A Haven For Hackers - Brief Article - Statistical Data Included

Business Asia, July, 2000 by Rene A. Mallari

Pirate software and lax regulations are fuelling Asia's e-virus industry. RENE A. MALLARI reports from Manila

IT WAS MONDAY, April 26, 1999 -- the 13th anniversary of the Chernobyl nuclear disaster. A computer virus was programmed to strike. And strike it did.

The virus, known as CIH, wreaked havoc in several parts of Asia and the Middle East -- crashing more than a million computers by reformatting hard drives and, in some cases, zapping a key chip on the computers' motherboards.

South Korea was the hardest hit as hundreds of government and public organisations, private companies and universities suffered at least US$60 million in damage. About 300,000 computers were affected, according to a report from anti-virus company Symantec Corp.

In China, the government-run media said more than 100,000 computers had been damaged.

In India, 10,000 computer owners in India were similarly hit, causing millions of dollars of losses at banks and publishing houses.

Believed to have originated in Taiwan, the CIH slammed computers using Windows 95 and Windows 98 operating systems. A company unknowingly distributed software infected with the virus over the internet.

Twelve months on and Asia has been in the limelight again. This time, a more damaging virus has struck. The so-called "Love Bug" recently infected tens of millions of computers in a day, shutting down e-mail systems at major companies and penetrating the Pentagon, the Central Intelligence Agency and Britain's Parliament. The damage: US$10 billion in lost work hours.

If the CIH was merely a cold, the Love Bug was a flu. Its source: the Philippines.

It's no coincidence that Asia has been the epicentre of recent e-viral outbreaks. According to many experts, Asian companies are more vulnerable than their European counterparts.

Why? Network managers in the Asia-Pacific Region lack the experience and skill to stamp out an epidemic.

"We have been careless and lacked an understanding of this virus," said Ahn Byung Yop, vice-minister of information and communications in South Korea during a press call at the height of the CIH contagion. "We need to strengthen our alert system and public education on computer viruses."

The Melissa virus that swept North America served as a wake-up call among corporations in the United States, forcing them to update their software to guard against future infections.

But elsewhere, it wasn't taken seriously and anti-virus programs were used meagrely in the eastern part of the globe.

Computer users in Asia may also be at greater risk because they're more likely to use pirated software -- an ideal way for a virus to propagate.

The Asia-Pacific region is responsible for more software piracy than any other region in the world, according to Business Software Alliance.

Software bootlegging has accounted for more than US$17 billion in losses during the past five years. Countries with the highest piracy rates were Vietnam, China and Indonesia, while big dollar losses were felt in Japan and India.

Although some Asian countries have recently established laws that protect intellectual property, the enforcement of these laws has been rather disappointing.

The Centre for International Private Enterprise notes that in China the number of illegal copies of software has exceeded the number of legal copies in Japan.

In China, it is not uncommon to find a drafting program with a retail price of US$3750 being sold in a small shop for as low as US$25.

Perhaps most disturbing of all is the rising perception that Asia has become a haven of hackers and the favourite target of computer attacks.

Forget the threat that the Y2K bug posed to Asia Inc. Rather, all it will take is a group of adventurous, thrill-seeking, mostly young and smart individuals to hurt Asia's financial system.

The region's hackers aren't lagging behind. At Hong Kong University of Science and Technology (HKUST), for instance, undergraduates are able to break into test PC systems after being given two weeks to surf the internet to study hacking procedures.

The Hong Kong Productivity Council notes that security intrusions are already on the rise. Although only 13 cases were reported in Hong Kong in 1998, the number of reported illegal intrusions increased to 102 for the first seven months of 1999.

Malaysia is a problem, too. Almost one third of the more than 7000 Malaysian web sites in the my domain are easy prey for hackers, reports the Infinitum (S) Pte Ltd, an information technology security consultancy company. Most of these web sites are using versions of web servers that have security flaws that allow easy intrusion.

In Thailand, there have been some books written in Thai on the subject of hacking for the wannabes, written by, well, Thai hackers themselves.

In the book titled "Hacker Step 2001", the author talks about various topics such as IRC, ICQ, trojans and mailbombs.

There are several explanations of how to harass people electronically, although nothing of any technical brilliance.

Singapore is vulnerable, too. About 100 cases were reported to the Singapore Computer Emergency Response Team on viruses, hoaxes, illegal scans, intrusions and other attacks on computers up until December last year. This was up from 70 cases found during the past two years.