T. Khaltar: “Every day, Mongolian websites are hacked by the dozen”
The earliest cyber attack in Mongolia was reported in 1995, when a transportation company programmer sold vital information about his company to a rival company when he left his job. In 2000 an Internet service company lost all of its customers’ passwords to an unknown hacker and in 2004 an online conversation between students and presidential candidate N. Enkhbayar was disrupted when the server crashed due to a cyber attack. Since 2000, the main targets for hackers are the Mongolian Government, banks, and educational facilities. Today, cybercrime has grown ever so advanced and dangerous; and online fraud is taking its toll on the population. An interview of the Chief of Cyber Security Center T. Khaltar published in “Undesnii Shuudan” newspaper reveals more on this issue.
-We are living in the century of digital revolution. With information technology advancing every day, cyber crime is also developing with it. This type of crime is increasing in our country. Can you please inform the readers about some examples as a caution?
-Today, cyberspace crime is increasing worldwide. Following the introduction of the Internet, many types of cyber crime have entered our nation. There are many ways to deceive a person over the Internet. Many of the crimes take advantage of a person’s naive nature. For example, an online store claims that it is selling a $1,200 computer for half its price, and disappears after receiving payments from the victims. The customers’ gullibility is playing an important role here.
-A company CEO meets a foreign citizen through the Internet. The foreigner suggests investing in a certain company, with a $300 million benefit and they’ll share it 50/50. Later, the foreigner claims the investments have paid off, saying “The money transfer requires a fee of $30,000; and come meet me in Beijing.”
Incredibly, the CEO believes him, paying the fee and flying to Beijing, where he waits for the man in a hotel room until he finally realizes he was deceived. This is just one of many examples. In another case, a woman seeking to marry a foreign citizen is contacted by a man who claims he is from Germany, and he requires $2,000 for her citizenship papers. This goes on for a while until she has paid a total of $25,000. Her suspicions lead to the authorities, and she filed a lawsuit when she was informed that a Mongolian man who impersonated a German citizen deceived her. Individual persons would find solutions to their problems via the authorities and media, but private organizations and banks would keep them a secret, for the sake of their reputation and also fearing loss of customers.
-In another incident, a megastore announced a massive sale but hackers attacked the store’s network system and changed a few values within minutes. The hackers’ associates bought a MNT 9 million product for MNT 999 that very day. The barcode is scanned and a price of MNT 999 shows up, what can the cashier do?
-It takes a lot of research and analysis and other additional work to catch cyber criminals. It’s like putting together shredded paper.
-It appears that governments and administrative bodies are always being attacked by cyber criminals. Are there such incidents lately? Are the measures being taken effective enough to protect from these attacks?
-Every day, Mongolian websites are hacked by the dozen. The Government website, even the Cabinet’s website has been hacked before; the hackers left messages and changed settings. Even right now, there are reports of public and private university websites under attack by hackers.
Government computers with top-security information are always off the network. But the administrative bodies are all connected with each other via network, and there many sensitive information on them that the officials themselves are not even aware of. Sending sensitive materials over email is extremely dangerous. Most of the government officials have Yahoo! addresses, and I regret to say that they are often used to transfer government-related files. No doubt the files are almost always intercepted by hackers. We may have the latest cyber technology, but definitely not the latest cyber security. There is a possibility of secret meetings being recorded via mobile phones or other gadgets; or even when a national-level strategy is being prepared on a computer, there is a possibility that the said document is already under someone’s else’s possession. Such dangerous circumstances are threatening us today.
-Foreigners are very much interested in our natural resources. Isn’t it easy for them to find locations of discovered deposits and its estimated reserves? In other words, secrets of Oyu Tolgoi and Tavantolgoi projects are out in the open, aren’t they?
-Yes, unfortunately. Everything is prepared and developed on a computer. Other countries have very advanced cyber security. China has developed its own unique operating system, and the United States has developed ciphering systems, which makes it hard for the hackers to interpret it. These are simple examples. But in Mongolia, we come for work on Monday and discover our computers have been vandalized over the weekend, we turn a blind eye and pray that there were IT students experimenting and practicing.
-Tell us more about then dangers of cyber crimes.
-Cyber crime can cause catastrophic consequences. One with Estonian hack attack, in retaliation for taking down a statue, hackers triggered a virtual invasion, causing the whole Estonian network to go offline. There was no Internet connection, every bank transaction was cancelled and there was no communication whatsoever. Also, a country can be invaded without difficulty if the defense is offline, since it is based solely on communication – this especially applies to Mongolia. Today, advanced armies all over the world have their own cyber soldiers, which execute these kinds of operations. This confirms that future wars will take place in cyberspace rather than on land or in air.
-Are there many cyber crime committing individuals and organizations in Mongolia?
-Currently it is not known. But about 30 percent of computers in Mongolia are “zombie computers,” in other words, they are in complete control and monitoring of another user. They take full advantage of this privilege, which includes stealing personal information, files and documents and manipulating email for deception. I’ve said before, and I’ll emphasize on it again: Identifying and catching hackers is definitely not a walk in the park.
-We are living in the century of digital revolution. With information technology advancing every day, cyber crime is also developing with it. This type of crime is increasing in our country. Can you please inform the readers about some examples as a caution?
-Today, cyberspace crime is increasing worldwide. Following the introduction of the Internet, many types of cyber crime have entered our nation. There are many ways to deceive a person over the Internet. Many of the crimes take advantage of a person’s naive nature. For example, an online store claims that it is selling a $1,200 computer for half its price, and disappears after receiving payments from the victims. The customers’ gullibility is playing an important role here.
-A company CEO meets a foreign citizen through the Internet. The foreigner suggests investing in a certain company, with a $300 million benefit and they’ll share it 50/50. Later, the foreigner claims the investments have paid off, saying “The money transfer requires a fee of $30,000; and come meet me in Beijing.”
Incredibly, the CEO believes him, paying the fee and flying to Beijing, where he waits for the man in a hotel room until he finally realizes he was deceived. This is just one of many examples. In another case, a woman seeking to marry a foreign citizen is contacted by a man who claims he is from Germany, and he requires $2,000 for her citizenship papers. This goes on for a while until she has paid a total of $25,000. Her suspicions lead to the authorities, and she filed a lawsuit when she was informed that a Mongolian man who impersonated a German citizen deceived her. Individual persons would find solutions to their problems via the authorities and media, but private organizations and banks would keep them a secret, for the sake of their reputation and also fearing loss of customers.
-In another incident, a megastore announced a massive sale but hackers attacked the store’s network system and changed a few values within minutes. The hackers’ associates bought a MNT 9 million product for MNT 999 that very day. The barcode is scanned and a price of MNT 999 shows up, what can the cashier do?
-It takes a lot of research and analysis and other additional work to catch cyber criminals. It’s like putting together shredded paper.
-It appears that governments and administrative bodies are always being attacked by cyber criminals. Are there such incidents lately? Are the measures being taken effective enough to protect from these attacks?
-Every day, Mongolian websites are hacked by the dozen. The Government website, even the Cabinet’s website has been hacked before; the hackers left messages and changed settings. Even right now, there are reports of public and private university websites under attack by hackers.
Government computers with top-security information are always off the network. But the administrative bodies are all connected with each other via network, and there many sensitive information on them that the officials themselves are not even aware of. Sending sensitive materials over email is extremely dangerous. Most of the government officials have Yahoo! addresses, and I regret to say that they are often used to transfer government-related files. No doubt the files are almost always intercepted by hackers. We may have the latest cyber technology, but definitely not the latest cyber security. There is a possibility of secret meetings being recorded via mobile phones or other gadgets; or even when a national-level strategy is being prepared on a computer, there is a possibility that the said document is already under someone’s else’s possession. Such dangerous circumstances are threatening us today.
-Foreigners are very much interested in our natural resources. Isn’t it easy for them to find locations of discovered deposits and its estimated reserves? In other words, secrets of Oyu Tolgoi and Tavantolgoi projects are out in the open, aren’t they?
-Yes, unfortunately. Everything is prepared and developed on a computer. Other countries have very advanced cyber security. China has developed its own unique operating system, and the United States has developed ciphering systems, which makes it hard for the hackers to interpret it. These are simple examples. But in Mongolia, we come for work on Monday and discover our computers have been vandalized over the weekend, we turn a blind eye and pray that there were IT students experimenting and practicing.
-Tell us more about then dangers of cyber crimes.
-Cyber crime can cause catastrophic consequences. One with Estonian hack attack, in retaliation for taking down a statue, hackers triggered a virtual invasion, causing the whole Estonian network to go offline. There was no Internet connection, every bank transaction was cancelled and there was no communication whatsoever. Also, a country can be invaded without difficulty if the defense is offline, since it is based solely on communication – this especially applies to Mongolia. Today, advanced armies all over the world have their own cyber soldiers, which execute these kinds of operations. This confirms that future wars will take place in cyberspace rather than on land or in air.
-Are there many cyber crime committing individuals and organizations in Mongolia?
-Currently it is not known. But about 30 percent of computers in Mongolia are “zombie computers,” in other words, they are in complete control and monitoring of another user. They take full advantage of this privilege, which includes stealing personal information, files and documents and manipulating email for deception. I’ve said before, and I’ll emphasize on it again: Identifying and catching hackers is definitely not a walk in the park.
Comments
Post a Comment