Wednesday 20 January 2010

ChinaDaily News: Hackers harass government sites

Hackers harass government sites

(Li Xinzhu)
Updated: 2010-01-21 10:04

SHANGHAI: Government websites have seen a dramatic spike in hacking attacks, a report by the Ministry of Industry and Information Technology shows.

At least 178 government websites had their content modified by hackers between Jan 4 and Jan 10, five times more than the previous week, the ministry said on its website.

The number of other domestic websites having content altered by hackers rose 30 percent during the same period.

The report was compiled by the National Computer Network Emergency Response Technical Team, which warned of the "serious situation".

An insecure Internet environment could bring enormous risk to the online community, and website maintenance should be carried out frequently, said Shi Xiaohong, an engineer with Qihu360 security center, a popular domestic network security company.

The website of the Center of Agri-food Quality & Safety was attacked on Jan 3 when an advertisement was inserted, Qihu360 reported on its website.

An employee of the website who did not want to be named confirmed the attack, and told China Daily they were not sure when they were hacked.

"Our website server is already out of date, that's why we are upgrading it and we assume that the hacking happened at the same time," the employee said.

"We cleared the malicious plug-in immediately after we discovered it."

Compared with commercial websites, government portals often do not have enough security capacity to protect themselves from the attack, said Shi.

"Security checks as well as maintenance of government websites are not carried out in time in most cases, and they often do not install the latest patches immediately after system bugs have been discovered" Shi added.

"Many small government websites were constructed by external Web design companies and many of these don't carry out any maintenance afterwards. Hackers don't have to attack the government's server but they can use bugs in the system to hack into the websites."

IT giant Microsoft also released a security advisory on its website on Jan 14, claiming that there is a bug called 0day for its Internet Explorer users and attacks utilizing this bug have already spread online.

Network experts have advised users to install the latest patches to avoid possible attacks.

Sent from my iPhone

Posted via email from Dedric's posterous

No comments: