Author: Farshid Ghyasi, President/CEO NETLINKS
The news was big, Afghan Government websites attacked by Chinese hackers and reported by an American cyber security research company. Local newspapers and TVs started talking about the issue as if our country was attacked and intruded by China! National Security Council begun investigating the issue. What happened later on, none of us really know!
While everyone was talking about the attack happened, nobody tried to see how did the attack happen and what led to this event. Here i am sharing what i think went wrong.
Now going back and and reviewing the case, one can say that such attacks happen mainly due to 2 major reasons which is common in Afghanistan and are:
- Use of Pirated Softwares: Thanks to China, Pakistan and Iran, we get tonnes of pirated softwares in the local market. Nobody cares to even think what sort of malwares those softwares come preinstalled with when they install those operating systems in their computers. Most of the private companies and even government run pirated software which leads to infected computers right from the point of installation.
- Pirated or cracked Antivirus or not even having a proper antivirus: Most users in Afghanistan does not use proper antivirus solutions. They get cracked antivirus solutions online or from the same pirated software distributors in Afghanistan. Most of the time, these antivirus softwares themselves if cracked could carry malwares, worms and viruses.
Now what can we do to stop this? The government, private companies and even individuals should start practicing bans on pirated softwares. Licensed and clean antivirus solutions should be used particularly as most of these users go online and face threats of thousands of malicious codes that maybe hosted on certain websites they browse.
Overall, i would blame poor practice of information security on the end users more than the possibilities of weak ANDC security!
I would invite all information security professionals to share their ideas on what they think about this. I am a beginner when it comes to information security and please do correct me if i am wrong.