Hackers from the Chinese military appear to have shifted the focus of their attacks against Taiwan from government institutions to the civilian sector, including think tanks, telecommunications, Internet nodes, and traffic signal control systems, the island’s top civilian spy agency said in a new report.
The report, submitted by the National Security Bureau (NSB) to the Legislative Yuan prior to a briefing on countermeasures on April 29, did not venture reasons why the PLA’s General Staff Department was now turning its sights on civilian infrastructure, nor did it indicate whether this alleged shift was part of a larger trend or was specific to Taiwan.
Rather than focus on government facilities and diplomatic missions abroad, think tanks, firms in the information technology sector or outsourced factories and businesses, network nodes — primarily industrial computers that are not protected by firewalls or invasion detection systems — broadband routers, factory-grade microcomputer controllers, cloud storage and traffic signal switches, were identified as the probable principal targets of Chinese hackers.
The report added that social media, which have grown immensely popular in Taiwan, could also be used to approach personnel in sensitive sectors or key positions via “massive social engineering” to gain access to their computers and thereby further penetrate the nation’s Internet defenses.
The bureau said that the extremely heavy dependence of Taiwanese on technology meant that society was increasingly vulnerable to this type of attack. It said an estimated 100,000 people are now involved in Chinese cyber warfare.
Taiwan, which Beijing claims as part of its territory, became the target of cyber attacks from China well before the U.S. and the rest of the world started paying attention to the threat (China denies engaging in offensive cyber warfare). As a result, from very early on the Taiwanese government had to implement various measures to ensure information security, and in the process has developed top-of-the-line expertise in identifying, tracking, and countering attempted hostile intrusions.
The NSB’s external web sites alone were the target of about 3.34 million confirmed hits from Chinese hackers in 2012, the bureau said, adding that the majority were “reconnaissance” operations rather than actual intrusions. Still, 70,000 contacts, or an average of 209 per day, were malignant attacks, it said, adding that all were successfully countered. The bureau’s intelligence network is closed and therefore inaccessible from external attacks.
Chang Kuan-yuan, deputy director of the NSB, said on April 29 an investigation had determined that 38 percent of the cyber attacks were launched from “zombie computers” that had been infected by viruses or Trojan horses.
The NSB report said that only the Executive Yuan and, somewhat more surprisingly, the Council of Agriculture, had passed general the Information Security Management System tests, with other agencies only partially doing so.
To help address the threat of cyber espionage from China, Minister of National Defense Kao Hua-chu told the legislature on April 29 that the Communications, Electronics and Information Division under the military would soon set up a fourth unit and increase its budget for Internet security. (Before his arrest in January 2011 on espionage charges, Major General Lo Hsien-che was in charge of the communications, electronics and information division at Army Command Headquarters. The high-profile case, for which Lo is now serving a life sentence, was regarded as the worst espionage case to hit the island in a half century.)
The shift does not mean that Chinese hackers have completely abandoned more traditional targets, however. On March 27, one day after the Ministry of National Defense held a press briefing about the upcoming Han Kuang military exercises, members of the armed forces received e-mails in their private accounts with subject lines related to the drills. Analysis demonstrated that the e-mails contained viruses, which prompted the ministry’s information security unit to take preventive action, David Lo, the military spokesman, said on April 28. Lo said that no sensitive information had been leaked as a result of the attacks, but added that the ministry had had difficulty identifying the source.
Despite being the principal target of the Chinese military and the persistent nature of cyber attacks, Taiwan’s regulations on the use of social media for armed forces personnel are surprisingly lax. Unlike the PLA, which strictly enforces a no-use regulation, a number of active Taiwanese soldiers, for example, have Facebook pages, which could make them ideal targets of social engineering efforts by Chinese cyber warriors.