Microsoft’s Digital Crimes Unit (DCU), an investigative consultancy aimed at assisting law enforcement agencies to root out cybercrime, employs a dynamic map that displays locations from which cyberattacks are originating, as well as locations that are being victimized. Until roughly seven years ago, the map showed Taiwan as being the victim of large-scale cybercrime. But the number of attacks originating in Taiwan and targeting other countries has expanded, making Taiwan now a net exporter of cyberattacks. Does this change imply that organized crime in Taiwan has surged in recent years, or that criminal “black hat” hackers have suddenly become more active on the island?
But the number of attacks originating in Taiwan and targeting other countries has expanded, making Taiwan now a net exporter of cyberattacks.
Not really, says Vincent Shih, general manager of legal and corporate affairs for Microsoft Taiwan. He explains that the cyberattacks apparently originating from Taiwan in fact derive from botnets, malware that has been embedded into the PCs and other devices of unsuspecting victims by criminals mostly located abroad. When those criminals in other countries want to trigger a cyberattack, they can easily activate the bots embedded on PCs in Taiwan to do their dirty work for them. “That’s why a lot of attacks come from Taiwan, but in reality Taiwan is just a transfer point,” says Shih.
At the same time, Taiwan is among the most heavily attacked nations in East Asia, behind only Japan and South Korea. Although the government news service Taiwan Today reported last January that “the government has experienced an annual average of 300-plus intrusion attempts over the past three years, according to the Cabinet-level Information and Communication Security Technology Center,” media reports indicate that attempted intrusions to the Executive Yuan alone could number in the thousands per week.
Taiwan is among the most heavily attacked nations in East Asia, behind only Japan and South Korea.
Cybersecurity firm Trend Micro Inc. says that from 2012 to mid-2015, it discovered over 300 cyber-attacks against 100 firms in Taiwan. Trend Micro observes that “targets are mostly government bodies, national defense organizations, critical systems and infrastructure, high-tech companies, media outlets and financial institutions,” adding that “cyberattacks have become a serious and common threat in Taiwan.” Microsoft’s Shih notes it takes an average of 229 days for victims to even realize they have been attacked.
Most security analyses point to China’s notorious cybercriminals as the perpetrators, but Shih cautions that the situation is more complicated. “We can’t exclude the possibility that China” is behind many of the attacks, particularly against government-related organizations, he says, but adds that many of the cases that the DCU sees in Taiwan actually originate in Eastern Europe and that the main goals are financial, not political.
Targets are mostly government bodies, national defense organizations, critical systems and infrastructure, high-tech companies, media outlets and financial institutions.
According to Lin Hung-chia, technical evangelist at Microsoft Taiwan, the high connectivity rate and high-quality Internet service in Taiwan make it an attractive target for cyber-criminals from around the world, especially when combined with Taiwan’s generally lackadaisical attitudes towards cybersecurity.
“As a technologically advanced nation, Taiwan should be in pretty good shape in terms of cybersecurity,” says Shih. “But actually the situation is quite serious. Most people aren’t aware of how serious it is.”
This lack of awareness exposes Taiwan’s businesses and civilians to a range of potential crimes, including credit-card fraud, identity theft, and a host of other abuses. It also undermines national security by allowing access to Taiwan’s networks by China’s army of cyber-spies.
China’s cyber-espionage networks are estimated to employ some 100,000 hackers who create mischief around the world, infiltrating databases, stealing information, and disrupting operations. Taiwan is in the crosshairs of China’s cyber-spies not only because of cross-Strait political tensions, but because the common language eases their way. Chinese hackers also see Taiwan as a training ground for attacks against harder targets, such as the United States.
Cybercriminals and spies employ similar tactics, including Advanced Persistent Threats (APT) designed to evade detection and maintain a low profile while slowly penetrating a system and remaining there to collect information.
It takes an average of 229 days for victims to even realize they have been attacked.
The Taiwan government has established a number of offices to counter cyber crime and espionage, including the Computer Emergency Response Team (CERT) set up in 2001 and the National Information and Communication Security Taskforce (NICST) created by the Executive Yuan in December 2013. Experts consider these agencies to be a good start, but view them as plagued by jurisdictional complications. For example, NICST works in tandem with the Ministries of Science and Technology, Justice, and Interior, as well as the National Security Council and the Office of Homeland Security.
“The different government agencies all have their own goals and their own strategies and usually they don’t talk to each other,” observes Microsoft’s Shih. “We promote the concept that government should have a central authority that is in charge of the overall strategy and can really orchestrate all of these activities.”
From a defense perspective, there is concern that cyberattacks could be used in the early stages of a military attack to cripple civilian infrastructure and financial markets, as well as to destroy Taiwan’s military command, control and logistics networks. Taiwan’s military uses its own network segregated from the civilian internet, but crossovers do happen, with civilian defense contractors often being the access point into the military network.
China’s cyber-espionage networks are estimated to employ some 100,000 hackers who create mischief around the world, infiltrating databases, stealing information, and disrupting operations.
A government expert in countering cyber-espionage, who asked not to be named, says that “by switching the tactical targets of malware to contractors’ computers and programs instead of installing malware on agency’s computers directly, cyber-espionage hackers can make security devices installed in the agency’s network less effective, which forces us to strategically expand the defense line to the contractor’s networks.”
Cyberwarfare has been an element in Taiwan’s annual Han Kuang military exercises since the early 2000s, but the Democratic Progressive Party (DPP) has much bigger plans for countering the cross-Strait cyber threat. In a defense position paper issued last year, the DPP proposes to “combine cyber and electronic warfare capabilities present within the civilian sector with existing military capabilities” to make up a “fourth service” on par with the nation’s army, navy and air force. Besides strengthening Taiwan’s defenses, the DPP sees the proposal as having another major benefit: enhancing the military’s recruitment of top-quality IT professionals.