Government investigators warned yesterday that many of Taiwan's Web sites may have been infiltrated by hackers, an industry professional said yesterday.
"Since credit-card numbers, bank transaction records and other personal information can be read or even altered by hackers, consumers are the major victims of new illegal scams in the cyber world," said Liu Teh-ming (
Most Web sites set up by corporate enterprises or the government in Taiwan do not have adequate security, with about 80 percent of them easily invaded, Liu said.
Liu made the remarks after the Criminal Investigation Bureau (CIB) under the Ministry of the Interior publicly warned all Web site operators to upgrade vigilence on Monday.
The new method used by Internet hackers -- Structured Query Language (SQL) injection -- enables criminals to bypass a Web site's firewall and access its data bank without violating security codes. The method was first deployed in the United States in June last year, and then spread to other countries.
Hackers infiltrate Web pages to access log-in and password information, giving infiltrators access to data and allowing them to modify content.
"Hackers can use your credit-card number, expiration date and personal identification number to make purchases and then bill the purchases to you," CIB official Su Ching-wei (
CIB hasn't seen any reported cases caused by SQL injection, but Su said their research has led them to believe the problem may be widespread, although companies are unwilling to let any potentially damaging news out. Others are in the dark altogether.
"It's very possible that many Web sites don't even realize they've been invaded," Su said.
Since the average firewall system used in Taiwan can't detect an SQL invasion, and Web masters wouldn't notice until they check the data bank content.
He urged all Web site operators to upgrade their firewall security levels as soon as possible.
"They should upgrade Web site security by installing anti-hacker software," Su said.
Free firewall software is available on the Web at www.diamondinfotech.com.tw, which is cooperating with the CIB in the investigation, he said.
Most companies appear to be less interested than the government in protecting consumers' privacy on the Web.
"Today alone we have received nearly 100 inquiries about the software, of which more than 70 percent are from government Web sites operators such as the Taipei County Government and the Water Conservancy Agency," Liu said.
Most e-commerce sites don't regard security as important.
"Since the profit they make from e-commerce is minimal, companies are less willing to invest in online protection," he said.
Such an attitude will continue to hamper consumer confidence in making online transactions.
An e-commerce market watcher said online security is critical for the industry.
"As long as consumers feel uneasy about making online transactions, the e-commerce business will remain unpopular," said Jeff Liu (劉慰祖), an analyst at Market Intelligent Center (市場情報中心). "If they want to make money from consumers, they have to make the shopping experience safe and secure."
RSS