http://english.vietnamnet.vn/biz/2007/01/654412/ 16/01/2007 VietNamNet Bridge In 2006, a series of online attacks were directed toward e-commerce businesses, shattering the young online market in Vietnam. "A dark corner in e-security in Vietnam" was a comment agreed upon by many who attended the conference on violations and crimes in e-commerce organised by the Department of E-Commerce (Ministry of Trade) on November 9, 2006. According to VNCERT (the Vietnam Computer Emergency Respond Team at the Ministry of Post and Telecommunications), a series of 2006 online attacks seriously threatened e-commerce in Vietnam. Unhealthy competition The most notorious incident happened in March 2006 when the e-commerce website of Vietco JSC suffered a severe DDoS attack. All online services were delayed for a whole month. Things were so bad that Vietcos director, Mr. Phung Minh Bao, had to publicise the incident on VietNamNet and ask legal authorities to help or the company would go bankrupt. This attack was still being talked about when 3 more e-security disasters occurred. In July 2006, Virus Rontokbro spread widely in Vietnam, and VDCs website was attacked. At the same time, another DDoS attack was directed toward Nhan Hoa Hosting Company. Though the culprits of the two DDoS attacks were quickly discovered and caught, in September 2006, PeaceSofts e-commerce website chodientu.com became the victim of another DDos attack. The painful indication of these 2006 attacks is that there seems to be a trend of e-commerce businesses themselves using e-space to launch DDoS attacks or hack websites of their rivals. This conclusion was reached by many victims. Mr. Nguyen Hoa Binh (Director of PeaceSofts chodientu.com), Mr. Phung Minh Bao (VietCo JSC) and Mr. Vu Trung (Director of Nhan Hoa) all said that somebody must be playing foul. According to VNCERTs report titled "Increasing Co-operation in Preventing E-Commerce Crimes which was read at the November 9 conference, the most popular unhealthy competition method among Vietnamese e-commerce businesses was to "hire hackers to destroy rivals operations. A cloudy future VNCERT warned of 5 common e-commerce crimes: 1 International swindling through emails (phising); 2 Falsifying, transacting and laundering money through credit cards; 3 Developing bot networks to refuse services, send spam emails and pops-up; 4 Attacking e-commerce systems for business and competition reasons; 5 Sending spam emails to Vietnams e-space on a large scale. Looking ahead to what will be awaiting e-security in 2007, many worry about the prospect of the large-scale online destruction and mushrooming of botnets developed by Vietnamese hackers for commercial reasons. One has heard about international botnets set up for unhealthy business reasons. These botnets are chiefly engaged in such activities as sending spam emails on a large scale, phising, stealing information, refusing services or laundering money. In the near future, Vietnamese hackers may catch up with foreign ones in setting up their own ingeniously destructive networks. Vietnam used to be one of the 10 countries listed as having the greatest amounts of spam emails in the world. Yet, of the spam mails sent from Vietnam, few of them were in Vietnamese. Most of the mails must thus have been sent from zoobie computers of botnets under foreign management. Rumors about the development of Vietnamese botnets circulated. But these nets were merely small and scattered experiments. In the future, though, nothing will prevent them from growing into big and organised systems. There has been no lack of signs of their finding fertile ground in the Vietnamese online market. Firstly, hackers have successfully taken advantage of users negligence as in the case of the recent YM virus epidemic. The high software copyright violation rate in Vietnam may also increase code protection threats. Secondly, many good and bad IT trends have had the habit of appearing in Vietnam one or two years after their debuts elsewhere. The same thing may be applied to botnets. Thirdly, the WTO era has given birth to many IT and e-commerce businesses which have a great demand for advertisement. The lax incomplete IT and e-commerce regulations in Vietnam may tempt these companies to resort to spam emails as a cheap advertisement method. Botnets will be developed to meet the increasing demand for large-scale spam mailings. Prepared for Attacks In 2006, e-citizens witnessed DDos attacks chiefly through Xflash. In 2007, they may be more surprised at the destructive capacity of DDoS attacks brought about by botnets. "DDoS through botnets, especially large-scale spam emails, is predictable. And were ready to face this challenge. Well have to attack it right from the moment itll first appear, said an official at VNCERTs office. At the end of January 2007, the Department of E-Commerce will hold a conference on spam email regulations, for which it has prepared for the past several months. It is now unclear how ISPs and responsible authorities will face the new e-security trend in e-commerce in 2007. But according to Mr. Hoang Ngoc Dieu, an expert on e-commerce solutions in Sydney (Australia), as well as the HVA forums administrator, 2007 will be the threshold year of Vietnamese e-commerce. On January 17 and 18, the Vietnam E-Business Forum Vebiz 2007 will take place at the Press Club in Hanoi. This event is sponsored by the Department of E-Commerce and IDG Corporation. The forums title will be "Changing business methods in the WTO era." E-security will be one of the hot topics to be discussed at the conference. Whether the world will consider the Vietnamese online market secure and promising depends in a large part on the 2007 picture of e-security in Vietnam. If e-security problems arent timely solved, e-commerce may become another trade barrier to Vietnams market. _____________________________ Subscribe to InfoSec News http://www.infosecnews.org/mailman/listinfo/isn
This archive was generated by hypermail 2.1.3 : Tue Jan 16 2007 - 22:37:00 PST