[ISN] 2006: E-security in Vietnam shaken by crimes

From: InfoSec News (alerts@private)
Date: Tue Jan 16 2007 - 22:32:17 PST


VietNamNet Bridge 

In 2006, a series of online attacks were directed toward e-commerce 
businesses, shattering the young online market in Vietnam.

"A dark corner in e-security in Vietnam" was a comment agreed upon by 
many who attended the conference on violations and crimes in e-commerce 
organised by the Department of E-Commerce (Ministry of Trade) on 
November 9, 2006.

According to VNCERT (the Vietnam Computer Emergency Respond Team at the 
Ministry of Post and Telecommunications), a series of 2006 online 
attacks seriously threatened e-commerce in Vietnam.

Unhealthy competition

The most notorious incident happened in March 2006 when the e-commerce 
website of Vietco JSC suffered a severe DDoS attack. All online services 
were delayed for a whole month. Things were so bad that Vietcos 
director, Mr. Phung Minh Bao, had to publicise the incident on 
VietNamNet and ask legal authorities to help or the company would go 

This attack was still being talked about when 3 more e-security 
disasters occurred. In July 2006, Virus Rontokbro spread widely in 
Vietnam, and VDCs website was attacked. At the same time, another DDoS 
attack was directed toward Nhan Hoa Hosting Company.

Though the culprits of the two DDoS attacks were quickly discovered and 
caught, in September 2006, PeaceSofts e-commerce website chodientu.com 
became the victim of another DDos attack.

The painful indication of these 2006 attacks is that there seems to be a 
trend of e-commerce businesses themselves using e-space to launch DDoS 
attacks or hack websites of their rivals.

This conclusion was reached by many victims. Mr. Nguyen Hoa Binh 
(Director of PeaceSofts chodientu.com), Mr. Phung Minh Bao (VietCo JSC) 
and Mr. Vu Trung (Director of Nhan Hoa) all said that somebody must be 
playing foul.

According to VNCERTs report titled "Increasing Co-operation in 
Preventing E-Commerce Crimes which was read at the November 9 
conference, the most popular unhealthy competition method among 
Vietnamese e-commerce businesses was to "hire hackers to destroy rivals 

A cloudy future

VNCERT warned of 5 common e-commerce crimes: 1 International swindling 
through emails (phising); 2 Falsifying, transacting and laundering money 
through credit cards; 3 Developing bot networks to refuse services, send 
spam emails and pops-up; 4 Attacking e-commerce systems for business and 
competition reasons; 5 Sending spam emails to Vietnams e-space on a 
large scale.

Looking ahead to what will be awaiting e-security in 2007, many worry 
about the prospect of the large-scale online destruction and mushrooming 
of botnets developed by Vietnamese hackers for commercial reasons.

One has heard about international botnets set up for unhealthy business 
reasons. These botnets are chiefly engaged in such activities as sending 
spam emails on a large scale, phising, stealing information, refusing 
services or laundering money. In the near future, Vietnamese hackers may 
catch up with foreign ones in setting up their own ingeniously 
destructive networks.

Vietnam used to be one of the 10 countries listed as having the greatest 
amounts of spam emails in the world. Yet, of the spam mails sent from 
Vietnam, few of them were in Vietnamese. Most of the mails must thus 
have been sent from zoobie computers of botnets under foreign 

Rumors about the development of Vietnamese botnets circulated. But these 
nets were merely small and scattered experiments. In the future, though, 
nothing will prevent them from growing into big and organised systems. 
There has been no lack of signs of their finding fertile ground in the 
Vietnamese online market.

Firstly, hackers have successfully taken advantage of users negligence 
as in the case of the recent YM virus epidemic. The high software 
copyright violation rate in Vietnam may also increase code protection 
threats. Secondly, many good and bad IT trends have had the habit of 
appearing in Vietnam one or two years after their debuts elsewhere. The 
same thing may be applied to botnets. Thirdly, the WTO era has given 
birth to many IT and e-commerce businesses which have a great demand for 
advertisement. The lax incomplete IT and e-commerce regulations in 
Vietnam may tempt these companies to resort to spam emails as a cheap 
advertisement method. Botnets will be developed to meet the increasing 
demand for large-scale spam mailings.

Prepared for Attacks

In 2006, e-citizens witnessed DDos attacks chiefly through Xflash. In 
2007, they may be more surprised at the destructive capacity of DDoS 
attacks brought about by botnets.

"DDoS through botnets, especially large-scale spam emails, is 
predictable. And were ready to face this challenge. Well have to attack 
it right from the moment itll first appear, said an official at VNCERTs 

At the end of January 2007, the Department of E-Commerce will hold a 
conference on spam email regulations, for which it has prepared for the 
past several months.

It is now unclear how ISPs and responsible authorities will face the new 
e-security trend in e-commerce in 2007. But according to Mr. Hoang Ngoc 
Dieu, an expert on e-commerce solutions in Sydney (Australia), as well 
as the HVA forums administrator, 2007 will be the threshold year of 
Vietnamese e-commerce.

On January 17 and 18, the Vietnam E-Business Forum Vebiz 2007 will take 
place at the Press Club in Hanoi. This event is sponsored by the 
Department of E-Commerce and IDG Corporation. The forums title will be 
"Changing business methods in the WTO era." E-security will be one of 
the hot topics to be discussed at the conference.

Whether the world will consider the Vietnamese online market secure and 
promising depends in a large part on the 2007 picture of e-security in 
Vietnam. If e-security problems arent timely solved, e-commerce may 
become another trade barrier to Vietnams market.

Subscribe to InfoSec News

This archive was generated by hypermail 2.1.3 : Tue Jan 16 2007 - 22:37:00 PST