From: InfoSec News (alertsinfosecnews.org)
Date: Wed Jan 17 2007 - 00:32:17 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://english.vietnamnet.vn/biz/2007/01/654412/

16/01/2007
VietNamNet Bridge

In 2006, a series of online attacks were directed toward e-commerce
businesses, shattering the young online market in Vietnam.

"A dark corner in e-security in Vietnam" was a comment agreed upon by
many who attended the conference on violations and crimes in e-commerce
organised by the Department of E-Commerce (Ministry of Trade) on
November 9, 2006.

According to VNCERT (the Vietnam Computer Emergency Respond Team at the
Ministry of Post and Telecommunications), a series of 2006 online
attacks seriously threatened e-commerce in Vietnam.

Unhealthy competition

The most notorious incident happened in March 2006 when the e-commerce
website of Vietco JSC suffered a severe DDoS attack. All online services
were delayed for a whole month. Things were so bad that Vietcos
director, Mr. Phung Minh Bao, had to publicise the incident on
VietNamNet and ask legal authorities to help or the company would go
bankrupt.

This attack was still being talked about when 3 more e-security
disasters occurred. In July 2006, Virus Rontokbro spread widely in
Vietnam, and VDCs website was attacked. At the same time, another DDoS
attack was directed toward Nhan Hoa Hosting Company.

Though the culprits of the two DDoS attacks were quickly discovered and
caught, in September 2006, PeaceSofts e-commerce website chodientu.com
became the victim of another DDos attack.

The painful indication of these 2006 attacks is that there seems to be a
trend of e-commerce businesses themselves using e-space to launch DDoS
attacks or hack websites of their rivals.

This conclusion was reached by many victims. Mr. Nguyen Hoa Binh
(Director of PeaceSofts chodientu.com), Mr. Phung Minh Bao (VietCo JSC)
and Mr. Vu Trung (Director of Nhan Hoa) all said that somebody must be
playing foul.

According to VNCERTs report titled "Increasing Co-operation in
Preventing E-Commerce Crimes which was read at the November 9
conference, the most popular unhealthy competition method among
Vietnamese e-commerce businesses was to "hire hackers to destroy rivals
operations.

A cloudy future

VNCERT warned of 5 common e-commerce crimes: 1 International swindling
through emails (phising); 2 Falsifying, transacting and laundering money
through credit cards; 3 Developing bot networks to refuse services, send
spam emails and pops-up; 4 Attacking e-commerce systems for business and
competition reasons; 5 Sending spam emails to Vietnams e-space on a
large scale.

Looking ahead to what will be awaiting e-security in 2007, many worry
about the prospect of the large-scale online destruction and mushrooming
of botnets developed by Vietnamese hackers for commercial reasons.

One has heard about international botnets set up for unhealthy business
reasons. These botnets are chiefly engaged in such activities as sending
spam emails on a large scale, phising, stealing information, refusing
services or laundering money. In the near future, Vietnamese hackers may
catch up with foreign ones in setting up their own ingeniously
destructive networks.

Vietnam used to be one of the 10 countries listed as having the greatest
amounts of spam emails in the world. Yet, of the spam mails sent from
Vietnam, few of them were in Vietnamese. Most of the mails must thus
have been sent from zoobie computers of botnets under foreign
management.

Rumors about the development of Vietnamese botnets circulated. But these
nets were merely small and scattered experiments. In the future, though,
nothing will prevent them from growing into big and organised systems.
There has been no lack of signs of their finding fertile ground in the
Vietnamese online market.

Firstly, hackers have successfully taken advantage of users negligence
as in the case of the recent YM virus epidemic. The high software
copyright violation rate in Vietnam may also increase code protection
threats. Secondly, many good and bad IT trends have had the habit of
appearing in Vietnam one or two years after their debuts elsewhere. The
same thing may be applied to botnets. Thirdly, the WTO era has given
birth to many IT and e-commerce businesses which have a great demand for
advertisement. The lax incomplete IT and e-commerce regulations in
Vietnam may tempt these companies to resort to spam emails as a cheap
advertisement method. Botnets will be developed to meet the increasing
demand for large-scale spam mailings.

Prepared for Attacks

In 2006, e-citizens witnessed DDos attacks chiefly through Xflash. In
2007, they may be more surprised at the destructive capacity of DDoS
attacks brought about by botnets.

"DDoS through botnets, especially large-scale spam emails, is
predictable. And were ready to face this challenge. Well have to attack
it right from the moment itll first appear, said an official at VNCERTs
office.

At the end of January 2007, the Department of E-Commerce will hold a
conference on spam email regulations, for which it has prepared for the
past several months.

It is now unclear how ISPs and responsible authorities will face the new
e-security trend in e-commerce in 2007. But according to Mr. Hoang Ngoc
Dieu, an expert on e-commerce solutions in Sydney (Australia), as well
as the HVA forums administrator, 2007 will be the threshold year of
Vietnamese e-commerce.

On January 17 and 18, the Vietnam E-Business Forum Vebiz 2007 will take
place at the Press Club in Hanoi. This event is sponsored by the
Department of E-Commerce and IDG Corporation. The forums title will be
"Changing business methods in the WTO era." E-security will be one of
the hot topics to be discussed at the conference.

Whether the world will consider the Vietnamese online market secure and
promising depends in a large part on the 2007 picture of e-security in
Vietnam. If e-security problems arent timely solved, e-commerce may
become another trade barrier to Vietnams market.

_____________________________
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn
 

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]