A note on a piece of paper indicating that China-based hackers, presumed to belong to a special unit under China's People's Liberation Army (PLA), had broken into the legislature's computer system, has rattled cyber security personnel over the past two weeks.
Some legislative assistants said they received the note from the Ministry of Justice's Investigation Bureau (MJIB) on July 6, but the bureau refused to confirm that it had sent the note.
Security concerns
According to the note, a backdoor program installed on 24 different computers in the offices of legislators from across party lines -- including one used by Legislative Speaker Wang Jin-pyng's (
"We have located the hackers and discovered that they were PLA officials based in Fujian Province," an anonymous source from the bureau was quoted by Lin Hong-chan (
An official with the MJIB's Computer Crime Prevention Center, who asked not to be named, told the Taipei Times in a telephone interview that the agency was aware of the situation and had warned some legislators of the attack.
Tracing the attack
Lin said the problem came to light because the MJIB found that some e-mails dispatched from a relay station based in the US had been sent in the name of Taiwan's legislators.
"They [MJIB special agents] traced the origin of those e-mails and found out it was Fujian-based hackers who had used a specially designed attack Web site to install a Trojan horse program on legislators' office computers," Lin said.
The note said that computers used in the offices of Chinese Nationalist Party (KMT) Legislator Su Chi (
The Trojan horse program also entered some computers in the offices of the DPP and TSU legislative caucuses, according to the note.
Lee Ming-yueh (
"Two computers out of six in our office were attacked. One was for keeping the legislator's schedule and the other was for receiving and sending all documents," he said.
He added: "The computer that was attacked in the [DPP] caucus office was used by an assistant who is in charge of gathering all information and reporting to the head of the caucus."
Inside help?
Lee's concern led to a presumption that the attack was not launched by Chinese hackers alone. Rather, the hackers had possibly collaborated with legislative staff.
"We haven't ruled out that there might be internal personnel involved in the matter, but we don't know this for sure at the moment," said Chen Hsi-yang (陳熙揚), director of the Information and Technology Department at the legislature.
Chen Shi-yang said that the legislature has set up firewalls, which can prevent the Chinese hackers from getting inside its computers.
"We installed a virus scanner for e-mails coming in and out of the legislature. Also, we used Dynamic Host Configuration Protocol [DHCP] to dynamically allocate IP addresses, meaning that there is no way that outside hackers can know any single IP address belonging to the legislature's computers and select their targets," he said.
In the wake of the release of the note, which listed the IP addresses and user numbers of the computers that were attacked, the legislature's cyber security personnel have since July 4 been trying to fix the virus problem.
"We have fixed 15 of the 24 affected computers and quarantined a virus in the other nine computers. Now we are waiting for Philippines-based Trend Micro [Corp] to get back to us on solutions for the various viruses on those nine computers," the director said.
Denial
The Information and Technology Department, however, denied that PLA was the source of the hackers and said the MJIB had first discovered the virus.
"According to Trend Micro's description of the virus, named BKDR_BIFROSE_JH, it was a backdoor-attached virus, but it was not from the PLA," Chen Shi-yang said.
The virus was found by the department's Security Operation Center and not by the MJIB, Chen Shi-yang added.
"Indeed, there's a threat that the PLA's hackers might attack the legislature's network system, but we have done our best to secure it against hackers," the director said.
NATIONAL SECURITY: Authorities are working to confirm the identities of the military personnel involved and investigating possible illegal conduct and regulatory violations Authorities are probing possible national security implications after Kinmen police and immigration officers on Sunday found a Chinese woman allegedly posing as a tourist while engaging in prostitution involving more than 10 military personnel. The woman, surnamed Chen (陳), has since been deported, authorities said, adding that investigators are still working to confirm the identities of those implicated, as the records only listed code names and aliases. The case stemmed from a report received by the Kinmen District Prosecutors’ Office on Friday last week from the Jinhu Precinct of the Kinmen County Police Bureau. On Sunday, police, along with the National Immigration
REASONS FOR TRAVEL: An assistant professor said that proposed amendments to penalize drivers if they used drugs overseas would not deter people from traveling People who operate a motor vehicle under the influence of marijuana would have their driver’s license revoked, even if they used the substance while overseas, the Ministry of Transportation and Communications said yesterday, citing proposed amendments to the Road Traffic Management and Penalty Act (道路交通管理處罰條例). The amendments would also authorize the government to revoke the licenses of people determined to have used Category 1 or Category 2 narcotics, even if they were not operating a vehicle while under the influence of drugs, as well as ban them from taking the license test for three years, the ministry said. People aged 18 or
GLOBALGIVING: ‘ Caving to external pressure is not acceptable for an organization that has cultivated justice reform and human rights for 30 years,’ one NGO said A slew of non-government organizations (NGOs) have withdrawn from the GlobalGiving fundraising platform after it announced it would use “Chinese Taipei” instead of “Taiwan” from next month. The Taiwan Good Rice Association wrote on Facebook on Friday that it was informed on April 28 via a teleconference call of the change, which was made because the platform wanted to operate in China. Taiwan Good Rice is to terminate all cooperative relationships with GlobalGiving in response to the platform’s “unilateral and non-negotiable” decision to remove references to Taiwan, the NGO said. “Taiwan is in the official name of Taiwan Good Rice Association and the
HEAVY WEATHER: Typhoon Jangmi is due to crash straight into the Ryukyus as airlines look to shift flights to larger aircraft or cancel flights to Okinawa entirely Taiwan’s international air carriers announced flight adjustments over the weekend as Typhoon Jangmi is forecast to hit the Ryukyu Islands today and tomorrow. The Central Weather Administration (CWA) upgraded Jangmi from a tropical storm to a typhoon at 8am yesterday, with the eye located 580km south of Naha city. It was moving north at 19kph. Today, China Airlines’ CI-120, CI-121, CI-122 and CI-123 flights between Taoyuan and Naha, Okinawa, have been canceled as well as CI-132 and CI-133 between Kaohsiung and Naha. EVA Air’s BR-112, BR-113, BR-186 and BR-185 flights between Taoyuan and Naha are also canceled. Low-cost carrier Tigerair Taiwan canceled IT-230,
RSS