In through the backdoor

By Cathy Wong Source:Global Times Published: 2014-9-27 17:53:01

Half of government websites riddled with loopholes, security flaws, say experts


An increasing number of government agencies are turning to online tools, such as websites and microblogging platforms, to improve their efficiencies.

Their widespread turn to the Web was noted in the 2014 United Nations E-Government Survey Report, where China jumped eight places to rank 70th on its E-Government Development Index - the country's first increase in a decade.  

The rise in ranking coincides with the surge in government websites and Weibo accounts in recent years. Currently, all 32 provincial governments on the Chinese mainland have official websites, while coverage for prefecture-level cities is 84.7 percent, according to the People' Daily.

However, the trend has also given rise to concerns over Web security, as over half of all government websites were recently found to be vulnerable to cyber attacks. 

Flaws in the system

A survey by the National Computer Virus Emergency Response Center revealed that 50.4 percent of the total 2,714 government websites surveyed in 2013 contained security flaws.

More than 21,000 security risks were discovered on government websites, with Trojan horses, phishing plug-ins and other-identity stealing malware among the most common, reported the Xinhua News Agency.

The survey also found many government websites to be poorly coded, leaving loopholes that easily compromise the site. Some websites do not possess even the most basic forms of protection, such as firewalls and anti-virus software.

"Government websites are more susceptible to cyber attacks than other websites," Yan Hanbing, a deputy director of operations at the National Computer Network Emergency Response Technical Team and Coordination Center, told the Global Times.

Yan cited a report by the center that claimed around 4.8 percent of all government websites had been infiltrated by hackers in some way during the first half of 2014 - over twice the overall average for Chinese websites.

As the government increases its presence on Weibo and WeChat, phishing scams and other forms of online fraud pose an increasing security threat, according to the report by National Computer Virus Emergency Response Center.

The plundering and manipulation of such widely-used mobile apps with phishing and viruses often yields more valuable contacts and other personal information than websites, experts say. 

Wide-reaching impact

Hackers have in the past successfully paralyzed or even altered information on government websites.

In one case last year, a local government website in Northeast China's Liaoning Province was shut down after its URL had been redirected to a pornographic website, Xinhua reported.

Also in 2013, a county-level government website in Anhui Province had gambling advertisements forcibly coded into the site.

"In this digital age, government websites have become an important platform for offering greater government transparency as well as public services," Zhu Lijia, director of Public Administration Studies at the Chinese Academy of Governance, told the Global Times.

Security vulnerabilities, according to Zhu, not only hurt the government's image and credibility, but also pose a threat to national security.

Yan, the security expert, echoed Zhu.

"There is not much important or sensitive information on the government's public website. But it is possible for hackers to break into the government's intranet through an external website if the two are connected," Yan argued.

Attacks from overseas hackers are on the rise, with a majority of them coming from the US. In 2013, 15,349 Chinese websites were attacked by 6215 computers in the US, while over 4 million computers in China were infiltrated by 8,807 US-made trojan horses and bots, the Economic Information Daily reported.

Edward Snowden, former National Security Agency subcontractor who made headlines in 2013 when he leaked top secret information about the NSA, revealed earlier that the US government hacked into Chinese mobile phone companies to collect text messages and spied on Tsinghua University. 

The National Computer Network Emergency Response Technical Team and Coordination Center also indicated that in the first half of 2014, nearly one-third of all backdoor attacks came from servers in the US.

Hackers from nations with which China has ongoing border disputes, such as the Philippines and Vietnam, tend to attack government websites more aggressively, according to Yan. 

The hackers often imbed slogans on the websites and encourage others to hack China's websites, said Yan. 

Closing loopholes

Cyber security has topped the central government's agenda with the establishment of the central Internet security and informatization group led by President Xi Jinping, who stressed that "national security is not guaranteed without cyber security."

Experts, however, have pointed out that local governments do not place much emphasis on cyber security, allowing hackers to continue to prey on unsecured sites.

"City level governments usually are not aware of these [security] problems, while it only takes a hacker with elementary skills to break into these websites," Jiang Tianfa, a professor of cyber security at the South-Central University for Nationalities in Wuhan, told the Global Times.

Yan echoed Jiang's view, adding that the inadequate government funding and support from trained technicians are also major reasons for the lack of widespread Web security.

"It is important for the government to raise awareness of cyber security, to regularly check on their systems and fix loopholes as soon as they can in order to avoid further damage," Yan suggested.


Posted in: Society

blog comments powered by Disqus