[ISN] Cabinet says computers under attack

From: InfoSec News (isnat_private)
Date: Sun Sep 07 2003 - 22:21:19 PDT

  • Next message: InfoSec News: "Re: [ISN] Failing security threatens FTSE100 firms"

    Forwarded from: Travis Good <tgoodat_private>
    By Ko Shu-ling
    Thursday, Sep 04, 2003,
    China has launched a systematic information warfare campaign against 
    Taiwan, spreading Trojan-horse programs into private companies' 
    computers as a means to break into government databases, the Cabinet 
    said yesterday.
    "National intelligence has indicated that an army of hackers based in 
    China's Hubei and Fujian provinces has successfully spread 23 
    different Trojan horse programs to the networks 10 private high-tech 
    companies here to use them as a springboard to break into at least 30 
    different government agencies and 50 private companies," Cabinet 
    Spokesman Lin Chia-lung (Ls) said yesterday.
    The government agencies invaded by the Trojan-horse programs include 
    the National Police Administration, the Ministry of National Defense, 
    the Central Election Commission and the Central Bank of China.
    To minimize the damage, Premier Yu Shyi-kun yesterday instructed all 
    central government agencies to scrutinize their computer systems and 
    report to the authorities within two days. Those failing or refusing 
    to comply with the order may face punishment.
    Yu made the remark yesterday morning during the weekly closed-door 
    Cabinet meeting, in which Minister without Portfolio Tsai Ching-yen 
    (M) briefed Yu on the matter.
    "Trojan-horse attacks are one of the most serious threats to computer 
    security," Tsai said. "A computer user may have not only been attacked 
    but may also be attacking others unknowingly." 
    Because of the vast popularity and many weaknesses of the Windows 
    operating system, most of the damage is done to Windows users, Tsai 
    Although the National Information Task Force has warned government 
    agencies to be on alert, Tsai said, some agencies have failed to take 
    the warning seriously.
    "They either delayed reporting to authorities or tried to solve the 
    problem themselves. It not only stalled our response efforts but also 
    made the situation worse," Tsai said.
    Since it appears no government information has been stolen, Tsai said, 
    the deployment of the program is likely aimed at paralyzing the 
    nation's computer systems.
    "Of course there are other possibilities such as stealing sensitive 
    government information in vast sums or preparing computers for future 
    information warfare," he said.
    To help government agencies invaded by the program clean up the mess, 
    Tsai said the National Information Security Committee plans to 
    complete the programming of the anti-Trojan-horse software today.
    "We'll also post the solution manual on the Internet for the 
    convenience of other countries facing the same problem," Tsai said, 
    adding that Taiwan is the first country to have detected the program.
    Lee Hsiang-chen (ۦ), captain of the National Police 
    Administration's Criminal Investigation Bureau, said the situation has 
    been monitored 24 hours a day over the past two months.
    "We're glad that it has been detected before any damage was done," Lee 
    "If there's any lesson from this experience, it is not to use software 
    developed in China or hire Chinese computer programmers, because 
    you're running the risk of having the software you use implanted with 
    the Trojan-horse program," he said. 
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Mon Sep 08 2003 - 01:06:15 PDT