VietNamNet Bridge – Of the websites hacked by Chinese, 120 have resumed their normal operation. However, 173 other websites have been warned that they have security holes making them vulnerable to hackers.

CMC Infosec, one of the biggest information technology groups in Vietnam, on Wednesday casually checked the 200 websites believed to have been hijacked by Chinese some days before and found that 120 have been restored.

However, this does not mean that the problems all have been totally fixed or that the websites have become absolutely secure. CMC Infosec said it is very likely that other security holes still exist which can be exploited by hackers. The firm has once again recommended that state agencies, organizations and businesses check their security systems and regularly perform back-ups of documents.

Tran Quang Chien from SecurityDaily has confirmed that security holes can be found in hundreds of important websites in Vietnam, holes through which Chinese hackers can penetrate the sites and hijack them.

SecurityDaily on Tuesday issued warnings to 83 websites run by government agencies and businesses. One day later, it sent warnings to 90 more websites. “SecurityDaily has contacted police agencies to convey warnings to the administrative bodies of the websites in danger,” Chien said.

By the morning of May 14, the number of Vietnamese websites hacked by Chinese had reached 300, much higher than the figure of 102 websites reported on May 9.

Experts have found that many websites were hacked by the same method, with the hackers defacing the sites in the same way, and leaving the same messages.

SecurityDaily further affirmed that Chinese hackers had focused on exploiting flaws relating to the use of FCKEditor, an open source text editor, and vulnerabilities in the WebDAV service. The hackers made use of web bots, which automatically scanned Vietnamese websites to find vulnerabilities, then exploited these holes to launch attacks.

“think Chinese hackers have decided to carry out quiet attacks,” Chien commented.

A representative of SecurityDaily said it has set up a team that will assist website administrators in plugging the holes on their sites, and do security assessments to help the community minimize the risks of being attacked.

It has also created a hot line number to provide  immediate support in case of emergency.

Inadequate investment in security solutions remains a big problem for Vietnamese websites. Nguyen Minh Duc, a senior executive of FPT Group, cited Zone-H as saying that in April alone, 351 websites with the top-level domain .vnwere attacked. This means that 12 websites were attacked every day and 1 website hacked every two hours.

Also according to Zone-H, 49 percent of the hacked websites had the singular top-level domain of .vn. The other 51 percent were sites with multiple top-level domains: .com.vn (30 percent), .edu.vn (14 percent),.gov.vn(5 percent) and.net.vn (2 percent).

Only 72 percent of the administrative bodies of the hacked websites realized that their websites had been attacked, while the other 28 percent did not, which means that they did not apply any solutions to prevent the hijacking.

Buu Dien