http://www.thestandard.com.hk/stdn/std/Front_Page/GF27Aa01.html Doug Crets June 27, 2005 Hong Kong's unsuspecting broadband Internet users are the most vulnerable on the planet to attacks by so-called ''zombie'' computers, according to a report by a British Internet security firm. While Hong Kong has increased its efforts to become more secure for shopping and banking, there are vulnerabilities in the system that broadband users are not even aware of, officials say. The fact is that clandestine users piggybacking on the unaware have multiplied so fast that it is nearly impossible to go onto the Internet without being victimized or hijacked. These hijacked computers send thousands of spam e-mails per minute, set up fake Web sites and cripple servers, according to the report, by Prolexic Technologies, a British firm that has presented Internet security solutions to the US Department of Homeland Security. Costs to workers from lost productivity reach as much as HK$10 billion a year, government officials say. Prolexic's 2005 ``Zombie Report,'' released last week, said Hong Kong, with 4.8 million broadband users, is the per capita leader in the number of computers that have been made into zombies by illicit users. ``We notice the major corporations, the banks, the government have done a lot in security to protect their servers, but at the same time the customers are not well aware of such things,'' said Roy Ko, an information specialist at the Hong Kong Computer Emergency Response Team Coordination Centre, started by the Hong Kong Productivity Council in 2002 to coordinate responses to technology problems. ``A lot of these [upgrades] are to protect clients who are not aware of the latest vulnerabilities,'' he said. According to a white paper by Internet firm CipherTrust, ``the most popular method for distributing the trojans [the programs hide in the victim's computer] that create zombies is via an e-mail attachment masquerading as an innocent file, such as a digital photo or contest entry form.'' Hong Kong government departments prefer not to comment on the figures because they question the methodology of the analysis, but Ko warned that Hong Kong users should spend more time educating themselves on trojan viruses. The Hong Kong Monetary Authority made it mandatory this year for local banks providing online banking to offer their users new security devices to prevent fraud from hackers who set up fake banking Web sites and encourage customers to enter passwords so they can steal their money. ``What happens with broadband is it's always on,'' said Andrew Lih, a professor of media studies at University of Hong Kong. ``If you just hook up directly to the DSL [digital subscriber line] modem, you're naked.'' Users can look at the logs on their routers, if they have them, to see just how vulnerable they are to these attacks. Routers take the fresh feed from the Internet and wire it into the computer, but they also absorb attacks from viruses flowing in through the Internet. ``You're talking about an attack a minute, sometimes a little flood every five or 10 seconds,'' Lih said. According to Nielsen/Net Ratings, ``The most popular Hong Kong shopping Web sites received 20 percent more visitors in the quarter ending August 2004 compared with the corresponding period a year ago.'' That was a rise of 320,000 people to 1.6 million. Imagine that this shopping is being done on computers that have outdated firewalls, or on PCs without updated systems. ``[Consumers] don't have a person to look after the system, so they don't know what is happening in the system,'' said Ko. ``There are a lot of these vulnerabilities reported every month, they have to keep updating and patching their system.'' Distributed denial-of-service attacks aren't the only problems on the government's mind. Spam e-mail drains productivity from workers. ``The government believes that it would be necessary to enact legislation to regulate unsolicited electronic messages after studying the submissions received at the consultation conducted last year,'' said Esther Mak, information officer for the Office of the Telecommunications Authority. The Hong Kong Internet Service Providers Association, an organization that represents the views of a group of businesses, such as New World Technologies, PCCW and City Telecom, said that there should be legislation that would bring about punishment. According to a June 2004 Legco consultation paper, ``Spam causes harm to ISPs because it uses large amount of bandwidth and storage space.'' That leads to poorly functioning ISPs and dissatisfied customers, not to mentioned a stress on ISPs who have to pay more to secure more. ``[They] need to build enormous capacity into their systems. The increased volume of e-mails can also significantly slow down the speed of Internet, overload servers and threaten network integrity,'' it reads. Poor service is only one thing users should concern themselves with, though, says one Internet security analyst. ``Each one of these PCs becomes a great gateway to funnel illegal funds. Tracking them is very hard,'' said Maren Leizaola, director of Web mail provider HK.Com. _________________________________________ Attend the Black Hat Briefings and Training, Las Vegas July 23-28 - 2,000+ international security experts, 10 tracks, no vendor pitches. www.blackhat.com
This archive was generated by hypermail 2.1.3 : Mon Jun 27 2005 - 02:29:58 PDT