Sun, Nov 10, 2019 - Page 2 News List

Alleged hack was false alarm, university says

RELIEF:NTU reported a possible attack on its computer system last week, but it was, ironically, the work of a student testing possible loopholes in the system

By Wu Po-hsuan and Jake Chung  /  Staff reporter, with staff writer

The main gate of National Taiwan University is pictured in Taipei on Sept. 5, 2011.

Photo: Lin Cheng-kung, Taipei Times

National Taiwan University (NTU) has clarified that a report that its online education platform, CEIBA, had been hacked was a false alarm, as it was simply an error that occurred when a Department of Information Engineering student was conducting research.

The university on Wednesday reported that its system was hacked and that all students’ scores had been changed to 87.

The suspicion was that the numerals were specifically chosen to mock the university, as the number “87” means “idiot” in Hoklo (commonly known as Taiwanese) Internet lingo.

The university’s Department of Education Affairs Information Division director Kevin Chang (張良鵬) said on Friday that the department received notice on Wednesday that an engineering student had accidentally changed the scores.

“The student, who was testing theories about information security loopholes, made the changes to what they thought was one entry,” Chang said. “However, the single change affected the entire system.”

Fortunately for the university, the online education platform is an isolated platform for grading purposes and is not connected to the department database, he said.

The department recovered the original grades by restoring a previous backup of the system, he added.

Department director Ting Shih-tung (丁詩同) said the university’s Computer and Information Networking Center will be performing routine check-ups on university Web sites every three months.

The university’s Student Association head Tu Chun-ching (涂峻清) said that the school should be more cautious in terms of information security and that the university should reduce its reliance on information systems, citing an incident at National Sun Yat-sen University (NSYSU) as an example

NSYSU associate professor Chen Chih-chieh (陳至潔) on Facebook on Thursday said that university professors specializing in political science or cross-strait studies had their e-mails monitored — some for up to three years — by someone posing as a school official.

Commenting on the NTU incident, National Chiao Tung University Department of Computer Science professor Lin Ying-dar (林盈達) said that campus Internet systems are more open than networks used in the private sector.

While the student should not have been able to do what they did, NTU should ensure that its servers are compliant with the International Organization for Standardization Information Security Management System 27001, Lin said.

NTU should have annual checkups and detect weak points in its information security defenses, Lin said, adding that NTU should also consider setting aside a few days when lecturers and students would be “white hat” hackers, attacking the system to find weaknesses.

This story has been viewed 2976 times.

Comments will be moderated. Keep comments relevant to the article. Remarks containing abusive and obscene language, personal attacks of any kind or promotion will be removed and the user banned. Final decision will be at the discretion of the Taipei Times.

TOP top