FEATURE: Taiwan on
cyberspace front line, hackers say
By Michael Gold / Reuters, TAIPEI
Taiwan is the front line in an emerging global battle for cyberspace, according
to elite hackers in the countryˇ¦s IT industry, who say it has become a rehearsal
area for the Chinese cyberattacks that have strained ties with the US.
Taiwan has endured at least a decade of highly targeted data-theft attacks that
are then directed towards larger countries, they say.
ˇ§Weˇ¦ve seen everything,ˇ¨ said Jim Liu, the 28-year-old founder of Lucent Sky, a
Taiwanese Internet security company specializing in resolving dangerous software
vulnerabilities that hackers can exploit to gain access to a system. ˇ§Weˇ¦ll see
a specific attack signature here, and then six months later, see the same
signature in an attack on the States.ˇ¨
A Pentagon report in May accused China of trying to break into US defense
computer networks. It followed another report in February by US computer
security company Mandiant that said a secretive Chinese military unit was
probably behind a series of hacking attacks that had stolen data from about 100
US companies.
Beijing dismissed both reports as without foundation. Taiwan experts say that
hacking methods such as those outlined in the Mandiant report are the same kinds
of security breaches that they had seen several years earlier.
It is easy to see why Taiwan might be an ideal target for Chinese hackers: It is
close to China, Mandarin-speaking and boasts advanced Internet infrastructure.
This cyberwar playing out across the Taiwan Strait first came to public
attention in 2003, when a Taiwanese police agency realized hackers had stolen
personal data, including household registration information, from its computer
system.
These attacks differed from traditional hacking attempts ˇX where many casual
hackers attempt to disrupt their targetsˇ¦ systems, these hackers went in
stealthily, with the intention to plunder, rather than destroy.
ˇ§Back then, it was very rare to see these kinds of social network attacks,ˇ¨ said
hacking specialist Jeremy Chiu, a contract instructor in IT for Taiwanˇ¦s
intelligence agencies. ˇ§They were very, very well-organized.ˇ¨
Other indicators, including the ease with which the hackers penetrated an e-mail
system written entirely in Chinese, painted a picture of the culprits as a
large, coordinated group of hackers in China.
ˇ§One thing that indicates government support for these attacks is just the sheer
volume ˇX how many agencies are being attacked on a daily basis,ˇ¨ said Benson Wu,
postdoctoral researcher in information technology at Academia Sinica and
co-founder of Xecure Lab, which focuses on responding to advanced persistent
threats.
The set-up of Wuˇ¦s Taipei office fits the classic hacker image: dimly lit,
strewn with wires and humming with computers.
On a projector screen, he displayed a list of e-mails, written in Chinese, with
subject headings like ˇ§meeting notes,ˇ¨ ˇ§dinner attendanceˇ¨ and ˇ§questionnaire.ˇ¨
ˇ§These are all hacking attempts,ˇ¨ Wu said.
Once the documents have been opened, they plant a backdoor allowing the hacker
virtually unfettered access to the network.
One such ˇ§spearphishingˇ¨ attack was reportedly used on the White House in
October last year. A Taiwanese expert in cyberespionage estimated that thousands
of Taiwanese high-level government employees receive as many as between 20 and
30 of these e-mails a month.
ˇ§Weˇ¦ve been following these Chinese hackers for so long, we can track their
daily work schedule,ˇ¨ said the expert, who asked not to be identified. ˇ§People
expect hackers to be night owls, but these guys work very normal hours ˇX on
Chinese national holidays, for example, we donˇ¦t see any hacking activity at
all.ˇ¨
However, tracking the exact source of the attacks remains a slippery game of
Internet sleuth.
ˇ§We take the IP address culled from the attack as a springboard, then track it
through the Internet ˇX perhaps the same IP address was used in a forum
registration, or to register a QQ handle,ˇ¨ he said, referring to a popular
Chinese chat program. ˇ§It depends how good they are at covering their tracks.ˇ¨
China denies being behind hacking attacks on other nations and insists it is a
major victim of cyberattacks, including from the US ˇX an argument that Beijing
sees as strengthened by revelations last month from former National Security
Agency contractor Edward Snowden about top-secret US electronic surveillance
programs.
The US and China held talks focused on cyberissues last week.
According to Internet platform Akamai, 27 percent of worldwide hacking activity
last year originated in China. However, the same report also placed Taiwan among
the top five digital attack originating countries last year.
ˇ§Taiwan is one of the key countries where we see a lot of activity,ˇ¨
Singapore-based malware researcher Chong Rong Hwa of network security firm
FireEye Inc said.
A report issued by SecureWorks, a network safety arm of PC maker Dell Inc, said
the Taiwanese governmentˇ¦s ministries are swarming with a particularly malicious
form of data-nabbing computer virus.
In one year, Taiwanˇ¦s National Security Bureau encountered more than 3 million
hacking attempts from China, according to statements given by bureau director
Tsai Der-sheng (˝˛±ołÓ) in March in response to questions from lawmakers.
Military and technology intelligence was included among the pilfered data.
ˇ§Taiwan will continue to be the battleground for lots of cyberattacks; itˇ¦s like
we are on our own,ˇ¨ Wu said. ˇ§China has a huge pool of talent and technical
resources.ˇ¨
|