Skip to content
Author
PUBLISHED: | UPDATED:
Getting your Trinity Audio player ready...

By Michael Gold

TAIPEI, July 19 (Reuters) – Taiwan is the frontline in an

emerging global battle for cyberspace, according to elite

hackers in the island’s IT industry, who say it has become a

rehearsal area for the Chinese cyberattacks that have strained

ties with the United States.

The self-governing island, they say, has endured at least a

decade of highly-targeted data-theft attacks that are then

directed towards larger countries.

“We’ve seen everything,” said Jim Liu, the 28-year-old

founder of Lucent Sky, a Taiwanese internet security company

specialising in resolving dangerous software vulnerabilities

that hackers can exploit in order to gain access to a system.

“We’ll see a specific attack signature here, and then six

months later see the same signature in an attack on the States.”

A Pentagon report in May accused China of trying to break

into U.S. defence computer networks. It followed another report

in February by U.S. computer security company Mandiant that said

a secretive Chinese military unit was probably behind a series

of hacking attacks that had stolen data from 100 U.S. companies.

Beijing dismissed both reports as without foundation. But

Taiwan experts say that hacking methods such as those outlined

in the Mandiant report are the same kinds of security breaches

that they had seen several years earlier.

Regarded by China as a renegade province it must recover, by

force if necessary, it is easy to see why Taiwan might be an

ideal target for Chinese hackers: it is close to the mainland,

Mandarin-speaking and boasts advanced internet infrastructure.

STOLEN DATA

This cyberwar playing out across the narrow Taiwan Strait

first came to public attention in 2003, when a Taiwanese police

agency realised hackers had stolen personal data, including

household registration information, from its computer system.

These attacks differed from traditional hacking attempts –

where many casual hackers attempt to disrupt their targets’

systems, these hackers went in stealthily, with the intention to

plunder rather than destroy.

“Back then it was very rare to see these kinds of social

network attacks,” said hacking specialist Jeremy Chiu, a

contract instructor in IT for Taiwan’s intelligence agencies.

“They were very, very well organised.”

Other indicators, including the ease with which the hackers

penetrated an email system written entirely in Chinese, painted

a picture of the culprits as a large, coordinated group of

mainland Chinese hackers.

“One thing that indicates government support for these

attacks is just the sheer volume – how many agencies are being

attacked on a daily basis,” said Benson Wu, postdoctoral

researcher in information technology at Taiwanese think-tank

Academia Sinica and co-founder of Xecure Lab, which focuses on

responding to advanced persistent threats.

Interviewed at his downtown Taipei office, Wu’s set-up fits

the classic hacker image: dimly-lit, strewn with wires and

humming with computers.

On a projector screen he displayed a list of emails, written

in Chinese, with subject headings like “meeting notes”, “dinner

attendance” and “questionnaire”.

“These are all hacking attempts,” Wu explained. Once the

documents have been opened, they plant a backdoor allowing the

hacker virtually unfettered access to the network.

HACKING NINE-TO-FIVE

One such “spearphishing” attack was reportedly used on the

White House in October. A Taiwan expert in cyberespionage

interviewed by Reuters estimated that thousands of Taiwanese

high-level government employees receive as many as 20 to 30 of

these emails a month.

“We’ve been following these Chinese hackers for so long, we

can track their daily work schedule,” said the expert, who asked

not to be identified.

“People expect hackers to be night owls, but these guys work

very normal hours – on Chinese national holidays, for example,

we don’t see any hacking activity at all.”

Tracking the exact source of the attacks, however, remains a

slippery game of internet sleuth.

“We take the IP address culled from the attack as a

springboard, then track it through the internet – perhaps the

same IP address was used in a forum registration, or to register

a QQ handle,” he said, referring to a popular Chinese chat

program. “It depends how good they are at covering their

tracks.”

China denies being behind hacking attacks on other nations

and insists it is a major victim of cyber attacks, including

from the United States – an argument that Beijing sees as

strengthened by revelations last month from a former National

Security Agency contractor, Edward Snowden, about top-secret

U.S. electronic surveillance programmes.

The United States and China held talks focused on cyber

issues last week.

According to internet platform Akamai, 27 percent of

worldwide hacking activity during 2012 originated in China. The

same report, however, also placed Taiwan among the top five

digital attack originating countries in 2012.

“Taiwan is one of the key countries where we see a lot of

activity,” said Singapore-based malware researcher Chong Rong

Hwa of network security firm FireEye Inc.

A report issued by SecureWorks, a network safety arm of PC

maker Dell Inc, said Taiwan government ministries are

swarming with a particularly malicious form of data-nabbing

computer virus.

In one year, the Taiwan National Security Bureau encountered

more than 3 million hacking attempts from China, according to

statements given by bureau director Tsai Teh-sheng in March in

response to questions from lawmakers.

Military and technology intelligence was included among the

pilfered data. A representative from the bureau declined to

comment when contacted by Reuters.

“Taiwan will continue to be the battleground for lots of

cyber attacks; it’s like we are on our own,” Wu said. “China has

a huge pool of talent and technical resources.”