[ISN] Regulators Hack-proof Chinese Funds

From: InfoSec News (alerts@private)
Date: Tue Jun 17 2008 - 02:02:08 PDT


http://www.eeo.com.cn/ens/Industry/2008/06/17/103443.html

By By Zhang Yong, Shen Xing
Published: 2008-06-17

Cover story, issue 371 June 9 2008
Translated by Liu Peng, Zuo Maohong
Original article: [Chinese]

Site-wide blackouts, network intrusions, viruses, and other security 
breaches... it's been a busy several weeks for many Chinese fund 
companies who have had to demonstrate their resilience to these and 
other digital threats.

After a hacking incident this past March halted trading for one firm, , 
the China Security Regulatory Commission (CSRC) launched an assessment 
of the industry's IT defenses.

After completing the exercises and inspections, which began in April, 
the Commission has identified at least ten firms that have sub-par 
security.


A Surprise Attack

Investigators discovered that many firms had unstable, vulnerable 
networks, said a source involved. He gave the example of two companies 
in Beijing, which were easily hacked into due to their simple 
administrator's passwords.

Watchdogs were apparently dissatisfied. In a speech by a CSRC official 
on May 30, fund companies were criticized as having failed to attach the 
necessary importance to network security. The official also claimed that 
guidelines on information security management would be studied and 
issued by the Commission later.

In fact, the maneuver was just a part of the Commission's inspection 
work, which was started in late April by local securities regulatory 
bodies, according to a source from the CSRC. Data backup and separation 
of intranet and the external net were the main focus, he said. Local 
watchdogs would launch a second round of spot inspections later, the 
source added.

One fund company in Shenzhen had recently been busy preparing for the 
spot inspection. "There have been regular inspections before, but much 
less strict than this time," said a technical staffer of the company.


Upgraded Hacker Attacks

According to an official who wishes to remain anonymous, the inspection 
was triggered by a hacker attack to the trading system of a securities 
company in Beijing in early March. Though it didn't lead to significant 
losses, it aroused great concern from the CSRC.

The EO has learned that the attack disabled the trading system for at 
least half an hour. Transactions were thus interrupted and clients were 
forced to make trades by phone. Reportedly, some investors had appealed 
to the government, and the police had investigated the matter.

Actually, this wasn't the first case of its kind. According to the chief 
of the technical department of a CITIC Security Shanghai branch, 
securities firms had encountered network security problems early in 
2004, mainly in online transactions. The application of non-spot trade 
also brought potential risks, he added.

On May 15 2007, a virus named "Trojan/PSW.Soufan" invaded many 
investors' computers and revised their stock trading data.

In this case, said the above-mentioned source, it would usually be the 
investor who assumed responsibility. Before an online trade was made, 
the security trader would sign a contract with the client, warning of 
such potential risks and declaring no responsibility for them.

So far, the CSRC has not received any reports about serious internet 
invasion cases, a source close to the Commission told the EO. However, 
considering potential social impacts such cases could have and the 
sensitive period China is in, the CSRC ultimately decided to strengthen 
the information security system among fund companies and securities 
traders.

Wang Yu, Zhao Juan and Chen Zhe also contributed to this report.


_______________________________________________      
Attend Black Hat USA, August 2-7 in Las Vegas, 
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings 
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. http://www.blackhat.com



This archive was generated by hypermail 2.1.3 : Tue Jun 17 2008 - 02:09:57 PDT