Government Websites Need To Implement Tighter Security Measures To Minimize Risks Of Online Attacks

By Author: EC-COUNCIL
Total Articles: 68
Comment this article

Hackers have been aggressively trying to bring down many government websites as well as constantly providing threats and risks to these websites. Recently, French Intelligence has managed to uncover a serious hack into an engine subsidiary of French aerospace and defence outfit Safran, a French conglomerate involved in defense, aerospace propulsion and equipment, and security.
The hack happened last year and targeted the networks of Safran subsidiary Turbomeca, which makes helicopter engines. The hack allegedly took place over the first eight months of 2010. French Intelligence believes that the hackers might have had help from company insiders. There was a Chinese link to the hack and investigators have arrested 10 people so far. Turbomeca happens to be a supplier to China, with one in two helicopters there equipped with one of its engines. It is also business partners with various Chinese companies including the helicopter-making divisions of China's Aviation Industry Corp, the state-owned aircraft maker.
The hackers appeared to have found a few interesting systems at Turbomeca. They also found documents that contain ...
... information about Safran payments and costs of various projects involving the company. China has often been accused of hacking into government computers. However, Chinese governments are also victims to hacking attacks. Two young men, who have only a junior high school education, received 18- and 12-month sentences for hacking into the website of the country's Supreme People's Procuratorate, the top agency for legal supervision, and more than a dozen other government websites.
Both men, named Fan and Wen, never studied computer programming. They learned that they could make money by putting links on the infected government websites through online chats. They learned basic programming skills from video courses and bought passwords to log into the hacked government websites through A5 and other forums. It is reported that from May 10 to 16 of last year, 81 government websites on the mainland were hacked and altered, including four ministry-level websites, according to the National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT/CC).
New Zealand’s government website was also hit by a distributed denial-of-service (DDoS) recently. The government believes the attack was a protest against new Internet censorship filters instituted in New Zealand in February. The substantiation for this claim seems conclusive. On Feb. 2, a YouTube video uploaded by NZAnonOps outlined the reasons behind the planned DDoS attack, denouncing Internet censorship as “one of the greatest atrocities to free speech and government transparency since the cold war.”
Experts, such as Zhu Quan, of the Computer Application Institute of China Nuclear Industry, said there were three main reasons why government websites always the hackers’ target. First, government websites usually enjoy high ranks on search engines and have a large number of page views, so hackers can get more zombie computers and offer more hits to the Web pages of their customers.
Second, some government websites are less advanced in security protection, vulnerable to cyber attacks and can be cracked easily. Hacking against the government websites is mainly to use the platform rather than stealing information, so some website administrators pay less attention to the security threat, with some website servers having no firewall installed.
Third, because some government websites offer services to check exam results and qualification certificate number verification, they become the targets of some people who want to modify, add or delete private information for illegal objectives by hiring hackers at a high price.
These report findings clearly points out that online attacks are very common these days. One proven way to mitigate information security risks is through technical security training that will enhance the skills proficiency of the cyber security workforce. EC-Council’s brand new TakeDownCon is a technical information security conference series that serves as a platform for IT security professionals to discuss and exchange views on the latest information security threats as well as remediation strategies. In addition to learning from some of the best security experts, TakeDownCon also offers highly sought after technical training courses, including the Certified Ethical Hacker (CEH) course, often touted as the world’s most comprehensive ethical hacking training program.
The CEH Program certifies individuals in the specific network security discipline of Ethical Hacking from a vendor-neutral perspective. The Certified Ethical Hacker certification will fortify the application knowledge of security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure. A Certified Ethical Hacker is a skilled professional who understands and knows how to look for the weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a malicious hacker.
ABOUT EC-COUNCIL
EC-Council is a member-based organization that certifies individuals in various e-business and security skills. It is the owner and developer of the world famous ethical hacking training, the Certified Ethical Hacker (CEH) course, Computer Hacking Forensics Investigator (CHFI) program, License Penetration Tester (LPT) program and various other technical security training programs offered in over 84 countries around the globe. TakeDownCon Dallas 2011, is one of the conferences of EC-Council’s Take Down information security conference series.