Many people mistakenly believe networks here are less vulnerable than those elsewhere
Getting hacked usually inspires dread and panic in organizations—unless the hacker is Sok Yeng.
Mr Yeng is Cambodia’s first certified “ethical” computer hacker: a person hired by an organization to try to infiltrate its digital networks and systems in order to find weaknesses.
“It’s about finding countermeasures,” said Mr Yeng, who is accredited by the International Council of Electronic Commerce Consultants, at his office in Phnom Penh.
“The Internet has opened up the country and opened borders without [people] knowing it,” he said, adding that Cambodia has a long way to go to educate people about the importance of information technology security, and the risks posed by not-so-ethical hackers.
“There is definitely a trend of people realizing the importance of security,” Mr Yeng said.
“More and more clients are inquiring about proper IT; they are looking at the issue more seriously,” he said, but admitted that there is no real demand yet for his ethical hacking service.
Currently, Mr Yeng, who looks younger than his 27 years but has five years of experience in IT, uses his skills to develop security packages for clients he wouldn’t name but who he said include NGOs, small and medium-sized businesses and educational institutions.
The most common reason for unsecured systems at local businesses and organizations, Mr Yeng said, is the attaching of networks to other networks—such as by linking human-resource departments with accounting departments—which makes it easy to share sensitive information such as salary lists. In-house IT technicians are often ill-equipped to properly secure systems, he said.
Another problem is the common use in Cambodia of pirated computer software, which is more vulnerable to computer viruses such as “worms” and “Trojan Horses” because the illegally produced software might already be corrupted and there are no periodic system updates, such as virus “patches,” Mr Yeng said.
“Hackers figure out security holes, and that is why patches are needed for the networks.”
Bernard Alphonso, founder and managing director of information security consultancy Alphonso Security Co Ltd, which has worked in Phnom Penh for the past six years, agrees that many computers in Cambodia are just not secure.
“People frequently, albeit wrongly, believe that organizations in Cambodia are less exposed to IT security problems than elsewhere,” he wrote in an e-mail.
“This is a wrong assumption as the problems faced by companies with the Internet or from within [internal threats] are the same here as in New York, Paris or Tokyo,” he continued.
Mr Alphonso said the quick development of the Internet in Cambodia is creating a more dangerous situation for IT as people don’t realize the dangers their organizations can be exposed to by hackers who can be located anywhere on the planet.
“Security is all too often an afterthought whereas it should be addressed proactively as a kind of insurance,” he said.
Viruses or malware, including spyware, are also becoming more sophisticated. In the 1990s, malware made itself known with antics such as making the computer screen turn upside down, but now it is possible to have a silent piece of malware record everything that is being typed, including passwords and financial transactions, without the user’s knowledge.
The government is investing heavily in security equipment and human resources in order to show that IT security is becoming a priority to the country, said Phu Leewood, secretary general of the state’s National Information Communications Technology Development Authority.
Government computer systems currently have firewalls, which are designed to block unwanted access, and encryption systems, Mr Leewood said yesterday at the launch of a partnership between NiDA and the UN on information technology training for government officials to enhance their work.
“Government computers have firewalls and software is updated regularly,” Mr Leewood said.