e-magazine
The Hot Zone
China's newly announced air defense identification zone over the East China Sea aims to shore up national security
Current Issue
· Table of Contents
· Editor's Desk
· Previous Issues
· Subscribe to Mag
Subscribe Now >>
Expert's View
World
Nation
Business
Finance
Market Watch
Legal-Ease
North American Report
Forum
Government Documents
Expat's Eye
Health
Science/Technology
Lifestyle
Books
Movies
Backgrounders
Special
Photo Gallery
Blogs
Reader's Service
Learning with
'Beijing Review'
E-mail us
RSS Feeds
PDF Edition
Web-magazine
Reader's Letters
Make Beijing Review your homepage
Hot Links

cheap eyeglasses
Market Avenue
eBeijing
Nation
Print Edition> Nation
UPDATED: January 19, 2012 NO. 4 JANUARY 26, 2012
Plugging an Information Leak
China's Web security comes under fire after a massive security breach
Share

Wang Lianjun, manager of a real estate website based in Suzhou, Jiangsu Province, stared at his computer screen in disbelief. Neatly listed on a download manager website was his personal information—usernames, passwords, e-mail addresses and other aspects of his online and offline life posted for the world's billions of Internet users to see.

Early on December 21, 2011, the Chinese Software Developer Net (CSDN), the country's largest online community for computer programmers, was hacked and the information of 6 million users leaked. Wang was a registered user of CSDN.

The CSDN breach was the first of a wave of Internet information leaks caused by irresponsible websites and a lack of laws to protect users and hold the negligent parties accountable to sweep the country.

Within days, information leaks escalated, with millions of subscribers to several popular social networking and gaming websites seeing their information posted online.

A glitch in the official website of the Division of Exit and Entry Administration of Public Security of Guangdong Province was reported on December 29 by Wooyun.org, an online software loophole reporting platform. The personal information of some 4 million users, including their names, telephone numbers and dates of birth, was available to anyone visiting the administration's website, according to the Shenzhen Evening News.

"The main reason for the leak is insufficient protection the websites have provided," said Jiang Qiping, Secretary General of the Information Research Center under the Chinese Academy of Social Sciences.

In the first half of 2011, 217 million Chinese Internet users, or 44.7 percent of the country's total online population, were attacked by malware, including viruses or Trojan horses, and 121 million had their accounts or passwords stolen, according to the China Internet Networks Information Center.

China has the world's largest online population: roughly 500 million users. It is also one of the biggest victims of Internet attacks in the world and has faced serious network security problems in recent years, said Du Yuejin, Director of the National Network Information Institute for Security Technology.

"While the country's Internet industry soars, its security has fallen to the wayside," Du said. "If we don't enhance security, we're going to see a lot more leaks in the future."

Security neglected

A factor of the severity of the data leaks is that much of the users' information in the companies' databases was stored as unencrypted plain text.

Plain text is the contents of an ordinary sequential file readable as unformatted text. It can be opened, read and edited with almost any text editor.

Jiang Tao, President of CSDN, admitted that old passwords in a backup file were saved in plain text until 2009, when they started to encrypt all users' information.

A similar incident happened at Tianya.net, one of the country's largest Internet forums. The information of more than 40 million forum users became available for downloading on the Internet, according to Wooyun.org.

"Tianya.cn used plain text passwords in the early days," Tianya.cn said on its micro-blog page. "The stolen data were the back-up data before 2009. We adopted an encryption algorithm to tackle the security issues in 2010."

Plain text is the least secured way to save data. Once the website was hacked, users' information was easily accessed, said Wang Huabin, an independent Internet analyst in Guangzhou, Guangdong Province.

According to Wang, recent years have seen a dramatic increase in hacking enterprises' core data.

"User data can be sold to advertisers. And since hackers have improved their skills on getting this information, websites need to be more prepared to protect their users' information," Wang said.

The information of 10 million users could be worth 10 million yuan ($1.57 million) in China, so the hackers spared no efforts to steal it, said Wang.

Aside from encrypting information, websites should also require users to change their passwords every few months, said Zhou Yonglin, Director of Operating Department of the National Computer Network Emergency Response Technical Team/Coordination Center of China.

"Users should enhance the protection of their personal information by not providing too much real information in online registrations and creating difficult passwords that will be hard for hackers to crack," Zhou said.

Insufficient measures

Even though the information leak only happened on a few popular websites, the fact is that Chinese websites are grossly ineffective at protecting their users' information.

Shi Xiaohong, Vice President of Qihoo 360 Technology, a security software maker, said that 83 percent of Chinese websites had security loopholes and about one third were vulnerable to attacks.

1   2   Next  



 
Top Story
The Hot Zone
-Protecting Ocean Rights
-Partners in Defense
-Fighting HIV+'s Stigma
-HIV: Privacy VS. Protection
-Setting the Tone
Most Popular
 
About BEIJINGREVIEW | About beijingreview.com | Rss Feeds | Contact us | Advertising | Subscribe & Service | Make Beijing Review your homepage
Copyright Beijing Review All right reserved