China hackers target Vietnamese state officials, offices

TN News

Email Print

A print screen depicting the result of police's investigation which showed that the email sent to Colonel Tran Van Hoa on March 5 was placed in a Yahoo server from a computer with the IP address 118.145.2.250 based in Beijing 

Set a thief to catch a thief, says a well-known proverb.

What about setting a thief to catch the cop who's supposed to catch the thief?

Possible, says Colonel Tran Van Hoa, deputy director of the Ministry of Public Security's police department in charge of tackling hi-tech crime.

He was the target of such an exercise, Hoa told a security conference held in Hanoi this week.

On March 5, Hoa received an email from an official with the Ministry of Science and Technology. The email has an attached file in Vietnamese, roughly translated as an "official document asking for the verification of résumé."

At the end of the email, there was full information including the mobile phone number of the sender.

Hoa was suspicious, and contacted the sender, but was told the email address had its password stolen a long time ago, and the official no longer uses the email address. The official also said he did not know Hoa.

Police then found that the email had been sent to Yahoo's server from a computer with the IP address 118.145.2.250 based in Beijing and the Internet services provider was Beijing Hua Si Wei Tai Ke Technology Co. Ltd.

They also found that the attached file was a backdoor virus which can issue commands to the server computer ctymailinh.vicp.cc (with the IP address 182.242.233.53 located in Kunming, Yunnan, China, with the Internet service provider being Chinanet Yunnan Province Network) and download software from this server.

Hoa said the kind of message he received was a very sophisticated way used by hackers to send viruses to targeted victims.

At first, the files, which seem to be normal, would be saved like any other normal application but later, when they come in contact with the required information, they would change to a backdoor virus.

If they are not detected, after a point, the viruses will serve as a remote system which allows information transmission.

Hoa said a similar case has been detected by his department recently, with the hacker targeting high-ranking officials in state offices.

In this case, after the hacker sent a virus via an email, the virus continued to install four types of spyware, including keylogging, to steal the recipient's information.

With the keylogging, the information was sent to a website named www.expressvn.org (registered in China). The second spyware sent the info to www.dinhk.net (registered in China) and www.fushing.org (registered in Taiwan).

The third spyware was tasked with stealing the email's password and the fourth to collect data and send to the websites www.zdungk.com and www.phung123.com, which were registered in China by Beijing-based Yang Fei at the email address chienld78@yahoo.com.

Police said many emails had been sent from this email address with the aim of sending viruses to steal information about Vietnamese state officials.

Hoa said hacktivist group Anonymous has put a lot of important and sensitive information about Vietnam's ministries and agencies on the Internet, but the information was not actually "stolen" in Vietnam by the group.

In fact, Anonymous took the information from a server computer in Beijing, he said.

Malware alert

Ngo Viet Khoi, the director in Vietnam and Cambodia of Trend Micro - a global leader in Internet content security software and cloud computing security, said such intentional attacks on certain individuals to steal information about the latter were increasing.

There are usually governments behind these attacks, he said.

Khoi warned that hackers have many ways to steal data from the computer of any ministry leader who is not online. For instance, the hacker can attack the computer of his assistant or secretary by sending links containing viruses via social networks or forums that the subordinates join.

The viruses will automatically send emails to the boss from the assistant's email address in order to install malware into the former's computer, he said. The malware will help the hacker have a general view of the ministry's computing system and steal the information needed.

"What is dangerous is that most of the malware can avoid anti-virus and security software available on the market.

"Statistics show 70 percent of viruses sent via emails hide in Word or Excel files that do not arouse suspicion among the victims," he said.

Nguyen Minh Duc, director of Bkav Corporation's Internet Security Division, said no estimate has been made of how many computers in Vietnam have been installed with such malware.

According to Bkav, in 2012, up to 2,203 websites of Vietnamese agencies and businesses fell prey to hackers, as many as in 2011.

A 2012 report by the Vietnam Information Security Association said Vietnam is among top five countries in the world in terms of Internet users, but also ranked 15th in terms of attracting malware, 10th in spam and 15th in zombie a term used in computer science referring to a computer connected to the Internet that has been compromised by a hacker, computer virus or trojan horse and can be used to perform malicious tasks of one sort or another under remote direction.

The report said up to 78 percent of websites belonging to government agencies are vulnerable to hacking.

Like us on Facebook and scroll down to share your comment

More Society News