Who’s spying on my computer?

Internet security has everything to do with being IT savvy

10 May, 2009 – The personal email addresses of Lyonpos Khandu Wangchuk and Thakur Singh Powdyel, displayed on the Who’s Who page of the Bhutan portal website, were vulnerable security threats, said Internet security expert, Boaz Shmueli. The expert, a faculty member of the Rigsum institute of IT and management (RIM), was giving a presentation on the current situation of Internet security in Bhutan at a talk organised by RIM in Thimphu.

Tips 1. Strong passwords: Don’t use words, software exists to guess, use 8+ characters, use a combination of numbers and symbols, substitute symbols for letters, i.e. s for $ or e for 3 2. User accounts for OS: Create additional accounts for other users like family members, use the system administrator account only when you really need to (i.e. to make changes in the system) 3. Operating system: Use Linux safer than windows as hackers usually targeted windows 4. Windows: If you use Windows, use genuine legal copies of it, so that you can update/download the latest security patches 5. Antivirus : Use and update antivirus software 6. Physical access: Disable USB drives if computer is located in public places

Access to the ministers’ emails would allow hackers to “spoof” them, he said. Spoofing is a term used to describe sending fake emails that would lure them to download malicious software and create the possibility of third party access to information.

With the increase of Internet users in the country, the risk of cyber-threats also increased. Bhutan has about 40,000 Internet users today, and more than 300 websites (.bt) based in the country. Mr Shmueli said that the most common way computers in Bhutan were infected with malicious software (viruses, worms, and Trojan horses) was through the sharing of USB flash drives and downloading of email attachments. The threat of cyber-crime in Bhutan was very serious, he said.

Mr Shmueli said the government needed to adopt an Internet security policy that was holistic and realistically possible for a developing country like Bhutan. The weakest link in internet security was the human user, he said, and the government needed to emphasise educating its employees on social engineering tactics used by hackers. He also suggested that the government not store sensitive information on computers connected to the Internet.

The talk called “Who’s Spying on My Computer” was organised by RIM. RIM CEO, Chenchen Dorji, said the recent GhostNet incident had revealed that Bhutanese lacked awareness on safe Internet practices. As a result, such awareness programs were necessary, he said. More such awareness programs are being planned.

Source: Kuenselonline

Posted in: Bhutan News