ISP admits scanning its own subscribers
May 6, 1999
by David Legard
SINGAPORE (IDG) -- The Singaporean Internet service provider SingNet has admitted that over the past week it carried out scans on the computer systems of 200,000 subscribers without their knowledge.
The scans, which were detected by a subscriber who had fitted her computer with antihacking software, were performed to prevent a recurrence of a March incident where hackers were able to obtain passwords from 17 subscribers, SingNet said. The scans were carried out by computer experts from the Ministry of Home Affairs, which had helped crack the March hacking case.
The admission drew some angry comment in online newsgroups about privacy violations, with contributors urging SingNet subscribers to switch ISPs.
In a statement released last week, Paul Chong, chief executive officer of Singapore Telecommunications' multimedia division, which runs SingNet, said there had been no invasion of customers' privacy and that the ISP had customers' best interests at heart.
Looking for security loopholes
Chong said that SingNet regretted not informing customers before the exercise, but said the ISP did not want to alert hackers or to unduly alarm its customers. The scanning program is not a hacking tool and has no ability to enter any computer system; rather, it is a defensive measure to look for security loopholes, Chong said.
The scan checked computer systems' vulnerability to so-called Trojan horse attacks, SingNet said. A Trojan horse lets a hacker capture passwords and gain access to a person's PC and data.
The Singaporean ISP used NetBus and Back Orifice scanning software, which was detected by a law student with Jammer antihacking software installed on her system, local press reported.
Alarmed, the student contacted SingNet, which said it was responsible for the intrusion, press reports added. Back Orifice was developed last year by hacker group Cult of the Dead Cow.
SingNet said it had discovered 900 computers infected with Trojan horse viruses during the week, and would inform owners by e-mail.
The ISP has stopped scanning while it seeks subscribers' views on preventive scanning measures, SingNet said. The ISP said it will call upon the independent National Internet Advisory Committee to certify that its scanning exercises are unobtrusive.
Two other Singaporean ISPs, Cyberway and Pacific Internet, responded by placing gaudy advertisements on their Web sites for virus-detection software such as Jammer, Private Desktop, NukeNabber, and Anti-Gen.
U.S. advisor seeks full-blown debate on encryption
RELATED IDG.net STORIES:
|Back to the top||
© 2001 Cable News Network. All Rights Reserved.|
Terms under which this service is provided to you.
Read our privacy guidelines.