WORDS ON THE STREET 70th anniversary of Hanoi's Liberation Day Vietnam - Asia 2023 Smart City Summit Hanoi celebrates 15 years of administrative boundary adjustment 12th Vietnam-France decentrialized cooperation conference 31st Sea Games - Vietnam 2021 Covid-19 Pandemic
May 28, 2014 / 14:17

Experts call malware attack on eBay’s firewall “ominous”

Experts are questioning whether online security solutions used in Vietnam will continue to be effective, after malware was found on eBay’s site.

“I am sure that eBay had dozens of solutions and a firewall to prevent malware and detect intrusions. But malware still was able to penetrate the system. It is really worrying,” said Nguyen Minh Duc, a Vietnamese well-known internet security expert from FPT, the Vietnamese largest technology group in Vietnam.

eBay, a big online auction and shopping website, was not aware of the hack until May, while the attack was carried out in February, three months before.

“The information spread out all over the world about the attack. About 145 million accounts were affected. However, there is still an unanswered question about how eBay was attacked,” Duc said.

eBay is not alone. Many other victims were in the same situation, and did not realize that they were attacked and kept normal operations for a long time.

The noteworthy feature of the attack was that the hackers did not target eBay’s server, thinking probably that it would be difficult to find a vulnerable hole. Instead, they targeted the computers of the workers of eBay. The computers had access to important systems of the server.

“It is obvious that the success of the intrusive activities posed a major challenge to the current security solutions,” Duc said.

“The malware still could be spread out among the computers of the system, while data was stolen smoothly, despite a ‘great firewall’ installed by eBay. Therefore, we have every reason to think that the currently used security solutions cannot be effective against attacks, which are getting more and more sophisticated,” Duc said.

Next-generation security solutions needed

Adobe, Evernote and Sony have also been victims of attacks which then affected hundreds of thousands of accounts.

However, client worries intensified after the eBay attack.

“Clients have every reason to feel anxious about the safety of their accounts if even eBay could be hacked,” Ngoc Tuan, 43, in Hanoi, said.

“I personally think that it is necessary to apply new security solutions to deal with hackers, who are getting smarter nowadays,” Duc said, adding that service providers or the institutions which set safety standards need to prove that their solutions can protect clients’ data.

Duc, who has 10 years of experience in the field, said the solutions were mostly based on detection of patterns to recognize signs of an attack on the firewall, but they still cannot discover abnormal signals in the network systems, servers and services.

In addition, when an attack occurs, it can cause abnormalities to the bandwidth, connections, domain names and IP addresses and protocols.