HACKING OF GOVERNMENT WEBSITES
BANTAY GOBYERNO SERIES 2010032
By Ike Señeres August 30, 2010
HACKING OF GOVERNMENT WEBSITES
There is no big problem about the issue of government websites being hacked. Most of our government sites are merely information sites, pretty much like newspapers that give out news. There would be a big problem if these sites are interactive and are connected to databases, but most of these government sites are not.
Perhaps this is one case wherein a negative turns out to be a positive. The hackers might have succeeded in breaking into the sites and in defacing them, but there is hardly any sensitive covert information that they could get out of these sites. All the information as far as I know is overt, and there are no secrets to get, really.
It’s a negative, because all government sites are supposed to be interactive in the first place, giving out as much current real time information to all citizens as much as possible. This however comes with a caveat that these sites have to be secure from hacking, complete with firewalls and the whole nine yards.
In the first place, all government sites are supposed to have mirror databases aside from their main databases, so that they could have backups just in case their main sites are compromised. The trick is to have a firewall between the online data and the backend databases, so that these are not vulnerable to outside attacks.
It’s a bad sign that it took longer for the Philippine National Police (PNP) to fix their site, compared to the Philippine Information Agency (PIA). Both sites are now back online, but it is bothersome that the PNP site was hacked in the first place, even if only for symbolic reasons, considering that the PNP is supposed to be highly secure in everything it does.
Hackers crack websites for the same reason that mountaineers climb mountains: because it’s there. The main reason why hackers would do hacking is for bragging rights, whereas mountaineers do not brag at all, they just look for the next mountain to climb.
There is a big difference between a static website and a dynamic website. A static website does not do anything except to post information. A dynamic website is interactive, and it is also transactional. There is no use for an interactive website if it is not transactional. A government website is also useless if it is only static.
In order for a website to be dynamic and transactional, it should have a real time linkage to the backend databases, and that is where the challenge lies, to open these databases to the outside world, but at the same time making sure that these are not vulnerable to attacks from the outside.
It is unlikely that the PIA and the PNP sites were hacked by government agents acting on official orders from the top. Any good Chinese hacker could have done that and that is precisely what it was, a personal attack. The attack however opened our minds to the reality that cyber warfare does exist, and that we are vulnerable to it.
Google has accused the Chinese government of waging cyber attacks against them, but the Chinese have denied this accusation. Is it possible that the Chinese government has a cyber warfare unit that is trained and equipped to stage cyber attacks? The answer is yes, and it is possible that all world powers would already have this capability.
Could an entire country become the target of a cyber attack? The answer is yes, and we have already seen that happen in Bosnia. Could the Philippines defend itself from cyber attacks? The answer is yes, but we have to go back to the basics of defining our national policies for cyber security.
How could we secure our national cyber security infrastructure amidst the reality that most of our major telecom carriers are partially owned by foreign companies? It would be unrealistic to think about keeping them out of our internal security decisions, but this is an issue that we have to resolve.
The issue of establishing our own National Internet Exchange (NIX) has died down, but this is an issue that we have to resurrect. Without an NIX, we could not even talk about securing our own Internet infrastructure.
Watch KA IKING LIVE! Saturdays 8 pm to 9 pm in Global News Network (GNN), Channel 21 in Destiny Cable. Email iseneres@yahoo.com or text +639293605140 for local cable listings. Visit www.senseneres.blogspot.com
By Ike Señeres August 30, 2010
HACKING OF GOVERNMENT WEBSITES
There is no big problem about the issue of government websites being hacked. Most of our government sites are merely information sites, pretty much like newspapers that give out news. There would be a big problem if these sites are interactive and are connected to databases, but most of these government sites are not.
Perhaps this is one case wherein a negative turns out to be a positive. The hackers might have succeeded in breaking into the sites and in defacing them, but there is hardly any sensitive covert information that they could get out of these sites. All the information as far as I know is overt, and there are no secrets to get, really.
It’s a negative, because all government sites are supposed to be interactive in the first place, giving out as much current real time information to all citizens as much as possible. This however comes with a caveat that these sites have to be secure from hacking, complete with firewalls and the whole nine yards.
In the first place, all government sites are supposed to have mirror databases aside from their main databases, so that they could have backups just in case their main sites are compromised. The trick is to have a firewall between the online data and the backend databases, so that these are not vulnerable to outside attacks.
It’s a bad sign that it took longer for the Philippine National Police (PNP) to fix their site, compared to the Philippine Information Agency (PIA). Both sites are now back online, but it is bothersome that the PNP site was hacked in the first place, even if only for symbolic reasons, considering that the PNP is supposed to be highly secure in everything it does.
Hackers crack websites for the same reason that mountaineers climb mountains: because it’s there. The main reason why hackers would do hacking is for bragging rights, whereas mountaineers do not brag at all, they just look for the next mountain to climb.
There is a big difference between a static website and a dynamic website. A static website does not do anything except to post information. A dynamic website is interactive, and it is also transactional. There is no use for an interactive website if it is not transactional. A government website is also useless if it is only static.
In order for a website to be dynamic and transactional, it should have a real time linkage to the backend databases, and that is where the challenge lies, to open these databases to the outside world, but at the same time making sure that these are not vulnerable to attacks from the outside.
It is unlikely that the PIA and the PNP sites were hacked by government agents acting on official orders from the top. Any good Chinese hacker could have done that and that is precisely what it was, a personal attack. The attack however opened our minds to the reality that cyber warfare does exist, and that we are vulnerable to it.
Google has accused the Chinese government of waging cyber attacks against them, but the Chinese have denied this accusation. Is it possible that the Chinese government has a cyber warfare unit that is trained and equipped to stage cyber attacks? The answer is yes, and it is possible that all world powers would already have this capability.
Could an entire country become the target of a cyber attack? The answer is yes, and we have already seen that happen in Bosnia. Could the Philippines defend itself from cyber attacks? The answer is yes, but we have to go back to the basics of defining our national policies for cyber security.
How could we secure our national cyber security infrastructure amidst the reality that most of our major telecom carriers are partially owned by foreign companies? It would be unrealistic to think about keeping them out of our internal security decisions, but this is an issue that we have to resolve.
The issue of establishing our own National Internet Exchange (NIX) has died down, but this is an issue that we have to resurrect. Without an NIX, we could not even talk about securing our own Internet infrastructure.
Watch KA IKING LIVE! Saturdays 8 pm to 9 pm in Global News Network (GNN), Channel 21 in Destiny Cable. Email iseneres@yahoo.com or text +639293605140 for local cable listings. Visit www.senseneres.blogspot.com
posted by Ike Señeres at 9:17 AM
0 Comments:
Post a Comment
<< Home