A hacker who last month infiltrated Taiwan High Speed Rail Corp’s ticketing system is now advocating legislation to protect the rights of “white hats” — computer experts who specialize in identifying vulnerabilities in information systems through penetration testing and other methods.
Chang Chi-yuan (張啟元), 25, was released on bail of NT$100,000 after he was allegedly found to have tampered the ticketing system to provide a NT$200,000 refund for a NT$20 ticket.
“I will not avoid talking about my behavioral issues, nor will I avoid addressing my legal problem, which I hope to resolve by identifying the fundamental problem,” Chang said on Facebook.
The government should create new laws and amend regulations to protect ethical hacking, he said.
Specifically, there should be a state-run platform for Taiwanese companies — regardless of whether they are in traditional or high-tech industries — to request system penetration testing, Chang said, adding that the platform should display the authorization status for white hat operations as well.
If a company welcomes white hat information security testing, the platform would reflect that the company approves such a practice, for which it would set legal boundaries and reward systems for ethical hackers, he said.
Companies whose systems are off-limits to ethical hackers could indicate through the platform that they do not permit the practice and people would be warned that they would face criminal punishment if they ignore the firms’ expressed prohibitions and hack into the systems, he added.
“If there is a specific law and a certification from the government, white hats can clearly know if a company allows information testing. There would be no gray area and it would free hackers from the bind of having to inform the company in advance,” Chang said.
Taiwan has many white hats, but they do not test the information systems of local companies due to fears of legal consequences, he said.
A specific law would create a win-win situation for Taiwanese corporations and ethical hackers, he added.
Creating platforms for ethical hacking is not a new concept, Chang said, citing privately run HackerOne and Bugcrowd as two of the most popular examples.
As no government has created such a platform, Taiwan could make a major leap forward by creating the world’s first state-run platform for white hats, he said.
Randy Tang (唐元亮), an associate professor at Chaoyang University of Technology’s Department of Information Management, told the Chinese-language Apple Daily in an interview that while he approves of amending regulations to allow ethical hacking, he thinks companies should be allowed to decide whether they allow such a practice, adding that hackers must conduct such testing with goodwill and pledge not to harm systems.
“However, following Chang’s logic, companies that refuse to grant such permission would receive negative reviews and even risk tarnishing their images,” Tang said.
Last year, Chang reportedly purchased 502 iPhones for NT$1 by hacking the Apple Pay system.
He was in 2015 fined NT$60,000 for infiltrating a bus operator’s system and buying a ticket for NT$1.
In 2013, he exploited a loophole in Facebook to delete posts by the social media platform’s founder, Mark Zuckerberg.
President Tsai Ing-wen’s (蔡英文) administration is seeking to join an Indo-Pacific economic framework being planned by the US, a senior official said. The government is paying close attention to the regional economic pact being touted by US President Joe Biden, although too few details have emerged from Washington for Taipei to make specific plans, the official said, speaking on the condition of anonymity. The US is expected to launch the Indo-Pacific economic framework next month after negotiations with Australia, India and Japan, the official said. The economic initiative is to tackle trade facilitation, standards for the digital economy and technology, supply-chain resiliency and
‘NEW YEAR GIFT’: While the MAC called the song propaganda, China’s Taiwan Affairs Office said that it addressed the homesickness of ‘Taiwanese compatriots’ A pro-unification pop song aired on Chinese television earlier this month would only further sour Taiwanese sentiment toward China, the Mainland Affairs Council (MAC) said on Wednesday. The music video for We Sing the Same Song (我們同唱一首歌), which aired on China Central Television, features Chinese artists performing alongside Taiwanese singers Jam Hsiao (蕭敬騰), Ouyang Nana (歐陽娜娜) and Chen Li-nong (陳立農). The lyrics were reportedly written by Taiwanese lyricist Vincent Fang (方文山), known for his collaborations with Jay Chou (周杰倫), to music composed by a Chinese musician. Sung in Chinese and Hoklo (commonly known as Taiwanese), the song is about three Taiwanese siblings who
PIVOTAL ROLE: Taiwan’s importance in the global chip supply chain can be bolstered by domestic equipment manufacturing, President Tsai Ing-wen said Efforts must be made to better secure Taiwan’s place in the global supply chain by localizing production of equipment and facilities used by the semiconductor industry, President Tsai Ing-wen (蔡英文) said yesterday. Tsai discussed the issue during a meeting with representatives from the Taiwan Electronic Equipment Industry Association at the Presidential Office in Taipei. Product shortages throughout the COVID-19 pandemic — particularly of automotive chips — highlighted the pivotal role of Taiwan in the global supply chain, she said. Tsai thanked the association for cooperating with the government on the shared goal of localizing production of important semiconductor industry equipment.
SEPARATE CASE? A woman tested positive when she went with her daughter to be tested, because her daughter had taken the same bus to school as a steakhouse worker The Central Epidemic Command Center (CECC) yesterday reported 10 local COVID-19 cases, six of whom had visited a steakhouse in Taoyuan where an infection cluster has been reported. Minister of Health and Welfare Chen Shih-chung (陳時中), who heads the center, said that of the 10 local infections, one case — No. 17,928 — is a Taiwan Taoyuan International Airport disease prevention staffer who works in the area where inbound travelers collect their saliva for a COVID-19 polymerase chain reaction (PCR) test, and sometimes at the fever screening station. The staffer had tested negative in a PCR test on Jan. 9 and