A hacker who last month infiltrated Taiwan High Speed Rail Corp’s ticketing system is now advocating legislation to protect the rights of “white hats” — computer experts who specialize in identifying vulnerabilities in information systems through penetration testing and other methods.
Chang Chi-yuan (張啟元), 25, was released on bail of NT$100,000 after he was allegedly found to have tampered the ticketing system to provide a NT$200,000 refund for a NT$20 ticket.
“I will not avoid talking about my behavioral issues, nor will I avoid addressing my legal problem, which I hope to resolve by identifying the fundamental problem,” Chang said on Facebook.
The government should create new laws and amend regulations to protect ethical hacking, he said.
Specifically, there should be a state-run platform for Taiwanese companies — regardless of whether they are in traditional or high-tech industries — to request system penetration testing, Chang said, adding that the platform should display the authorization status for white hat operations as well.
If a company welcomes white hat information security testing, the platform would reflect that the company approves such a practice, for which it would set legal boundaries and reward systems for ethical hackers, he said.
Companies whose systems are off-limits to ethical hackers could indicate through the platform that they do not permit the practice and people would be warned that they would face criminal punishment if they ignore the firms’ expressed prohibitions and hack into the systems, he added.
“If there is a specific law and a certification from the government, white hats can clearly know if a company allows information testing. There would be no gray area and it would free hackers from the bind of having to inform the company in advance,” Chang said.
Taiwan has many white hats, but they do not test the information systems of local companies due to fears of legal consequences, he said.
A specific law would create a win-win situation for Taiwanese corporations and ethical hackers, he added.
Creating platforms for ethical hacking is not a new concept, Chang said, citing privately run HackerOne and Bugcrowd as two of the most popular examples.
As no government has created such a platform, Taiwan could make a major leap forward by creating the world’s first state-run platform for white hats, he said.
Randy Tang (唐元亮), an associate professor at Chaoyang University of Technology’s Department of Information Management, told the Chinese-language Apple Daily in an interview that while he approves of amending regulations to allow ethical hacking, he thinks companies should be allowed to decide whether they allow such a practice, adding that hackers must conduct such testing with goodwill and pledge not to harm systems.
“However, following Chang’s logic, companies that refuse to grant such permission would receive negative reviews and even risk tarnishing their images,” Tang said.
Last year, Chang reportedly purchased 502 iPhones for NT$1 by hacking the Apple Pay system.
He was in 2015 fined NT$60,000 for infiltrating a bus operator’s system and buying a ticket for NT$1.
In 2013, he exploited a loophole in Facebook to delete posts by the social media platform’s founder, Mark Zuckerberg.
‘HONEYMOON’ IS OVER: A political science professor said that the Tsai administration’s popularity peaked after it successfully contained COVID-19, but is waning President Tsai Ing-wen’s (蔡英文) and Premier Su Tseng-chang’s (蘇貞昌) approval ratings fell significantly this month in the wake of the government’s handling of the distribution of relief funds and stimulus coupons to people and businesses affected by the COVID-19 pandemic, a poll released yesterday by the New Power Party (NPP) showed. The poll showed that 68 percent of respondents said they were satisfied with Tsai’s performance, down 8.9 percentage points from last month, while 21 percent said they disapproved of her performance. Her approval among respondents aged 20 to 29 fell 14.7 percentage points, the largest decrease when compared with other age
Food delivery provider Foodpanda had 564 consumer disputes from January to last month and failed to attend many mediation sessions with local governments nationwide, the Executive Yuan’s Consumer Protection Committee said. In a news release earlier this month, the committee said that it investigated consumer complaints and mediations for Foodpanda and rival Uber Eats during the period, when the number of delivery orders jumped due to the COVID-19 pandemic. Uber Eats had 80 consumer disputes, the committee said. Of Foodpanda’s consumer disputes, 368 resulted from delivery drivers canceling orders after customers could not be reached, 108 were related to the quality or quantity
Peggy Chen (陳佩琪), wife of Taipei Mayor Ko Wen-je (柯文哲), yesterday said that the Central Epidemic Command Center’s (CECC) claim that Taiwan had warned the WHO about possible human-to-human transmission of COVID-19 was “far-fetched.” The US on April 9 said that the WHO had put politics first and ignored Taiwan’s early warning in December last year, which the WHO denied the following day. The WHO said that it received an e-mail from Taiwanese authorities on Dec. 31 last year, but that “there was no mention in the message of human-to-human transmission.” Minister of Health and Welfare Chen Shih-chung (陳時中), who heads the CECC,
The Taipei City Government yesterday promised to improve its Taipei Card 3.0 application process after a city councilor said that it required applicants to provide irrelevant personal information. Taipei City Councilor Miao Po-ya (苗博雅) said that to activate the card — which can function as an EasyCard, Senior EasyCard, student card and library card, as well as provide discounts for restaurants, arts and entertainment in the city — people must provide personal information such as their passport number, occupation, education level, their spouse’s name, personal income, credit rating and health information. The city government said the system would help it digitalize and