A hacker who last month infiltrated Taiwan High Speed Rail Corp’s ticketing system is now advocating legislation to protect the rights of “white hats” — computer experts who specialize in identifying vulnerabilities in information systems through penetration testing and other methods.
Chang Chi-yuan (張啟元), 25, was released on bail of NT$100,000 after he was allegedly found to have tampered the ticketing system to provide a NT$200,000 refund for a NT$20 ticket.
“I will not avoid talking about my behavioral issues, nor will I avoid addressing my legal problem, which I hope to resolve by identifying the fundamental problem,” Chang said on Facebook.
The government should create new laws and amend regulations to protect ethical hacking, he said.
Specifically, there should be a state-run platform for Taiwanese companies — regardless of whether they are in traditional or high-tech industries — to request system penetration testing, Chang said, adding that the platform should display the authorization status for white hat operations as well.
If a company welcomes white hat information security testing, the platform would reflect that the company approves such a practice, for which it would set legal boundaries and reward systems for ethical hackers, he said.
Companies whose systems are off-limits to ethical hackers could indicate through the platform that they do not permit the practice and people would be warned that they would face criminal punishment if they ignore the firms’ expressed prohibitions and hack into the systems, he added.
“If there is a specific law and a certification from the government, white hats can clearly know if a company allows information testing. There would be no gray area and it would free hackers from the bind of having to inform the company in advance,” Chang said.
Taiwan has many white hats, but they do not test the information systems of local companies due to fears of legal consequences, he said.
A specific law would create a win-win situation for Taiwanese corporations and ethical hackers, he added.
Creating platforms for ethical hacking is not a new concept, Chang said, citing privately run HackerOne and Bugcrowd as two of the most popular examples.
As no government has created such a platform, Taiwan could make a major leap forward by creating the world’s first state-run platform for white hats, he said.
Randy Tang (唐元亮), an associate professor at Chaoyang University of Technology’s Department of Information Management, told the Chinese-language Apple Daily in an interview that while he approves of amending regulations to allow ethical hacking, he thinks companies should be allowed to decide whether they allow such a practice, adding that hackers must conduct such testing with goodwill and pledge not to harm systems.
“However, following Chang’s logic, companies that refuse to grant such permission would receive negative reviews and even risk tarnishing their images,” Tang said.
Last year, Chang reportedly purchased 502 iPhones for NT$1 by hacking the Apple Pay system.
He was in 2015 fined NT$60,000 for infiltrating a bus operator’s system and buying a ticket for NT$1.
In 2013, he exploited a loophole in Facebook to delete posts by the social media platform’s founder, Mark Zuckerberg.
Former Czech Republic-based Taiwanese researcher Cheng Yu-chin (鄭宇欽) has been sentenced to seven years in prison on espionage-related charges, China’s Ministry of State Security announced yesterday. China said Cheng was a spy for Taiwan who “masqueraded as a professor” and that he was previously an assistant to former Cabinet secretary-general Cho Jung-tai (卓榮泰). President-elect William Lai (賴清德) on Wednesday last week announced Cho would be his premier when Lai is inaugurated next month. Today is China’s “National Security Education Day.” The Chinese ministry yesterday released a video online showing arrests over the past 10 years of people alleged to be
THE HAWAII FACTOR: While a 1965 opinion said an attack on Hawaii would not trigger Article 5, the text of the treaty suggests the state is covered, the report says NATO could be drawn into a conflict in the Taiwan Strait if Chinese forces attacked the US mainland or Hawaii, a NATO Defense College report published on Monday says. The report, written by James Lee, an assistant research fellow at Academia Sinica’s Institute of European and American Studies, states that under certain conditions a Taiwan contingency could trigger Article 5 of NATO, under which an attack against any member of the alliance is considered an attack against all members, necessitating a response. Article 6 of the North Atlantic Treaty specifies that an armed attack in the territory of any member in Europe,
LIKE FAMILY: People now treat dogs and cats as family members. They receive the same medical treatments and tests as humans do, a veterinary association official said The number of pet dogs and cats in Taiwan has officially outnumbered the number of human newborns last year, data from the Ministry of Agriculture’s pet registration information system showed. As of last year, Taiwan had 94,544 registered pet dogs and 137,652 pet cats, the data showed. By contrast, 135,571 babies were born last year. Demand for medical care for pet animals has also risen. As of Feb. 29, there were 5,773 veterinarians in Taiwan, 3,993 of whom were for pet animals, statistics from the Animal and Plant Health Inspection Agency showed. In 2022, the nation had 3,077 pediatricians. As of last
XINJIANG: Officials are conducting a report into amending an existing law or to enact a special law to prohibit goods using forced labor Taiwan is mulling an amendment prohibiting the importation of goods using forced labor, similar to the Uyghur Forced Labor Prevention Act (UFLPA) passed by the US Congress in 2021 that imposed limits on goods produced using forced labor in China’s Xinjiang region. A government official who wished to remain anonymous said yesterday that as the US customs law explicitly prohibits the importation of goods made using forced labor, in 2021 it passed the specialized UFLPA to limit the importation of cotton and other goods from China’s Xinjiang Uyghur region. Taiwan does not have the legal basis to prohibit the importation of goods