Lai orders information security review

CYBERCRIME::Far Eastern International Bank said hackers compromised its network and transferred nearly US$60 million overseas, most of which has been recovered

Staff writer, with CNA

Sun, Oct 08, 2017 - Page 1

Premier William Lai (賴清德) yesterday requested that government agencies review the nation’s information security after Far Eastern International Bank (遠東商銀) reported that its system was hacked earlier in the week.

The premier was fully briefed on the incident and instructed the government to learn from the case and tighten information security by closing vulnerabilities, Cabinet spokesman Hsu Kuo-yung (徐國勇) said.

Far Eastern on Friday said it reported to the Financial Supervisory Commission that malware had been implanted in its computer system, which affected some of its PCs and servers, as well as the Society for Worldwide Interbank Financial Telecommunication (SWIFT) network.

SWIFT is a members-only organization that provides safe and secure financial transactions for its members via a standardized proprietary communications platform, which can facilitate the transmission of information about financial transactions.

Through the malware, hackers conducted virtual transactions to move funds totaling nearly US$60 million from Far Eastern clients’ accounts to foreign destinations such as Sri Lanka, Cambodia and the US, the bank found on Tuesday.

However, the bank said that due to its efforts to trace back the lost funds, the cyberattack cost the bank less than US$500,000.

As efforts to trace the lost funds by underpinning certain fund movements continue, the loss could be reduced to zero, it added.

The hacking did not lead to any leaks of client information, Far Eastern said.

Far Eastern vice president Liu Lung-kuang (劉龍光) yesterday told reporters that the origin of the malware has not been confirmed, but added that the bank is sure that the malicious software used to attack the transaction system is a new variety that had never been seen before.

The Criminal Investigation Bureau yesterday said that it has launched an investigation into the cyberattack and requested that the bank submit details about its computer operations after it reported the case to the bureau on Thursday.

The bureau said it has also informed the International Criminal Police Organization, commonly known as Interpol, of the case and asked for assistance.

Due to the international assistance, the bureau said Far Eastern’s losses are expected to be less than US$500,000, adding that similar hacking cases were reported in Vietnam and Bangladesh in 2015 and last year.

It was the first case in which malware was implanted into a Taiwanese bank’s computer network to transfer massive amounts of funds out of clients’ accounts.

The commission said that it was an isolated case, adding that no other incidents have been reported in the nation.

Far Eastern will have to shoulder all of the responsibility for the incident and bear all possible losses so that its clients’ interests will not be affected, the commission said.

The commission said it has asked Far Eastern to submit a comprehensive report on the incident to determine whether the bank should face regulatory punishment.

The commission has asked all banks in the nation to tighten controls on transactions during the ongoing four-day Double Ten National Day holiday.