Friday, January 11, 2013

Did you hack a Cambodian government website today yet?

Two more Cambodia govt sites hacked and defaced

By Ellyne Phneah | January 10, 2013
ZDNet

The Web sites of Cambodia's National Military Police and the Supreme Court had been breached by different hacker groups on Tuesday, and industry watchers note government sites in the country are vulnerable to hacks due to their poor security.

According to The Cambodia Daily on Thursday, visitors to the Web site of the country's National Military Police on Tuesday morning had been greeted by a picture of a masked man wearing a red cape. Above his head, there was a word printed in capitals: "Hacked".

Similarly, users surfing the Web site of country's Supreme Court had been greeted by a message in the top left hand corner, "hacked by Hmei7". This is the signature of an Indonesian hacker, who claimed to have attacked 70,000 Web sites worldwide.

Both Web sites were restored by midday.


Sok Huot, the webmaster of the National Military Police Web site, told the Cambodia news site the cyberattack was carried out by a hacker who had taken advantage of the site's four-year-old software. "We have updated the system to a new software so it is fine now," he said, adding no data had been stolen.

Poor security makes government sites hackers' haven

Phu Leewood, board member and former secretary-general of the government's National Information Communications Technology Development Authority, noted while the government is realizing the importance of this issue, they do not have the skills and education in this area. Improving the security of government Web sites will "take time", he said.

Since 2010, each ministry is responsible for its own online security and every Web site has its own server, most of which have no firewalls, because government employees do not know how to use it Leewood explained.

He added that previously, after the government's first recorded cyberattack in 2002, all Web sites were hosted from the same server with a frequently updated firewall, but the Web sites were now on different servers without firewalls. However, Leewood was unsure why the decision was made to give each government-run Web sites more autonomy.

Another industry watcher, Nobert Klein, an expert on the development of the Internet in Cambodia, also noted once a hacker managed to get into a secure system, it is not difficult for them to get into another one. "If you manage this once, you can use the same method to get into a similar system," Klein said.

Bernard Alphonso, an independent Cambodia-based cybersecurity consultant, also observed many cyberattacks go unnoticed in the country.

“We will have to put up with a more and more dangerous Internet. Web hacking is just the tip of the iceberg,” he said. “Malicious hackers hack tens of thousands of websites across the world every year.”

In 2012, hackers have managed to breach the Web sites of the country's National Police, Ministry of Agriculture, Ministry of Industry, Mines and Energy, and the Ministry of Women's Affairs, the report noted.

Hacktivist group Anonymous also breached Cambodia's Ministry of Foreign Affairs and stole 5,000 documents which included people's passport information and visa requests from the hard drives. They claimed it was revenge for the arrest and deportation of Gottfrid Svartholm Warg, co-founder of file sharing Web site, The Pirate Bay.

No comments: