[ISN] China to improve Internet safety

InfoSec News isn at c4i.org
Tue Apr 5 01:04:00 EDT 2005



China is expected to pass a new set of rules and regulations to
gradually establish an Internet emergency control mechanism this year
in a fresh effort to curb soaring Internet hacks and attacks that have
seriously threatened the safety of public and private information,
Friday's China Youth Daily reported.

"China should increase cooperation between different departments and
arouse the entire society so as to form an Internet emergency control
mechanism that is agile, sensitive and effective," said an official
with the Ministry of Information Industry, for whom the paper gave no

He said the mechanism should serve to ensure all Internet-related
safety incidents are detected in time, and analyzed and responded to

Soaring Internet incident reports have alarmed both the Chinese
government and companies.

In 2004, the National Computer Network Emergency Response Technical
Team/Coordination Center (CNCERT), a key body responsible for
collecting domestic Internet incidents, received a total of 64,686
incident reports, nearly five times that of the previous year.

Among all the reports, 45.91 percent were about web page modifications
and the rest junk mails or viruses including 'the worm' and the
'Trojan horses' that have troubled Chinese netizens for years.

Statistics from the center also found government websites turn out to
be the easiest targets for attackers.

"Today's Internet virus is far more contagious than those in nature,"  
said the center. "The government should add more helpful rules to its
current legal system so as to form a more favorable legal

The paper acknowledged that the use of visa accounts, user names,
passwords and social welfare numbers has become a favorite measure of
attackers to steal money.

Many websites of domestic financial institutions, including the Bank
of China, have been mimiced, according to early reports by local

In 2004, CNCERT received 223 reports of mimicing, in sharp contrast to
only one case in 2002 and 2003. The victims were mainly financial and
electronic websites.

As e-commerce, online payment services and bank business become more
popular, so do the impersonations, it said.

"It's simply a monster from science fictions. It can not only
reproduce and spread itself but also produce offspring that are
totally different in types," said Cai Jun, a Chinese anti-virus
expert, describing a newly appeared "I-Worm.Jeans.a" worm which is
believed to be one created by "29A", a notorious virus maker.

The virus' features change frequently and automatically after
infecting a computer, he said, noting that that characteristic makes
the virus hard to delete.

According to an Internet safety report by Symantec, a transnational
that provides anti-virus solutions, of all the 50 top new computer
threats it detected in 2004, 27 virus are used to steal clients'
personal information. In 2003, the number was 18.

"Theft of individuals' identification information such as bank account
password and credit card number is quite likely to become more rampant
in 2005," predicted Symantec.

Like those in Western countries, both Chinese authorities and
companies which have now fully realized the damage that can be caused
by Internet crimes are carrying out campaigns against them.

According to statistics, Internet-related counterfeit and fraud led to
global losses of about US$32.2 billion in 2003.

More information about the ISN mailing list