The Criminal Investigation Bureau has admitted that it handed out 54 malware-infested thumb drives to the public at a data security expo hosted by the Presidential Office from Dec. 11 to Dec. 15 last year.
The malware-infected USB sticks were among 250 drives that the bureau gave to the winners of a game about cybersecurity knowledge.
The malware program with the file name XtbSeDuA.exe was designed to collect personal data and transmit it to a Poland-based IP address that then bounces the information to unidentified servers, the bureau said, adding that it was known to have been used by an electronic fraud ring uncovered by Europol in 2015.
Only older, 32-bit computers are susceptible to the malware and common anti-virus software can successfully detect and quarantine it, the bureau said.
The 8-gigabyte thumb drives were purchased from contractors and some of them were made in China, but the bureau has ruled out Chinese espionage, it said, adding that the infection originated from an infected work station at New Taipei City-based contractor Shawo Hwa Industries Co (少華企業).
An employee at the company used the affected computer to transfer an operating system to the drives and test their storage capacity, transmitting the malware to 54 units, the bureau said.
Random sampling of the thumb drives, which were sourced from various contractors, failed to discover the malware, it added.
Distribution was halted in the afternoon of Dec. 12, after members of the public complained that drives had been flagged by their anti-virus programs, it said, adding that 20 drives have been recovered while 34 “remain in the wild.”
The server receiving the data from the malware was shut down after the bureau took measures to address the issue, it said.
National Police Agency Director-General Chen Chia-chin (陳家欽) and National Security Council cybersecurity adviser Lee Der-tsai (李德財) were briefed on the incident, an anonymous source said.
National security officials are unhappy that a Presidential Office event was compromised and concerned that the event might have been deliberately targeted by a hacker group, the source said, adding that they have demanded the bureau launch another probe.
The bureau has apologized to the Presidential Office and other government agencies that participated in the expo, the source said.
A student at National Chengchi University jumped from the roof of his apartment in the early hours of Sunday after he was allegedly bullied online. The 21-year-old student, surnamed Huang (黃), on Friday last week posted on the university’s online discussion forum asking the public to judge a dispute he was having with a female roommate about rent. An anonymous post on the online forum Dcard appeared on the same day, saying he was the last person to judge others, and that he was “a heavy smoker, lazy, a terrible group member for class projects and a person with a poor
‘WITCH HUNT’: Huang Wei-che’s comments made it seem as if all visitors to Tainan would be a threat and infected people should be fined, an association said Tainan Mayor Huang Wei-che (黃偉哲) should repeal a program to issue rewards for positive COVID-19 tests among people who return to their former home from northern Taiwan over the Dragon Boat Festival long weekend, the Taiwan Association for Human Rights said yesterday. Huang’s “authoritarian behavior” is unacceptable, the association said after he announced that people should notify the Tainan Public Health Bureau of people who travel to Tainan to visit relatives from Saturday to Monday next week and urge them to get tested for the virus. People would receive NT$1,000 if they submit a report that leads to a positive COVID-19 rapid
Scammers have developed new strategies to extract personal information and money amid the COVID-19 outbreak in Taiwan, the Taichung Police Department said on Sunday. The department provided advice to avoid online scams amid a surge in reports of people posing as contact tracing officials or e-commerce platforms. Scammers have developed new strategies to extract information and money, it said. Some pose as contact tracing officials, messaging targets to tell them that they have been listed as a contact of a confirmed case, it said. They ask for the target’s birthdate, national identification number, family members and other information, the department said. Contact tracing personnel do
A person who was on Friday reported as the first in Taiwan to die after receiving a COVID-19 vaccine died of a heart attack, a Central Epidemic Command Center (CECC) official said yesterday. The deceased, whose sex and age were not disclosed, had coronary artery disease, which led to a fatal heart attack, Centers for Disease Control Deputy Director-General Chuang Jen-hsiang (莊人祥), who is the CECC’s spokesman, told a news conference, citing the autopsy report. It was the first death listed as a possible adverse event after receiving the AstraZenenca COVID-19 vaccine since the start of the vaccination program on March 22. The