A hacker who last month infiltrated Taiwan High Speed Rail Corp’s ticketing system is now advocating legislation to protect the rights of “white hats” — computer experts who specialize in identifying vulnerabilities in information systems through penetration testing and other methods.
Chang Chi-yuan (張啟元), 25, was released on bail of NT$100,000 after he was allegedly found to have tampered the ticketing system to provide a NT$200,000 refund for a NT$20 ticket.
“I will not avoid talking about my behavioral issues, nor will I avoid addressing my legal problem, which I hope to resolve by identifying the fundamental problem,” Chang said on Facebook.
The government should create new laws and amend regulations to protect ethical hacking, he said.
Specifically, there should be a state-run platform for Taiwanese companies — regardless of whether they are in traditional or high-tech industries — to request system penetration testing, Chang said, adding that the platform should display the authorization status for white hat operations as well.
If a company welcomes white hat information security testing, the platform would reflect that the company approves such a practice, for which it would set legal boundaries and reward systems for ethical hackers, he said.
Companies whose systems are off-limits to ethical hackers could indicate through the platform that they do not permit the practice and people would be warned that they would face criminal punishment if they ignore the firms’ expressed prohibitions and hack into the systems, he added.
“If there is a specific law and a certification from the government, white hats can clearly know if a company allows information testing. There would be no gray area and it would free hackers from the bind of having to inform the company in advance,” Chang said.
Taiwan has many white hats, but they do not test the information systems of local companies due to fears of legal consequences, he said.
A specific law would create a win-win situation for Taiwanese corporations and ethical hackers, he added.
Creating platforms for ethical hacking is not a new concept, Chang said, citing privately run HackerOne and Bugcrowd as two of the most popular examples.
As no government has created such a platform, Taiwan could make a major leap forward by creating the world’s first state-run platform for white hats, he said.
Randy Tang (唐元亮), an associate professor at Chaoyang University of Technology’s Department of Information Management, told the Chinese-language Apple Daily in an interview that while he approves of amending regulations to allow ethical hacking, he thinks companies should be allowed to decide whether they allow such a practice, adding that hackers must conduct such testing with goodwill and pledge not to harm systems.
“However, following Chang’s logic, companies that refuse to grant such permission would receive negative reviews and even risk tarnishing their images,” Tang said.
Last year, Chang reportedly purchased 502 iPhones for NT$1 by hacking the Apple Pay system.
He was in 2015 fined NT$60,000 for infiltrating a bus operator’s system and buying a ticket for NT$1.
In 2013, he exploited a loophole in Facebook to delete posts by the social media platform’s founder, Mark Zuckerberg.
SECURITY: Starlink owner Elon Musk has taken pro-Beijing positions, and allowing pro-China companies to control Taiwan’s critical infrastructure is risky, a legislator said Starlink was reluctant to offer services in Taiwan because of the nation’s extremely high penetration rates in 4G and 5G services, the Ministry of Digital Affairs said yesterday. The ministry made the comments at a meeting of the legislature’s Transportation Committee, which reviewed amendments to Article 36 of the Telecommunications Management Act (電信管理法). Article 36 bans foreigners from holding more than 49 percent of shares in public telecommunications networks, while shares foreigners directly and indirectly hold are also capped at 60 percent of the total, unless specified otherwise by law. The amendments, sponsored by Chinese Nationalist Party (KMT) Legislator Ko
The eastern extension of the Taipei MRT Red Line could begin operations as early as late June, the Taipei Department of Rapid Transit Systems said yesterday. Taipei Rapid Transit Corp said it is considering offering one month of free rides on the new section to mark its opening. Construction progress on the 1.4km extension, which is to run from the current terminal Xiangshan Station to a new eastern terminal, Guangci/Fengtian Temple Station, was 90.6 percent complete by the end of last month, the department said in a report to the Taipei City Council's Transportation Committee. While construction began in October 2016 with an
The military has spotted two Chinese warships operating in waters near Penghu County in the Taiwan Strait and sent its own naval and air forces to monitor the vessels, the Ministry of National Defense (MND) said. Beijing sends warships and warplanes into the waters and skies around Taiwan on an almost daily basis, drawing condemnation from Taipei. While the ministry offers daily updates on the locations of Chinese military aircraft, it only rarely gives details of where Chinese warships are operating, generally only when it detects aircraft carriers, as happened last week. A Chinese destroyer and a frigate entered waters to the southwest
NON-RED SUPPLY: Boosting the nation’s drone industry is becoming increasingly urgent as China’s UAV dominance could become an issue in a crisis, an analyst said Taiwan’s drone exports to Europe grew 41.7-fold from 2024 to last year, with demand from Ukraine’s fight against Russian aggression the most likely driver of growth, a study showed. The Institute for Democracy, Society and Emerging Technology (DSET) in a statement on Wednesday said it found that many of Taiwan’s uncrewed aerial vehicle (UAV) sales were from Poland and the Czech Republic. These countries likely transferred the drones to Ukraine to aid it in its fight against the Russian invasion that started in 2022, it said. Despite the gains, Taiwan is not the dominant drone exporter to these markets, ranking second and fourth
RSS