BY TRINH NGUYEN
On any typical day, Facebook’s nearly 1 billion users log into their account to find dozens of notifications to read through. On a not so typical day earlier this summer, V? ??c Minh came across a more alarming notification.
“I saw notifications stating that my account was logged in from places I had never been to,” he said. “Facebook also let me know that there were a lot of different computers still logged into my account. I live in Hà N?i, but the notification showed many other faraway cities in Vietnam, which means there were multiple people from different places and using different computers logging into my account.”
Minh realized that someone was snooping through his personal details. He was lucky, however, as he knew how to spot the fraudulent logins by reviewing his settings. Not many are this savvy when it comes to digital security.
In a recent poll by the digital security website Làm Sao ?? Vào—or How To Get In—about 85 percent of the nearly 800 people surveyed know of a friend or have themselves been a victim of Facebook account theft.
Michael Gray, Vietnam Program Manager at the SecDev Foundation, a cyber-research think tank based in Ottawa, Canada, has a theory of why Vietnamese netizens are so vulnerable online.
“I think the basic thing might just be that internet use has grown so fast among a very young population that don’t have any oversight from parents or teachers,” Gray said. “So for example, here in Canada, my son, who’s ten, is learning about the Internet before he’s using it. He doesn’t have a Facebook account, but he’s had experts come into his class and talk about online cyber bullying, online threats, adults posing as kids. So it’s in his mind, that this exists.”
Gray says rapid internet adoption among a young and technologically inexperienced population is a reason the country is a breeding ground for both hackers and victims of hacking.
SecDev recognized that many of these young people lack basic digital security awareness. They launched the Ch?ng– or Anti– Hack Facebook campaign earlier this summer to give tips on cyber security.
Ironically, soon after the launch of their campaign, popular singer L? Quyên became a high-profile hacking victim.
“Someone messaged her page and pretended to be friends with someone that she knew and got her to hand over the information,” Gray explained.
The hacker had gained access to an account belonging to the singer’s friend and convinced L? Quyên to hand over her login information. The hacker then posed as the singer and asked her eager and willing fans to send money to help pay for tour costs.
That case wasn’t even a sophisticated hacking. It was merely a phishing attack and basic identity fraud. But it was a high profile attack.
It’s not just Vietnamese Facebook users who are falling victim to account theft. In July, the U.S. Federal Bureau of Investigation sentenced Ngô Minh Hi?u to 13 years in prison for operating a massive hacking and identity theft scheme from his home in Vietnam. According to the FBI, Hi?u stole the personal information of 200 million U.S. citizens and then sold it to other cybercriminals.
It is this type of cross-border cybercrime that is often leaving global victims emptying their wallets and losing their identity to Vietnam-based hackers.
Gray points to Vietnam’s educational system and lack of opportunities as ideal conditions for hackers to flourish.
“IT staff [are] fairly well trained, but they are very low paid. It’s a low paying profession in Vietnam, as far as I understand,” he said.
“So you have a bunch of recent graduates who are highly skilled with coding but they maybe don’t have enough good jobs for coders in Vietnam. And they turn to this out of boredom, frustration. They can make a little extra money from this.”
The success of Facebook account and identify thefts relies more on oblivious netizens than sophisticated code. Yet more and more, Vietnam has proven to be a source country of many sophisticated and targeted malware attacks, with the victims being those exposing human rights abuses in Vietnam.
Eva Galperin, a Global Policy Analyst for the digital rights organization Electronic Frontier Foundation, became one of those victims last January.
“Two of the people at EFF were both targeted with phishing emails which looked as if they were coming from someone at Oxfam, that asked us to take part in a conference in Asia and said, if you want more information about this conference what you should do is you should click on these links and you should open these attachments,” Galperin recalls.
“The attachments contained trojans and these trojans were supposed to covertly upload themselves on to our computers and also record everything that we typed and take periodic screenshots and send them back to a command and control server in Vietnamese IP space,” she said.
Galperin believes it’s no coincidence that hackers were effectively trying to spy on EFF’s communications. EFF has long supported internet freedom in Vietnam by advocating for the release of imprisoned bloggers and raising awareness of the Vietnamese government’s use of policy to suppress digital rights. Galperin had also been in contact with Vietnamese activists, she says, and that’s why she and EFF were specifically targeted.
This is not an isolated incident, as many human rights activists often find themselves the victim of spying by clicking on emails containing malware or “spam zombies.”
As defined by the technology firm Symantec, spam zombies are remotely-controlled email messages that can be used to deliver malicious code and phishing attempts. It is these attempts, targeted or otherwise, that are leaving many online users vulnerable.
And just how vulnerable? While rankings vary slightly across different digital security firms, Vietnam has consistently placed in the top five source countries for spam zombies, along with China, Russia, and the United States.
Between social engineering, spamming, phishing, users in Vietnam find themselves at greater risk of digital threats as they increase digital engagement.
So how do you protect yourself? For the average user, it’s coming up with passwords that are stronger than, say, just 1-2-3-4-5, and making sure to take advantage of your accounts’ many security offerings.
For V? ??c Minh, just as it was easy for him to lose his account, it was easy to find tech support. Upon realizing he needed to regain control of his Facebook account, he found his solution where one would find all answers: online.
This story was originally published at Loa.fm, the home of a weekly podcast about life in Vietnam. Its latest episode focused on digital threats. And Vietnamese coffee.
Illustration by Jason Reed