In connection to the First Commercial Bank automatic teller machine (ATM) heist, the media have made a sensation of police solving the case while overlooking the most basic problem: The bank’s host computer was hacked ahead of the theft.
It was hacked because it was connected to the Internet, which it should not have been. Very important data are saved on the host computer, which is able to give instructions to all the bank’s other computers. If that computer is connected to the Internet, it offers a gateway for hackers to hack the computer system. It is very difficult to understand why the host computer was connected to the Internet.
Let us consider a simple case as an example. Student records and grades at school are important data that must not be tampered with. However, since a school needs to allow students to check their own grades online, a computer at the school is connected to the Internet.
However, student data are all downloaded onto a hard disk, and that hard disk is then locked by the dean in his locker. Even if someone cracks the passwords and hacks their way into the school’s computer database, an attempt to falsify grades would be of no use because the data on the hard disk still remain unchanged.
Apart from not being connected to the Internet, a bank’s host should be placed in a safe room that requires visitors to pass through various checkpoints to access to it. More importantly, the general manager and vice general manager usually need to turn their keys simultaneously to start up the computer.
Since a bank’s computer data must not be easily modified, no change can be made without a formal order. The correct way is to print out the order on a form that must not be destroyed. It should be properly sealed after use, with the general manager’s signature and date on the seal. This is the reason inside jobs rarely occur at well-managed banks.
Taiwan has recently experienced a number of accidents, such as the accidental missile launch, the ATM heist and the tour bus blaze.
These incidents have exposed two problems.
First, Taiwanese are careless and do not take things seriously.
If everyone took their work seriously, the sergeant would not have launched the missile accidentally, the bank would not have connected its host computer to the Internet and the emergency door of the tour bus would not have been stuck.
Second, the government has failed to meet its supervisory responsibilities.
The Ministry of National Defense has not told us what caused the accidental missile launch, and the Ministry of Finance has said nothing about the ATM heist, as if it were none of the ministry’s business.
If the Ministry of Transportation and Communications carried out frequent and strict inspections of tour buses based on safety concerns, the recent tragedy would not have happened.
Looking at Russia — which knows a lot about computer hacking — the country has developed world-class anti-virus software. The fact that it is good at developing anti-virus software indicates that it also has a good knowledge of computer hacking techniques. Surely those private anti-virus software developers in Russia are secretly backed by the Russian government, and they must have employed the smartest people to work for them.
Has our government employed the smartest people to ensure Taiwan’s information security?
Lee Chia-tung is an honorary professor at National Tsing Hua University.
Translated by Eddy Chang
Saudi Arabian largesse is flooding Egypt’s cultural scene, but the reception is mixed. Some welcome new “cooperation” between two regional powerhouses, while others fear a hostile takeover by Riyadh. In Cairo, historically the cultural capital of the Arab world, Egyptian Minister of Culture Nevine al-Kilany recently hosted Saudi Arabian General Entertainment Authority chairman Turki al-Sheikh. The deep-pocketed al-Sheikh has emerged as a Medici-like patron for Egypt’s cultural elite, courted by Cairo’s top talent to produce a slew of forthcoming films. A new three-way agreement between al-Sheikh, Kilany and United Media Services — a multi-media conglomerate linked to state intelligence that owns much of
The US and other countries should take concrete steps to confront the threats from Beijing to avoid war, US Representative Mario Diaz-Balart said in an interview with Voice of America on March 13. The US should use “every diplomatic economic tool at our disposal to treat China as what it is... to avoid war,” Diaz-Balart said. Giving an example of what the US could do, he said that it has to be more aggressive in its military sales to Taiwan. Actions by cross-party US lawmakers in the past few years such as meeting with Taiwanese officials in Washington and Taipei, and
The Republic of China (ROC) on Taiwan has no official diplomatic allies in the EU. With the exception of the Vatican, it has no official allies in Europe at all. This does not prevent the ROC — Taiwan — from having close relations with EU member states and other European countries. The exact nature of the relationship does bear revisiting, if only to clarify what is a very complicated and sensitive idea, the details of which leave considerable room for misunderstanding, misrepresentation and disagreement. Only this week, President Tsai Ing-wen (蔡英文) received members of the European Parliament’s Delegation for Relations
Denmark’s “one China” policy more and more resembles Beijing’s “one China” principle. At least, this is how things appear. In recent interactions with the Danish state, such as applying for residency permits, a Taiwanese’s nationality would be listed as “China.” That designation occurs for a Taiwanese student coming to Denmark or a Danish citizen arriving in Denmark with, for example, their Taiwanese partner. Details of this were published on Sunday in an article in the Danish daily Berlingske written by Alexander Sjoberg and Tobias Reinwald. The pretext for this new practice is that Denmark does not recognize Taiwan as a state under