Businesses warned over Internet security

Updated: 2012-03-05 09:07

By Gao Yuan (China Daily)

Comments()

Mail

Large Medium Small

BEIJING - When 32-year-old public relations specialist Wang Ning heard that China Software Developer Network, the country's largest programmers' website, had 6 million pieces of its users' personal information stolen days before the end of last year, he decided to change the passwords of all his accounts on the Internet.

"I have to do something to protect my private information because I have put so much personal information online," he said.

However, Internet security experts say changing passwords alone does not guarantee the safety of users' data. They say Internet companies should invest more into keeping users' data safe.

According to an annual report released by Beijing Rising Information Technology Co Ltd, the country's leading Internet security company, nearly 200,000 websites in the nation were hacked last year.

"Our conservative estimation is that at least 10 security breaches can be found on three quarters of the websites whose daily page views exceed 10,000," said Liu Siyu, director of the security research team at Rising.

"That means almost every website in China can be attacked by hackers," he added.

Many Chinese companies' websites have been attacked. More than 50 percent of the hacking was conducted by viruses or Trojan horse programs, said a recent Rising report.

Another Bejing-based Internet security provider, Qihoo 360 Technology Co Ltd, reported last month that more than half of Chinese websites have gaps in their security and as many as 36 percent carry "high-risk vulnerabilities".

Chinese enterprises are vulnerable to hackers because they have failed to take precautions when setting up their websites in the first place, according to Liu. "Most executives in China hesitate to invest in security departments because they do not generate profits for the company."

But this reluctance could leave open a backdoor that rivals with harmful intent could exploit.

In February, an online dating website owner surnamed Le was accused of unfair competition after he allegedly hired hackers to attack baihe.com, China's first dating website, Beijing Times reported.

The attacks caused intermittent paralysis to baihe.com for a month.

"The increasingly vicious competition between Chinese enterprises is turning China's mystery hacker circus into a fresh battle ground," said Liu.

Beijing policemen uncovered more than 2,600 hacking cases in 2011, according to the Rising report.

Experts warned that users' hotel-booking accounts, social networking and online purchasing websites are most at risk of attacks. "These websites usually contain large quantities of personal information including itineraries, contact lists, phone numbers and purchasing habits," said Liu.

"Such information is valuable to many interest groups such as business rivals, salesmen and even swindlers," he added.

However, the most inviting yet poorly-guarded targets for hackers are the websites of education institutions, governments and online games, the report said. More than one third of Trojan attacks were targeted at education institutions.

In addition, the report also found that at least 65 percent of the attacks came from overseas Internet protocol addresses, with the United States, South Korea and Japan being the major sources.

As much as 22 percent of attacks on the country's facilities with relatively high security - such as data centers, terminal controls and automatic industrial control systems - came from the United States.

But Liu pointed out that a large number of hackers in China are using proxy servers to conceal their actual IP address, an action that may disguise the source of the attacks or suggest it came from another country.