Sat, Jul 23, 2016 - Page 8 News List

ATM hack the epitome of chronic carelessness

By Lee Chia-tung 李家同

In connection to the First Commercial Bank automatic teller machine (ATM) heist, the media have made a sensation of police solving the case while overlooking the most basic problem: The bank’s host computer was hacked ahead of the theft.

It was hacked because it was connected to the Internet, which it should not have been. Very important data are saved on the host computer, which is able to give instructions to all the bank’s other computers. If that computer is connected to the Internet, it offers a gateway for hackers to hack the computer system. It is very difficult to understand why the host computer was connected to the Internet.

Let us consider a simple case as an example. Student records and grades at school are important data that must not be tampered with. However, since a school needs to allow students to check their own grades online, a computer at the school is connected to the Internet.

However, student data are all downloaded onto a hard disk, and that hard disk is then locked by the dean in his locker. Even if someone cracks the passwords and hacks their way into the school’s computer database, an attempt to falsify grades would be of no use because the data on the hard disk still remain unchanged.

Apart from not being connected to the Internet, a bank’s host should be placed in a safe room that requires visitors to pass through various checkpoints to access to it. More importantly, the general manager and vice general manager usually need to turn their keys simultaneously to start up the computer.

Since a bank’s computer data must not be easily modified, no change can be made without a formal order. The correct way is to print out the order on a form that must not be destroyed. It should be properly sealed after use, with the general manager’s signature and date on the seal. This is the reason inside jobs rarely occur at well-managed banks.

Taiwan has recently experienced a number of accidents, such as the accidental missile launch, the ATM heist and the tour bus blaze.

These incidents have exposed two problems.

First, Taiwanese are careless and do not take things seriously.

If everyone took their work seriously, the sergeant would not have launched the missile accidentally, the bank would not have connected its host computer to the Internet and the emergency door of the tour bus would not have been stuck.

Second, the government has failed to meet its supervisory responsibilities.

The Ministry of National Defense has not told us what caused the accidental missile launch, and the Ministry of Finance has said nothing about the ATM heist, as if it were none of the ministry’s business.

If the Ministry of Transportation and Communications carried out frequent and strict inspections of tour buses based on safety concerns, the recent tragedy would not have happened.

Looking at Russia — which knows a lot about computer hacking — the country has developed world-class anti-virus software. The fact that it is good at developing anti-virus software indicates that it also has a good knowledge of computer hacking techniques. Surely those private anti-virus software developers in Russia are secretly backed by the Russian government, and they must have employed the smartest people to work for them.

Has our government employed the smartest people to ensure Taiwan’s information security?

This story has been viewed 3644 times.

Comments will be moderated. Keep comments relevant to the article. Remarks containing abusive and obscene language, personal attacks of any kind or promotion will be removed and the user banned. Final decision will be at the discretion of the Taipei Times.

TOP top