Hacktivism against APAC govts to rise

The region's changing IT laws could lead to increased conflicts with citizens, whose response would be to turn to hacking instead of vocalizing their dissent.

Governments in Asia-Pacific can expect more hacktivist attacks due to the "sensitive, muted" culture of its citizens and increasing friction with hacker groups because of unpopular laws enacted in response to the fast-changing IT landscape, McAfee executives point out.

Wahab Yusoff, South Asia vice president at McAfee, said people in the region tend to be more sensitive and less vocal in expressing their opinions, which is different from their western counterparts who are more vocal and have greater freedom of speech to express their grievances and unhappiness.

As such, embracing hacktivism has become a means for Asia-Pacific online users to voice their dissent whatever the cause, said Yusoff. Already this year, there have been hacking activities caused by international events and religious sensitivities, he added during an interview with ZDNet Asia on Monday.

Last week, for example, Japan's National Police Association found the country's Web sites had been hit by cyberattacks , reportedly from China, because of both countries' quarrels over the disputed Senkaku/Diaoyu islands in the East China Sea.

Another reason why the region may be a hotbed for hacktivist activities is because Asia is a fast-growing economic market and quickly becoming an IT hub with a lot of data infrastructure being built here, said Michael Sentonas, Asia-Pacific vice president and CTO of McAfee.

The executive, who sat in on the same interview as Yusoff, said the increased IT activities may lead to governments revising the laws around protecting the data and which may not be in line with the views of some citizens and hacker groups.

Data protection laws, for instance, are contentious since citizens may protest the loss of freedom of information and disagreeing with these revised legislations, Sentonas said, adding Singapore, Malaysia, the Philippines and Australia are among regional countries revising and implementing such laws.

The Australian government, for one, has seen widespread criticism by the locals for proposing that Internet service providers retain unspecified customer data for up to two years . Anonymous Australia retaliated by launching attacks against government Web sites and releasing customer and staff information belonging to local telco AAPT online , he noted.

"Such hacktivist attacks will continue if hacker groups 'sympathize' with citizens who are unhappy with the evolving policies by Asia-Pacific governments," Sentonas said.

APTs too "sensationalized"
Sentonas went on to state the term " advanced persistent threat (APT)" was being "overused and sensationalized", thereby causing a lot of confusion in the IT industry.

Defining APTs as targeted threats associated with reconnaissance, in that research is conducted to understand an organization well enough to breach its security, the executive said these are most often confused with rootkits--which are stealthy pieces of malware.

This confusion has resulted in many security issues becoming generalized and both consumers and enterprises do not understand the different security issues well enough. Malware figures are subsequently "overestimated" since the IT industry is unable to differentiate the different malware types, he stated.

The lack of understanding could mean companies have deployed security tools that are too generic and insufficient to protect against APTs, he said. For example, a user whose computer is attacked by a zero-day attack but assumes it is an APT may end up using an APT-related solution to tackle it, which may not be effective, he explained.