Network Security in Vietnam: Improper Attention

In Vietnam, the cyber world has gradually become a virtual society, implying lots of security risks. According to Department of Information Technology under the General Department of Technology of the Ministry of Public Security, commonly known as E15, numerous security vulnerabilities existed in Vietnam, with nearly 60 million computer infections and 461 website hacks, including 251 incidents international hackers in 2008. Besides, more than 40 cases involving hi-tech criminals caused a loss of VND30 trillion. According to the Bach Khoa Internetwork Security Centre (BKIS), virus strain soared five times higher than in 2007 while dozens of websites were attacked each month.

 

Mr Nguyen Tu Quang, Director of BKIS, said “After two silent years, IT crimes have come back. The specific instances include the attacks to PA Vietnam, Techcombank and DDos. Last year, the outbreak of virus was regarded as a remarkable concern in Vietnam as malicious code booms on daily basis. Apart from the proliferation of viruses, the applied technology for virus production and malware distribution has been growing rampantly. Virus coders have been engaging increasingly in fraud and black-money making.”

 

Mr Nguyen Viet The, Director of the Department of Information Technology under the General Department of Technology of the Ministry of Public Securi

According to McAfee, in 2008, companies worldwide lost about US$1 trillion due to intellectual property theft and Information System damages. Three main reasons for data leakage and system breach are: cost cutting caused by neglect of security system; growing attacks of hi-tech criminals and corporate insiders. McAfee forecasts that the tightening economic context will accelerate data theft incidents in 2009.

ty, said: hi-tech criminals in Vietnam had increased in both scale and severity. The targets of hi-tech criminals are not only database of financial companies, banks and emails but also information systems of State organs.

 

Mr Nguyen Anh Tuan, Director of Planning, Research and Development Division under the Information Technology of the Bank for Industry and Trade of Vietnam (Vietinbank), said: The core reason for the increase of hi-tech criminals in finance and banking sector was improper protection for greater numbers of online transactions. In another angle, the increase of online cheats in Vietnam and the world has the same reason: improper control and prevention.

 

Clearly, the target of hi-tech criminals in Vietnam is the money. Thus, the number of illegal accesses to websites and servers to steal personal information and credit card information used for international trading is soaring. Their targets are the database of the national information infrastructure, banks and big companies. They use phishing, trojan horses, spywares, key loggers and adwares to steal email, credit card information and personal information like name, address, telephone number and social security number. They even forge credit cards to withdraw cash from ATMs and colour cards to pay for other services and transfer money from stolen accounts to e-money accounts in e-gold and e-passport.

 

According to Tuan, institutional and individual users as well as news agencies are not fully and clearly aware of hi-tech criminals. In fact, most incidents were caused by low-rankings which use the hi-tech to proliferate and spread toxic behaviours quickly and easily.

 

According to surveys of VNCERT, based on international standards, jp to 40 per cent of respondents had no firewall, 70 per cent did not set up any security disaster recovery system, and 85 per cent of enterprises did not have any information security strategy.

 

Specialists thought that the deepening global economic recession will abet new attacks targeted at network systems and data of finance, banking and online payment institutions for illicit money taking. Amid recession, many companies will cut investment and staff and to launch more advertisement programmes on the internet environment. According to many specialists, the development of e-commerce will become a new target of technological crimes.

 

Despite mounting concerns over the increasing presence of viruses, Mr Quang of BKIS is confident that the situation will be better if China enact its amended Criminal Code soon. Accordingly, virus proliferation to steal information or illegal access to computers in the world’s most populous nation will face very strict punishments. Then, the number of global viruses is expected to drop dramatically as a large majority of dangerous codes are now originated from China.

 

Experts forecast that attacks and hacks are likely to decline because violations have been strictly punished. The trend will be clearer after the amended Criminal Code will be ratified by the National Assembly in early 2010. Provisions involving hi-tech crime have been collaboratively compiled, amended and supplemented by the Ministry of Justice and the Ministry of Public Security. Expectedly, definitions of violating behaviours like service refusing attack, virus dissemination, cheating and online attack are very detailed. The highest penalty is 12 years in jail. This is the legal corridor to treat violations of hackers in Vietnam.

 

Computer virus leaves the most direct impact on and enormous damage to users. Thus, it needs special priority. Comprehensive computer virus prevention solutions on the market are ready for enterprises. The matter is the enterprises need to be familiar with using copyrighted antivirus software and technical support from producers. Virus killing is then very simple.

 

To ensure corporate network security, administrators must have security designs for both software and hardware. In operation, patch update and network hole checking must be regular activities. However, to apply a comprehensive corporate security solution, according to Mr Quang, users should adopt ISO 27001 certification standard. The ISO 27001 is an information security management system (ISMS) standard published in October 2005 by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). The principle of ISO 27001 is to determine the organization's risk exposure/profile, and identify the best route to address this. The document produced will be the basis for the next stage, which will be the management of those risks.

 

Mr The also asserted that the network and data security is of a special concern. He said organisations and companies should consider proper investment for this matter in spite of trimming costs. At the national level, it is essential to form an organisation responsible for conducting researches and push forward technical proposals to deal with bad behaviours on the internet, he noted. Such an organisation should have the presence of responsible ministries like the Ministry of Information and Communication, the Ministry of Public Security, the Ministry of National Defence and other bodies.