IT engineer Wang Youhua has become "extremely
busy" these days, ever since reports of the hacking of some well-known
Chinese websites surfaced in mid-December. Some of the registered members of
these portals had their private information leaked.
"IT engineers in our
company feel under pressure after the information leakage," he told China
Daily on Thursday. "The leakage has not only put the netizens' privacy at
risk, but also undermined the credibility of many websites."
Wang, 29, an employee of a Web
portal who has been working in the IT industry for nearly four years, said he
had never seen such large-scale private information leakage.
Anti-virus company issues red alert
The Qihoo 360 Technology, an
anti-virus company that claimed to offer free Internet security services to
more than 300 million netizens, issued a red alert on Dec 22, saying that the
databases of many websites were hacked recently, causing the leakage of more
than 50 million Internet users' registered accounts and codes.
Chinese Software Develop Net
(CSDN), one of China's biggest online communities for IT programmers, admitted
being hacked on Dec 21, leaving about 6 million users' information leaked.
The Tianya.cn, one of China's
most popular online forums, was also reported to have been hacked, causing
exposure of information related to as many as 40 million users.
Ning Caishen, a renowned
screenwriter, complained on Sunday on his micro blog that his Tianya account
had been hacked. Many other micro blog writers expressed similar concerns on
the same day.
Tianya replied to China Daily
through an e-mail on Wednesday, admitting that the website was hacked but could
not give the figures related to the number of people affected.
"Hackers claimed to have
grabbed information about 40 million users, but so far our check shows the
actual number is smaller than that," said the e-mail.
The forum said it had reported
the case to the police, and the motives, methods and scales of the hacking case
were still under investigation.
Apart from Tianya and CSDN, the
Sina weibo, the most popular micro-blogging service, was also reported by many
of its users as having been hacked on Dec 23, which Sina did not confirm.
China Daily found lots of ads
appearing on many verified Sina micro blogs in mid-December, and some of them
later claimed to have been hacked. A China Daily reporter's micro blog was
abnormally logged in at many different locations, including Henan and Fujian
provinces, from Nov 30 to Dec 5, places where he had never been.
The Sina weibo on Wednesday
reminded its users to check the logging time and place to judge whether their
accounts were being accessed by hackers.
Sina refused to comment on the
issue when reached by China Daily on Wednesday.
Dangdang.com, one of China's
biggest e-commerce websites, issued a release on Thursday, admitting that some
of the company's data was hacked. The company refuted rumors that more than 12
million users' information was leaked, saying that the hacked information in
question was six months old, and those hacked users will not suffer a loss.
Alipay, an online payment tool
that boasts of more than 550 million registered users, declared on its Sina
micro blog on Thursday that all users should rest assured that none of them had
been leaked.
No netizens have reported
direct economic loss due to the information leakage as of late Thursday.
Leaked information goes on sale
Kang Lingyi, who used to be a
senior hacker and was now the editor-in-chief of a military fan website, said
that the leaked information was always found being sold on some hacker's
website.
"Usually, the private
information of several hundred thousand users will be sold as a package at the
price of 500 to 800 yuan (US$79 to 126)," Kang told China Daily.
The prices fluctuate depending
on the contents of the package. "Detailed information with the ID number,
the mobile phone number and the real name of netizens will be sold at a higher
price, while unclear information with only accounts and codes would cost much
less," he said.
The privacy trade on hackers'
websites is usually carried out between acquaintances for safety concerns,
according to Kang.
Buyers of the leaked
information classify the accounts according to their "commercial
value", Kang said. Some of the information could directly produce money
such as the online game accounts involving virtual money.
Most of the
"lower-level" information, comprising only the account, code and
e-mail addresses, are purchased by certain public relations companies that
would spread advertising information via the hacked micro blogs or send spams
through hacked e-mail.
Gong Wei, a veteran hacker who
identifies himself online as "Goodwill", said that each click toward
addresses included in the junk e-mail will bring the hackers 0.1 yuan income
from the advertising companies, according to a report on the IT channel of
Tencent.com.
It posed more threats to
netizens who used the same set of account and code on different websites.
Breaking into one of these websites would give the hacker access to their
accounts on other websites as well, according to an Internet security report
released by the Qihoo 360 Technology.
Users' online safety ignored
Internet companies were
unwilling to spend much on protecting the information on their websites, as
they did not have much to gain monetarily from these efforts, Kang said.
While website companies should
encrypt the private information of their members before saving them into the
database, many of them neglected to do so because of the huge expenses
entailed, thereby exposing themselves to the possibility of a massive leakage,
Kang said.
Hackers took advantage of the
fact that some website companies stored the users' information without
encrypting, making it easy for hackers to break into, Kaspersky, an anti-virus
company, told China Daily on Thursday through an e-mail.
Netizens should use different
e-mail addresses and codes to register on different websites to avoid being
hacked, suggested Kaspersky.
The mass leakage showed that
many websites ignored having to protect the privacy of their users, said Chen
Tao, a member of the Beijing Lawyers' Association.
"Existing laws and
regulations fail to specify how Internet companies responsible for information
leakage might be penalized," Chen said. "As a result, most of them
get away by issuing an apology without being fined or punished by
authorities."
The amendment to the Criminal
Law rules that hackers could face a penalty of up to five years in jail.
"The Criminal Law should
also impose the compulsory responsibilities of protecting information of their
users on Internet companies," Chen said.
Stricter rules are needed to
keep Internet companies from dereliction of duty, "especially when
real-name registration was required by some websites such as the Sina
weibo", Chen added.
To make things worse, some
small Internet companies even sold the information of their members to public
relations companies to make profits, Kang Lingyi, the former hacker, said.
"I always received text
messages from unidentified people who said they wanted to pay for the
information of our website's users, which I refused all the time," he
said.
By Thursday, none of the
Internet companies that were reported to have their users' information exposed
received any punishment from authorities.
The Ministry of Industry and
Information Technology issued a notice on Wednesday saying websites should
remind their users as soon as possible to avoid using the same account and code
in different websites, and that netizens should change their codes to avoid the
possibility of being hacked.
"Internet security is a
worldwide question for both the websites and the netizens," Kang said.
"Under the current situation, the only way for netizens to protect
themselves was to change their logging codes from time to time."
An Baijie
China Daily
Business & Investment Opportunities
YourVietnamExpert is a division of Saigon Business Corporation Pte Ltd, Incorporated in Singapore since 1994. As Your Business Companion, we propose a range of services in Consulting, Investment and Management, focusing three main economic sectors: International PR; Healthcare & Wellness;and Tourism & Hospitality. We also propose Higher Education, as a bridge between educational structures and industries, by supporting international programs. Sign up with twitter to get news updates with @SaigonBusinessC. Thanks.
No comments:
Post a Comment