Cac hoat dong tan cong mang noi bat vao khoang giua
thang muoi hai nam 2006, nhung con so thong ke dang so ve hoat dong hacking tren
ung dung Web.
Cac cuoc tan cong gan day huong den UCLA va TJX Group da gay ra lan song chan
dong khien nhieu to chuc phai suy nghi lai ve co so ha tang bao mat va an ninh
mang cua minh. Bai bao nay nhan manh den noi dung cac hoat dong hacking noi bat
vao khoang giua thang muoi hai nam 2006, dong thoi cung cap nhieu con so thong
ke dang luu tam ve hoat dong hacking tren ung dung Web.
Tinh hinh hien nay
Co the ban cho rang thong tin luu tru cua minh da duoc an toan voi day du hang
rao bao ve, tuong lua ngan chan tu xa…. Nhung, den mot luc nao day ban se phai
giat minh boi co so du lieu chua thong tin nhay cam cua to chuc da bi sao chep,
gia mao hoac bi lam nhai. Va, co khi so du lieu quan trong ay van nam lan khuat
dau do, san sang duoc ban cho ke tra nao gia cao nhat. Don gian vi trong khi ban
dang ke cao goi ngu voi giac mo ngot ngao thi khoi ke van dang rinh mo, tung
buoc tim cach xam nhap vao he thong mot cach trai phep. Va nhu ban biet day, the
gioi IT van quen goi ho la hacker. Tuy tung muc dich ma co ca hacker mu trang (khong
vu loi) hay hacker mu den (chi tan cong nham muc dich xau), mu xam, mu nau (trung
gian). Hacker mu den bay gio khong don gian chi la pha hoai de lay danh tieng
cho oai ma da chuyen sang muc dich loi nhuan. Te hon, ben canh viec ban tin thu
tien, chung con ban ca cac su kien la nguyen nhan gay nen lo hong trong he thong
cho hacker khac, gian diep cong nghiep hoac ca nhung ten khung bo.
Nghe co ve con kha mo ho? Vay thi, truoc khi tro thanh “thien than cua quy mon
quan”, chung ta hay cung xem noi dung cu the cua van de la gi.
Su kien TJX Companies
He thong cac cong ty TJX, so huu boi T.J.Maxx, Marshalls, Winners, HomeGoods,
A.J. Wright, va hang loat cua hang cua Bob, hom 17 thang gieng nam nay dua ra
cong bo, thong tin chi tiet ve the no, the tin dung cua 40 trieu khach hang da
bi lay cap. Cung thoi gian do, Uy ban the tin dung lien bang My (SEFCU) cung dua
ra canh bao tuong tu: thong tin ca nhan cua 10 000 khach hang do ho quan ly da
bi xam nhap trong mot cuoc tan cong mang cua hacker.
Sau muoi ngan hang khac, nhu Citizen Union Savings Bank va Bank of America duong
nhu cung chiu chung so phan.
Ben Cammarata, chu tich hoi dong quan tri dong thoi la giam doc nhan su cua TJX
Companies khang dinh rang ho da khong nam duoc ban chat cua hoat dong hacking.
Hien ho dang yeu cau hai chuyen gia bao mat may tinh tien hanh kiem tra ti mi
van de. Canh bao duoc dua ra boi SEFCU co ve kha quan hon: “Mot ke lua dao
nao do co the nam duoc quyen truy cap thong tin the tin dung, the ghi no trong
mang thanh toan, gom ca he thong buon ban”.
Tap chi SC Magazine ghi nhan rang, hacker da su dung du lieu xam pham duoc de
mua ban hang hoa tu cac cua hang o mot so bang cua My, Hong Kong va Thuy Dien.
Co mot so gia thiet duoc dua ra ve hau qua sau cuoc tan cong, moi nhat la:
• Theo Website 3WCAX-TV, cuoc tan cong duoc cho la se lay di 1,5 trieu do la cua
nguoi tieu dung. Bai bao nay duoc phat hanh truoc khi cac vu kien tung bat dau
xuat hien.
• Brian Fraga, Standard-Times ghi nhan rang mot don kien TJX da duoc dua len Van
phong cong to quan (Boston) trong tuan nay. Con so tong thiet hai chua duoc cong
bo. Theo SC Magazine, ngay hom qua, mot bac si noi tru o Tay Virginia cung da
kien TJX ra toa doi boi thuong 5 trieu do la.
• Theo thong tin tu Boston Globe, U.S. Rep. Ed Markey, D-Mass, chu tich hoi dong
quan tri cua House Subcommittee, to chuc phat trien va cung ung cac dich vu vien
thong, Internet da yeu cau Uy ban Thuong mai lien bang My dieu tra ve vu tan
cong nay.
• Cach day may hom, Chinh phu Canada ra tuyen bo rang, ho dang tien hanh dieu
tra voi TJX va vu viec xam pham du lieu
• Co mot diem dang luu y la, vu tan cong co the duoc bat dau tu thang 5 nam
2006, nhung chi duoc phat hien vao thang 12 nam 2006 (va duoc cong bo rong rai
vao thang rieng nam 2007).
Cac truong dai hoc
 |
| Tinh hinh bat on cua cac website trong nuoc
hien nay (Anh: VNN) |
He thong cac truong dai hoc thuong rat phan tan va kho co the dam bao duoc muc
bao mat chat che. Them vao do co nhung he thong bo tri co so ha tang rat manh o
mot khoi van phong, nhung cac phong ban xung quanh lai het suc long leo, khien
toan bo he thong bi yeu.
Duoi day la mot so truong dai hoc o My moi bi tan cong qua cac lo hong ung dung
Web:
• Thang truoc, mot hacker da tham nhap vao co so du lieu lon cua Dai hoc
California, Los Angeles, chua thong tin ca nhan (so chung minh thu, ngay thang
nam sinh, dia chi nha, thong tin lien he) cua 800 000 nguoi. Day duoc danh gia
la vu xam nhap may tinh bat hop phap truong dai hoc o My toi te nhat tu truoc
den nay.
• Trong thang gieng, truong Dai hoc Arizona thong bao rang mot vu xam nhap bat
hop phap da dien ra hoi thang 11 va 12 nam ngoai, anh huong toi mot so dich vu.
So luong ban ghi du lieu bi xam pham chua duoc cong bo.
• Trong thang 12 nam 2006, truong Dai hoc Colorado, Boulder da trai qua mot vu
tan cong mang voi ket qua hang nghin ten, so chung thu nhan dan, ma the sinh
vien bi mat trom. Tong cong 17 500 thong tin du lieu bi danh cap.
• Truong Dai hoc Texas, Dallas thong bao rang trong thang 12 nam 2006, du lieu
ca nhan cua 35 000 nguoi (gom ca sinh vien hien tai va cuu sinh vien) da bi xam
pham. Ma so bao mat xa hoi (chung minh thu, the sinh vien) bi lay cap, theo so
lieu thong ke duoc dua ra tu Privacy Clearing House.
Xu huong dong co tan cong cua hacker thay doi
Theo Zone-H, 50 hacker hang dau da tan cong tong cong gan 2,5 trieu website tren
the gioi. Theo CSL/FBI Computer Crime va Security Survey 2005, mot trong cac
phat hien dang so nhat moi duoc cong bo gan day la so luong website bi tan cong
tang len theo cap so nhan: nam 2004 co 5%, trong khi nam 2005 len den 95%. Xu
huong gan day, nhat la sau 12 thang cua nam ngoai cho thay co mot su chuyen dich
tu muc dich pha hoai lay danh tieng sang pha hoai de chuoc loi. Nhieu bao cao
cua nam 2006 van dang tiep tuc duoc cong bo.
So lieu thong ke
Tu sau khi nhieu to chuc khong giam sat hoat dong truc tuyen muc ung dung Web,
hacker co ca mot giang son de hoat dong. Ngay ca voi nhung lo hong vong lap hep
nhat trong ma ung dung cua mot cong ty, mot hacker kinh nghiem cung co the loi
dung va pha hoai ma chi can dung trinh duyet Web voi mot chut sang tao va quyet
tam. Duong nhu cac hoat dong hacking chi duoc phat hien ra sau khi nhung pha
hoai dau tien da duoc thuc hien. Don gian vi nhung ke tan cong khong muon va
khong de lai bat ky thu nghiem co tinh toan nao lam dau vet. Hang thang nguoi ta
deu phat hien duoc vo so vu hacker tham nhap vao he thong cua cac to chuc. Trong
cac cuoc tan cong ung dung web, chung cu vat ly (nhu mot co so du lieu bi mat
mat) duong nhu khong ton tai. Vi hacker thuong thich thu voi viec trom du lieu
theo kieu sao chep va de lai du lieu goc nguyen ven.
Mot cuoc nghien cuu gan day cho thay 75% cac cuoc tan cong duoc thuc hien o muc
ung dung web. Mot nghien cuu chua duoc cong bo rong rai tai Acunetix cung chung
thuc dieu nay. So sanh voi ket qua cua mot so to chuc bao mat ung dung web khac,
ket qua cung tuong tu.
Privacy Clearing House con dua ra thong tin thu vi hon: hon 100 trieu ban ghi da
bi xam pham trai phep tu thang 2 nam 2005 den nay. Tuy nhien, con so nay chua
bao gom khoang 40 trieu ban ghi cua vu TJX. Trong tong so 140 trieu thong tin bi
danh cap, khoang 80 trieu co nguyen nhan tu cac hoat dong hacking. Nguoi ta van
chua biet lieu vu xam nhap TJX la hoat dong pha hoai o tang mang hay tang ung
dung web.
Cai gia phai tra khi bi hacker tan cong
Nhung ton that gap phai khi bi hacker tan cong thong thuong la ganh nang tai
chinh. Nhieu to chuc bi hau qua nang ne den muc phai tuyen bo dong cua hoac
tuyen bo pha san. Ngoai ra con la:
• Mat niem tin cua khach hang cung voi danh tieng bao nhieu nam gay dung, va tat
nhien anh huong toi thu nhap, loi nhuan.
• Co the mat kha nang chap nhan mot kieu phuong tien thanh toan nao do nhu VISA,
Mastercard.
• Thu nhap va loi nhuan giam tu cac giao dich gia mao va thoi gian chet cua nhan
vien.
• Thoi gian chet cua website khi phai dong cua mot trong cac kenh ban hang quan
trong trong thuong mai dien tu sau vu tan cong.
• Phai chi phi nhieu tien cua de sua chua cac phan da bi pha hoai va xay dung ke
hoach de phong bat trac cho website, ung dung web...
• Cac tran chien phap ly va nhieu van de lien quan tu vu tan cong voi muc do bao
mat long leo, cac khoan tien phat va tien boi thuong phai tra cho nan nhan.
Hinh tren the hien tong so thiet hai tinh toan duoc tu cac vu tan cong theo bao
cao nam 2005 cua CSI/FBI Annual Computer Crime and Security Survey (Chuong trinh
khao sat bao mat va toi pham may tinh thuong nien cua CSI ket hop voi FBI).
Uoc tinh tong thiet hai theo tung kieu xam pham (chi tinh rieng o My) la hon 130
trieu do la, voi hon 639 don vi, ca nhan bi tac dong. Tham chi mot so cuoc tan
cong co the con gay hau qua lau dai cho doanh nghiep va nguoi tieu dung. Cac tac
gia cuoc khao sat bo sung them rang, nhieu ton that huu hinh (nhu chi phi cai
dat lai phan mem, cau hinh lai cac he thong may tinh) con co the tinh toan chinh
xac tu con so thong ke cua nhung nguoi bi hai. Trong khi do, nhieu ton that vo
hinh (nhu mat ban hang tuong lai do bi vo hieu hoa vung hoat dong cua cac phuong
tien, website sau cuoc pha hoai) that nang ne ma khong the tinh toan chinh xac
duoc.
Nghe co ve xa la tan troi Tay u? Co khi ban lai dang nam trong danh sach den cua
mot ten hacker sung so nao do day. Van de nay la het suc chinh dang de lo lang,
nhat la khi hoi chuong canh bao dau tien cua cac hacker noi da rung len trong
nam 2006 (tan cong website Bo giao duc dao tao, Cho dien tu, Nhacso.net, VnMedia,…).
Acunetix Web Vulnerability Scanner
Co mot phuong cach giup ban, du khong the hoan hao la Acunetix Web Vulnerability
Scanner. Ban co the dung phan mem nay de kiem tra thuong xuyen website va cac
ung dung web cua minh truoc kha nang tan cong cua tin tac.
Theo Security
Article source http://w4rum.com/918.t
|
