Government websites brace for online threats

The Philippine government has upped the ante against cybercriminals, implementing more "proactive" measures in countering online threats, according to Germany-based web security company Astaro. In late 2009 up to earlier this year, several government websites were targeted in a string of cyberattacks, including the Department of Health (DOH), Technical Education and Skills Development Authority (TESDA), and the Philippine Information Agency (PIA). All the above websites were defaced with profanities by hackers whose identities and whereabouts are still unknown. At a press conference, Astaro regional sales director for the ASEAN region Isaac Lim said that the Philippine government seems to have taken a more "proactive" stance against cyberattacks, citing the Department of Justice (DOJ), the Philippine National Police (PNP), and the Department of Social Welfare and Development (DSWD) as key clients. "The government is our biggest customer in the Philippines, with the country itself accounting for 30 to 40 percent of our entire market in the Asean region," Lim said. Astaro product manager Angelo Comazzetto warned of the relative ease with which websites can be hacked without adequate protection. "If you have a web server and you offer publicly-accessible web forms, then you're vulnerable to attack," he said. Comazzetto referred to a recent survey by Symantec Philippines, which show that almost nine out of ten Filipinos believe they have been victims of cybercrime. The survey also showed that almost half of all cybercrime in the Philippines remains unsolved. He said that the figures, alarming as they are, don't indicate the extent of cybercrime's impact on small and medium businesses which were not differentiated in the survey. Comazzetto explained that, without adequate protection, web forms can be used by hackers to gain access to private information within the site's server. Web forms are places in websites where users are requested to type in specific information, such as a name, contact information, or suggestions. Web forms are a common feature of government websites, which use them as a means to communicate with the public. A carefully constructed program code can be entered into a web form in lieu of the information being asked for, after which an unprotected server would follow the instructions contained in the code. Depending on the hacker's intentions, the code can do anything from simply defacing the website to collecting private information for malicious use. - HS, GMANews.TV