Taiwan a canary in the coalmine of cyber warfare

December 08, 2014

So hacked are Taiwan's computers that some government employees are issued with two - one connected to the internet, and a second that remains offline for security reasons.

For the past two weeks, entertainment giant Sony Pictures has had its computers paralysed by a cyber attack that has resulted in unreleased movies and thousands of confidential documents being released. While there is widespread suspicion that North Korea is behind the attack, its unprecedented level of sophistication is a harbinger of cyber conflicts to come.

Taiwan can claim the dubious honour of being one of the most hacked, if not the most hacked, places in the world. The computers of its government, businesses and research centres are bombarded by attempts to infiltrate them to steal sensitive information, probe defences and explore their inner workings.

So hacked is Taiwan that employees of some government ministries are issued with two sets of computers - one connected to the internet, and a second that remains offline for security reasons.

Eight out of ten top-tier government agencies “are either targeted for a long time or have been compromised”, says Benson Wu, co-founder of Taipei-based analysis and security company Xecure Lab. Many bugs and tactics “are being exercised and verified in Taiwan before they are used in other countries”. And where are those raids coming from? “The attack frequency and targets are highly related to the political situation” between Taiwan and China. Taiwan’s Chinese-language networks make a perfect target for hackers from the People’s Republic, Wu says.

Taiwanese cyber defence experts have even noticed correlations between attempts to intrude on Taiwan’s networks and office hours in China - activity drops off during mainland China’s national holidays, for example.

The first widely reported “cyber war” in the world occurred between China and Taiwan in 1999, when Taiwan’s president Lee Teng-hui infuriated Beijing by suggesting the two countries accept state-to-state relations, rather than the status quo in which Taiwan eschews independence from Beijing despite having its own government.

Today, relations between Taiwan and Beijing are warmer. Taiwan has been expanding trade ties with China and since 2008 has signed more than 20 cross-strait agreements with the mainland. Taiwan has even marketed itself as a “springboard” into China for foreign companies.

None of this has slowed the onslaught on its computers. The executive branch of Taiwan’s government alone was hit by more than 1900 cyber attacks a week in 2013, and about 440 email attacks a month, according to Taiwanese government data.

Taiwan estimates China has 100,000 people at work in a national cyber army today. And the types of digital threats to Taiwan from China keep expanding: in October, Taiwan’s National Communications Commission found that two models of mainland China-made smart phones were transmitting data to servers overseas “many of which are in China”, creating what Taiwanese media described as a “security risk”.

Other countries, including Australia, face a similar paradox with China - courting expanding trade while planning for a more assertive Chinese military. In the unregulated sphere of the internet, the contradiction is acute.

The recent “Ke3chang” cyber campaign, thought to originate in China, uses what appears to be an emailed offer for updates on the Syrian conflict to deliver spyware to the computers of diplomats and foreign ministry staff around the world.

“The most advanced cyber attacks are not simply about hacking, but they represent a true team effort, including professional intelligence analysis and linguistic support,” says Kenneth Geers, a Kiev-based information security analyst at 2051 Research.

Although clear attribution of attacks is difficult, Taiwan has few illusions about China’s role. Taiwanese security researcher Jim Liu, of California-based application security company LucentSky, says two types of viruses come from mainland China. “There is sophisticated malware that is likely developed by the state or state-sponsored organisations, which are almost always targeted,” he said. “There is also a large amount of simpler malware that targets everyone (including people and organisations within China).”

The targeted malware - known as advanced persistent threats, or APTs - are largely supported by nation states and are designed to steal trade secrets, listen in on government or undermine security.

Last year, Taiwan ranked behind only Japan and South Korea in Asia for the number of APTs, according to one tally by network security firm FireEye. In terms of unique APT families – in other words, newly created computer bugs – Taiwan, a nation of 23 million, ranked No. 2 in Asia behind Japan, a country more than five times Taiwan’s size.

The consequences of the data theft and intrusions for governments and businesses are real. “The PRC’s military cyber capabilities and hacking have become a threat to our national security,” Taiwan’s National Defence Report concluded last year. The intrusions into infrastructure pose a threat to a nation that Beijing sees as a renegade province to one day be reunified with the mainland, perhaps even by force. The extensive hacking program could let China use the wealth of knowledge about Taiwan’s networks to cripple its military’s command, control and logistics networks, “once a conflict arises”, the report said.

Chinese hackers have also preyed on Taiwanese trade secrets. Taiwan, famous for its integral role in global laptop production, has been a significant source of information on computer design.

David Hong, president of the Taiwan Institute of Economic Research think tank, says online intellectual property theft has been a serious problem, with many small to medium-size businesses that foster innovative products affected. “We learned the lesson quickly and we know how serious the problem is now,” he said.

Geers said the mass scale of China’s cyber efforts against Taiwan show that “quantity has a quality all its own”. The question is: can Taiwan’s technical acumen save it from a sustained onslaught from a much larger rival, particularly as China’s overall technology quality increases?

Liu says Taiwan has a great pool of talented private-sector engineers in the needed areas: “There are many experienced security consultants in Taiwan, at least partially because of the frequent attacks from China, and software engineers in Taiwan usually have a better knowledge of cyber security.”

Taiwanese hackers have their own history. The People’s Republic has long claimed its computers have been breached by Taiwanese hackers. In 2009, China’s then-prime minister Wen Jiabao said they stole one of his speeches from a computer before he delivered it in public.

But Taiwan’s deeper economic integration with China, itself a source of controversy, increases the challenge.

The “anything goes” nature of cyber competition raises the question: how long before cyber conflict spills over into real world? Experts in the West have been asking whether countries could sign treaties to agree on behaviour and protocols in this area.

Noted US security expert Bruce Schneier writes: “We’re in the early years of a cyber war arms race. It’s expensive, it’s destabilising, and it threatens the very fabric of the internet we use every day.”

He is one among many voices, including those in government, calling for treaties to cover behaviour in cyberspace. The question is whether the cyber realm is a place where countries can come to agreement, or inevitably a scene of competition and a technological arms race built on faster computers and more devious coding. Whatever happens, Taiwan’s experience with China will likely prove one of the most telling cyber conflicts for the world to watch.

This story originally appeared on The Age.