison with the level of potential damage.
According to Dr. Mai Anh, Director of Informatics Centre under the Ministry of Science and Technology, IT crime is now diversified and complicated, but generally classified in two main groups. The first group use computers as tools to carry out crimes, and the second use computers and computer networks as an environment in which to carry out their crimes. In more detail, the first group are crimes such as finance violations, posting pornographic or reactionary photos, videos or information on the internet, selling banned commodities on the internet, gambling on the internet, intellectual property violations, email crime, online defrauding, and insults to other entities on the internet. The second group consist of such crimes as illegal access to computer systems or computer networks, electronic information stealing, illegal modification of databases, attacks to bank capital, attacks to destroy service supplies, attacks to systems by virus, illegal discounts for online time, illegal control of computer systems or websites and destruction of computer hardware.
Regarding regulations on IT crimes in the Criminal Code as well as prohibited activities provided in other legal documents, the regulations are not strong enough. Current legal documents only focus on violations in IT fields, ignoring telecom technology activities endangering the society.
Regarding the punishment mechanism, Deputy Minister of Justice Hoang The Lien said law-makes are having trouble dealing with internet crimes. The trouble comes from the difficulty in define the crime. For example, when a hacker illegally accesses a personal banking account and steals money from that account, that act could be treated as “stealing assets”, but this doesn’t account for the crime being executed by a tool, the computer, and by information technology knowledge. Besides, in many cases, the crime is internationalised. It may be easier to tackle a Vietnamese violator committing the crime in Vietnam. But it will be much harder if the violator or the victim is a foreign citizen or organisation. Mr Lien said Vietnamese Procedural Law does not mention this case. He hopes the new Criminal Code will be amended and supplemented with provisions related to information technology crimes in general and internet crimes in particular.
Nguyen Thoa
Vietnamese
