A hacker who last month infiltrated Taiwan High Speed Rail Corp’s ticketing system is now advocating legislation to protect the rights of “white hats” — computer experts who specialize in identifying vulnerabilities in information systems through penetration testing and other methods.
Chang Chi-yuan (張啟元), 25, was released on bail of NT$100,000 after he was allegedly found to have tampered the ticketing system to provide a NT$200,000 refund for a NT$20 ticket.
“I will not avoid talking about my behavioral issues, nor will I avoid addressing my legal problem, which I hope to resolve by identifying the fundamental problem,” Chang said on Facebook.
The government should create new laws and amend regulations to protect ethical hacking, he said.
Specifically, there should be a state-run platform for Taiwanese companies — regardless of whether they are in traditional or high-tech industries — to request system penetration testing, Chang said, adding that the platform should display the authorization status for white hat operations as well.
If a company welcomes white hat information security testing, the platform would reflect that the company approves such a practice, for which it would set legal boundaries and reward systems for ethical hackers, he said.
Companies whose systems are off-limits to ethical hackers could indicate through the platform that they do not permit the practice and people would be warned that they would face criminal punishment if they ignore the firms’ expressed prohibitions and hack into the systems, he added.
“If there is a specific law and a certification from the government, white hats can clearly know if a company allows information testing. There would be no gray area and it would free hackers from the bind of having to inform the company in advance,” Chang said.
Taiwan has many white hats, but they do not test the information systems of local companies due to fears of legal consequences, he said.
A specific law would create a win-win situation for Taiwanese corporations and ethical hackers, he added.
Creating platforms for ethical hacking is not a new concept, Chang said, citing privately run HackerOne and Bugcrowd as two of the most popular examples.
As no government has created such a platform, Taiwan could make a major leap forward by creating the world’s first state-run platform for white hats, he said.
Randy Tang (唐元亮), an associate professor at Chaoyang University of Technology’s Department of Information Management, told the Chinese-language Apple Daily in an interview that while he approves of amending regulations to allow ethical hacking, he thinks companies should be allowed to decide whether they allow such a practice, adding that hackers must conduct such testing with goodwill and pledge not to harm systems.
“However, following Chang’s logic, companies that refuse to grant such permission would receive negative reviews and even risk tarnishing their images,” Tang said.
Last year, Chang reportedly purchased 502 iPhones for NT$1 by hacking the Apple Pay system.
He was in 2015 fined NT$60,000 for infiltrating a bus operator’s system and buying a ticket for NT$1.
In 2013, he exploited a loophole in Facebook to delete posts by the social media platform’s founder, Mark Zuckerberg.
TRAGEDY: An expert said that the incident was uncommon as the chance of a ground crew member being sucked into an IDF engine was ‘minuscule’ A master sergeant yesterday morning died after she was sucked into an engine during a routine inspection of a fighter jet at an air base in Taichung, the Air Force Command Headquarters said. The officer, surnamed Hu (胡), was conducting final landing checks at Ching Chuan Kang (清泉崗) Air Base when she was pulled into the jet’s engine for unknown reasons, the air force said in a news release. She was transported to a hospital for emergency treatment, but could not be revived, it said. The air force expressed its deepest sympathies over the incident, and vowed to work with authorities as they
A tourist who was struck and injured by a train in a scenic area of New Taipei City’s Pingsi District (平溪) on Monday might be fined for trespassing on the tracks, the Railway Police Bureau said yesterday. The New Taipei City Fire Department said it received a call at 4:37pm on Monday about an incident in Shifen (十分), a tourist destination on the Pingsi Railway Line. After arriving on the scene, paramedics treated a woman in her 30s for a 3cm to 5cm laceration on her head, the department said. She was taken to a hospital in Keelung, it said. Surveillance footage from a
BITTERLY COLD: The inauguration ceremony for US president-elect Donald Trump has been moved indoors due to cold weather, with the new venue lacking capacity A delegation of cross-party lawmakers from Taiwan, led by Legislative Speaker Han Kuo-yu (韓國瑜), for the inauguration of US president-elect Donald Trump, would not be able to attend the ceremony, as it is being moved indoors due to forecasts of intense cold weather in Washington tomorrow. The inauguration ceremony for Trump and US vice president-elect JD Vance is to be held inside the Capitol Rotunda, which has a capacity of about 2,000 people. A person familiar with the issue yesterday said although the outdoor inauguration ceremony has been relocated, Taiwan’s legislative delegation has decided to head off to Washington as scheduled. The delegation
Another wave of cold air would affect Taiwan starting from Friday and could evolve into a continental cold mass, the Central Weather Administration (CWA) said yesterday. Temperatures could drop below 10°C across Taiwan on Monday and Tuesday next week, CWA forecaster Chang Chun-yao (張竣堯) said. Seasonal northeasterly winds could bring rain, he said. Meanwhile, due to the continental cold mass and radiative cooling, it would be cold in northern and northeastern Taiwan today and tomorrow, according to the CWA. From last night to this morning, temperatures could drop below 10°C in northern Taiwan, it said. A thin coat of snow