Hacking attack on DPP a potential ‘Watergate’

THREATS::The nature of the classified information retrieved by hackers targeting the DPP underscores the KMT’s fears of losing next year’s election, a security expert says

By J. Michael Cole  /  Staff Reporter

Mon, Aug 15, 2011 - Page 1

The recent hacking attacks targeting Democratic Progressive Party (DPP) officials and senior staff at Chairperson Tsai Ing-wen’s (蔡英文) presidential campaign office could be Taiwan’s version of the Watergate scandal, a former official in charge of electronic communications for the government has said.

The DPP last week announced that the e-mail accounts of senior officials and staff at Tsai’s office had been hacked into and that confidential information had been stolen. In a press release, the party said that an investigation had traced the attacks back to IP addresses from Xinhua news agency bureaus in Beijing and Malaysia, addresses in Australia, as well as the Research, Development and Evaluation Commission (RDEC) in Taipei.

Among those targeted was Alex Huang (黃重諺), deputy director of the party’s Policy Research Committee, who said he received between 10 and 20 e-mails a day that looked like they were written by colleagues, but that, once opened, would automatically install malware that monitors a user’s computer.

A former senior official who handled electronic communication security under former president Chen Shui-bian’s (陳水扁) administration told the Taipei Times on condition of anonymity last week that the truly worrying aspect of the recent attacks was the domestic angle.

The former official, whose e-mail account was among those targeted by hackers, said the attacks started in March — the same month Tsai officially launched her presidential campaign — and spiked in May.

Aside from the campaign office and DPP officials, the DPP’s think tank and the e-mail accounts of academics associated with the party were also targeted, said the former official, who returned to academia after leaving government and remains involved with the party.

According to the former official, the nature of the confidential information targeted by the hackers represented a clear departure from traditional hacking by China.

Predominantly electoral information, such as campaign promotional material, event schedules and Tsai’s platform, was accessed by the hackers, he said.

“I don’t think Beijing is very much interested in the DPP’s strategy for social security,” the former official said, adding that this pointed instead to possible attempts by the Chinese Nationalist Party (KMT), or its supporters to steal that information.

Traditionally, Chinese espionage operations against Taiwan, including hacking, have targeted its foreign policy, potential arms purchases and position on Taiwan independence.

If the source’s conclusions were correct, this would signify that the domestic attacks and those originating from overseas were likely unrelated.

Asked if the DPP had faced similar attacks in the lead-up to the presidential election in 2008, the source said this was not the case.

“Everybody knew back then that the DPP was going to lose the election,” he said, adding that at the time, the DPP was in power and the nation’s national security apparatus had “demonstrated its neutrality.”

The possibility that the Ma campaign or someone within the KMT orchestrated the hacking attacks against Tsai’s campaign would signal great uncertainty within the KMT regarding Ma’s chances of getting re-elected in January, he said.

However, the source doubted the attack was launched at the executive level, such as at the RDEC, saying instead that the professional nature of the operation pointed to the National Security Bureau (NSB).

“They knew what they were doing. Amateur hackers usually limit themselves to changing content on a page. The attacks against the DPP were far more focused and information was retrieved,” he said. “They were professionals.”

In his opinion, this was either an NSB job or carried out by a former NSB official or officials on behalf of the KMT.

Ma’s campaign office told the Taipei Times yesterday its campaign team had been receiving suspicious e-mails with unknown attachments or Web links since the office was launched in June, but did not define such situations as hacking attacks.

Lee Chia-fei (李佳霏), a spokesperson for Ma’s campaign office, said the office had set up an information security team to handle information leaks and possible hacking activity, and that the team reminded staff members to be cautious about suspicious e-mails.

She said the identity of campaign staff, including her and Yin Wei (殷瑋), another campaign spokesperson, had been “hijacked” before, but the team handled the problem as a regular information security issue that anyone could face when using the Internet.

Lee dismissed accusations that the campaign office could be involved in hacking against the DPP and accused the opposition party of manipulating information security issue for electoral purposes.

“What we do is take precautionary measures when handling e-mails and using the Internet. We would not manipulate the issue for election campaign purposes or make groundless accusations against others,” she said.

Lee’s comments contradicted an article headlined “Cyber-attacks targeting KMT, DPP revealed” published in the KMT-friendly China Post on Wednesday last week — one day after the DPP made its complaint public — in which Ma’s office was reported to have “confirmed” it had suffered recent hacking attacks.

However, the office did not provide details or whether any information had been leaked and told the Post that “time constraints” had prevented them from “looking into the high number of hacking activities, and [that] to chase after each case would be futile.”

Meanwhile, a Xinhua spokesperson last week dismissed the allegations that its offices were behind the attacks against the DPP, calling them “groundless.”

“As a news service provider, we have an impartial and objective stance on the election of the Taiwan region [sic], and we will never interfere in the matter,” the spokesperson told the Epoch Times.

“The campaign office of Tsai Ing-wen, without serious verification, presumptuously claimed Xinhua as a source of the cyber attacks, which terribly tainted Xinhua’s reputation,” the spokesperson said, adding that IP addresses can be hijacked to cloak cyber attacks.

Western intelligence agencies worldwide have long suspected Xinhua bureaus and reporters to act as intelligence officers for Beijing.