“White hat” hackers and cyber-cops fight crime in Taiwan’s heavily attacked cyberspace.
Cybercrime is a growing problem in Taiwan and around the world, cybersecurity experts and law enforcement officers agree.
“It’s absolutely on the rise because everything is connected to the internet – you can shop online, can do anything,” says Wu Fu-mei, acting director of the Information and Communications Security Division within the Ministry of Justice Investigation Bureau. Along with network and mobile devices, the proliferation of connected IoT (internet of things) devices has created a vastly expanded pool of potential targets, many of which are only lightly protected from infection.
Incidences of software supply chains being infected with malware rose 200% last year, while targeted attacks were up 10% and mobile malware rose by 54% in 2017 in annual comparisons, according to global cybersecurity firm Symantec. The company notes that ransomware, in which an organization’s data is infected and encrypted by a hacker – to be decrypted only after payment of a ransom – has become so routine that the average amount of ransom demanded has dropped to only US$522 in 2017, less than half the 2016 average.
The Dark Web and the sudden rise of cryptocurrencies are key enablers of cybercrime. The Dark Web, that part of the internet accessible only through encrypted browsers such as TOR, provides criminals with an untraceable space for conducting illicit business ranging from hiring killers to obtaining illegal drugs – and buying and selling personal data stolen in data breaches. These transactions are now mostly done in Bitcoin or other cryptocurrencies, which use transparent blockchain technology but are anonymous.
“Both the Dark Web and digital currency are very difficult to trace,” notes MJIB’s Wu. “When we are investigating crimes we need to find two things: the cash flow and the information flow. The use of digital currency can hide the cash flow, and use of the Dark Web can hide the information flow.”
She adds that the relative ease and safety of cybercrime contributes to its appeal. “It’s a fairly easy way of doing crime. You don’t have to invest a lot, and you can commit a lot of crime by just sitting at a desk,” she says.
To cybersecurity experts, Taiwan’s digital landscape is a dystopian cyber-wilderness where malware bots hunt; hackers blackmail, rob, and vandalize; and our connected devices are able to be possessed by viruses and turn against us.
Shaking the doorknob
Taiwan receives tens of millions of attacks every month, most of them little more than “shaking the doorknob” to see if somebody forgot to secure an entry point. Many full-on attacks also occur that have resulted in massive data breaches and ransom payments. A lack of basic password protection on the part of an alarming number of firms and individuals means that hackers need not bother searching for back doors when the front door is wide open for intrusion and infestation.
Once inside, the malware takes increasing control over the device or server, often without impacting its usual functions. Cases of IP cameras that continue to record video even after being turned off and IoT household appliances recruited into a virtual army for distributed denial of service (DDOS) attacks at the behest of unseen masters have been widely reported in the media.
Doing battle against these hidden attackers is Taiwan’s army of “white hat” hackers in both the government cybersecurity agencies and the private sector. “It’s like a war,” says Allen Own, co-founder and CEO of cybersecurity consulting startup Devcore. “And there is an information disparity. The attackers always know more than the enterprise.”
Malware bots are endlessly scanning the internet for system and device vulnerabilities, and even the smallest lapse in password protection, coding, or design can result in a wholesale invasion. “Security is decided by the least secured links, which are everywhere,” says Steven Chen, CEO and co-founder of PFP Cybersecurity startup in Silicon Valley which has entered the Taiwan market.
Cybersecurity systems and technologies have advanced to the point that firewall, APT (Advanced Persistent Threats) deterrence, and other cybersecurity defense systems are now capable of fending off even the most sophisticated hacks. What is generally behind successful cyber-attacks is the weak link of the human factor. Symantec says that 71 % of successful hacks are due to phishing, in which people open up a bogus email that exposes their computer and thus their organization’s servers to infestation. Phishing attacks have brought down even the most internet-savvy people.
According to Hans Barre of Silicon Valley-based digital and social cybersecurity firm RiskIQ, corporate executives and brands from Taiwan and around the world are at huge risk of being “counterfeited.” An individual or organization may set up a profile on LinkedIn, for example, purporting to be a company executive. When this fraudulent identity makes contact with other industry professionals, they are easily fooled into exchanging emails and inviting the hacker right into their corporate networks, exposing all of their private data to theft.
Devcore deals with human error of a different kind, often involving website developers and programmers who make sloppy or inadvertent errors in their product, leaving them exposed to hackers. When programmers code websites with languages such as Java, PHP, or Ruby, mistakes or carelessness in the code might leave the site vulnerable to infection. Such errors can expose the site or other SQL (Structured Query Language) databases to infection, allowing hackers to access databases and basically wreak havoc on the system.
“These mistakes are the fault of the developer,” Own notes, adding that although he and the other 12 consultants at Devcore “might not be as good in these programming languages as actual developers are, “we are good in finding vulnerabilities.”
Devcore’s assignment is to act as the Red Team hackers, a term borrowed from military jargon used in war games, where the Red Team plays the role of attacker, while the Blue Team plays defense. Own’s team hacks the client’s website searching for vulnerabilities, which they usually find not in the main websites, but in developer-created websites that the company might not even be aware of.
Often website developers make a second website that mirrors the main site and is used as a practice and work site for future development. However, the second site is generally not protected as well as the first one, and can be a major point of system infection.
“The enterprise will defend the most important website that they own but the hackers will attack their other, less well-protected sites – the security level is lower,” explains Own. “They know that they have several websites but they don’t know which ones are vulnerable. But we know every website that they have, even if the company itself doesn’t know.”
Own says that along with his role operating his company, he was the vice-organizer for HITCON – the “Hacks in Taiwan” conference – from 2011-2014, and organizer from 2015-2017. The main purpose of the conference is to “teach the government and enterprise what security is, and how to keep your website secure.” This year’s HITCON is scheduled for July 27-28 at the Taipei Nankang Exhibition Center.
Benson Wu, co-founder of Taiwanese cybersecurity startup CyCarrier Security, aims to solve the problem of human error by removing humans from the security system as far as possible, relying instead on Artificial Intelligence (AI) for monitoring. He notes that even top-line cybersecurity platforms are only as good as their operators, with most requiring well-trained staff. “But the reality is that you often can’t find such experts because that talent is already working directly in the cybersecurity industry,” he says.
Industry insiders say that AI and Machine Learning (ML) are already being deployed on both sides of the cybercrime battle. Wu says that his company’s system never gets tired, never misses a warning, and can reduce the time for discovery of a system breach from months to a matter of days. As such efficiency doesn’t come cheap, Wu says CyCarrier Security is targeting only the top-tier companies in Taiwan and abroad that have the money and awareness to pay for a top-line cybersecurity platform. He adds that he doesn’t need to do much of sales pitch. He simply sets up the platform to evaluate how many times and for how long the company has been breached. “They sign up right away after they see the results,” he says.
Threats against Taiwan are usually attributed to China, but recent experience shows that is not always true, including the heists of First Bank by Russian hackers and the Far Eastern Bank by the North Korean-linked Lazarus gang. Taiwan produces its own home-grown hackers as well, as a recent case cited by the MJIB cybercrimes unit attests.
In that case, securities firms were threatened with a DDOS attack if they didn’t pay a ransom in Bitcoin to the hacker. “Most companies paid the ransom, but one did not and his whole computer system was hacked and paralyzed,” says MJIB’s Wu. The MJIB was called in and traced the hacker through the email that he had sent to the company. The culprit turned out to be a 20-year-old Taiwanese who told investigators that he had pulled off similar attacks numerous times, but had already spent the money he gained. He now faces up to five years in prison.
With the threat of cyberattacks now being taken more seriously in Taiwan, demand for cybersecurity talent is increasing and salaries are rising accordingly. But Taiwan’s cybersecurity professionals are also fervently committed to the cause.
“Making money is necessary, but doing business is not my only concern,” says Devcore’s Own. “My company and I are passionate about cybersecurity in Taiwan.”