http://www.reuters.com/newsArticle.jhtml?type=internetNews&storyID=2789550 By Doug Young May 21, 2003 HONG KONG (Reuters) - Trojan horses don't just rear their heads in ancient Greek mythology, as Chinese Internet search engine Baidu learned the hard way. In a classic assault, hackers launched a carefully planned attack on the firm last week by first installing a rogue program on computers used by one of its trading partners. That program soon began calling on Baidu's Web site at a rate of more than 1,000 times per second, effectively blocking out everyone else for 60 hours. The Baidu case, chronicled this week on an official Chinese Web site, was just one in a growing tide of cyber attacks against Chinese firms, whose rapid computerization and relative lack of technological savvy make them particularly vulnerable. A staggering 84 percent of firms in China reported at least one cyber attack this year, up from 59 percent in 2002, according to a recent survey by Evans Data Corp. The survey found that nearly 60 percent of Chinese respondents experienced three or more attacks in the last year. "It's quite prolific," said Eric Ashdown, director of Ernst & Young's technology and security risk services practice for China. "Most of it is not very serious. Some of it will be people going after intellectual property or financial gain...Most sites are hacked because most firms have no security." Computer security experts and observers blame the growing number of cyber attacks on several factors, most importantly China's relative inexperience with technology. They also cite an environment where intellectual property theft and corporate spying are widespread, as offenders often escape with just a slap on the wrist and some activity even appears to be condoned and supported at official levels. PREVENTION 101 Many firms fail to take some of the most basic protective steps, such as changing default passwords when they install new software and staying up to date on so-called software "patches" used to close newly discovered program loopholes. "The primary problem is that most of the enterprises and organizations are unprotected, just totally unprotected," said Paul Serrano, senior director of marketing for the Asia Pacific region of NetScreen Technologies Inc. Evans Data analyst Esther Schindler said the inexperience factor may also be an issue. According to an Evans survey last year, the average Chinese programmer had about four years of experience compared with 16 in North America. Chinese firms may also use pirated software containing hidden "backdoors" and older software that is more vulnerable to attack, said Allan Paller, research director of the U.S.-based System Administration, Networking and Security Institute. Ashdown said China's weak enforcement of anti-hacking laws is also a problem in a culture where firms often escape with minor penalties for serious infractions. But at a more basic level, he said, many foreign firms believe Beijing may actually promote hacking, both actively and passively, in its enthusiasm to control information. He said many believe Chinese public security officials employ hackers when it is in their interest, and that state-mandated encryption software contains backdoors making systems vulnerable. "The suspicion is the government has a heavy hand and people have a concern that they are more exposed if they use the government product," he said. (Additional reporting by Elinor Abreu in San Francisco) - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu May 22 2003 - 01:11:59 PDT