Breaking news

When Taiwan’s media becomes the “broiler” of Chinese hackers, how can we attack and defend the red cyber war that manipulates information? | Reporter | LINE TODAY

When Taiwan’s media becomes the “broiler” of Chinese hackers, how can we attack and defend the red cyber war that manipulates information? | Reporter | LINE TODAY
When Taiwan’s media becomes the “broiler” of Chinese hackers, how can we attack and defend the red cyber war that manipulates information? | Reporter | LINE TODAY
Under the cyber offensive launched by Chinese hackers, Taiwan’s media, which has weak security conditions, is becoming a “broiler” for manipulation. The picture is a schematic and not the interviewee in the article. (Design/Wu Zhengda)

“China’s territorial sovereignty does not allow outside interference. China must not be less at all.” In August last year (2022), the live broadcast of “FTV News” on YouTube was suddenly blocked.Big red slogan cover, followed by the broadcast of “My Motherland and Me,” a song with strong nationalism, Taiwan’s local-conscious TV station instantly became a “One China” propaganda platform.Later, the National Communications Commission (NCC) updatedConfirm“FTV” was attacked by hackers as many as four times in one month.
However, the situation of “FTV” is not an isolated case. In fact, in recent years, Chinese hackers have continued to target many Taiwanese media for attacks. As the presidential election approaches, even the national news agency “Central News Agency” has been hit a higher level this year. What is the current situation of Taiwanese media being attacked by cyberattacks? What impact will the Red Hacker attack have? We tried to find out through never-before-revealed real-life cases and the eyes of security experts.

In early March 2023, Taiwan’s national news agency “Central News Agency” (referred to as “Central News Agency”) experienced an unprecedented large-scale cyber attack.

The attack occurred at 7:30 pm on March 5. Information personnel first noticed that the website connection became intermittent; within a few minutes, a huge number of connection requests surged like a flood, hitting the “Central News Agency” one after another. towerDNS server*. Before the relevant personnel had time to report back, the number of connections that could originally be received from thousands to 10,000 per second soared to millions to tens of millions, causing the server to be like a clogged blood vessel with no time to respond, “Central News Agency” 》The website was paralyzed and completely inoperable.

Advertisement (Please continue reading this article)

(DNS server*: The Domain Name System (DNS) is the phone book of the Internet. People access information online through domain names such as “”; Web browsers use IP addresses to access information. Interaction; DNS converts domain names into IP addresses so that browsers can load Internet resources.)

Recalling the scene at that time, Zhang Ruichang, the then president of Central News Agency, was still frightened: “The website was paralyzed for more than five hours. This was the most serious attack since I took office six years ago.”

That evening, Zhang Ruichang immediately worked with the agency’s information center to obtain attack records from Chunghwa Telecom. Data shows that the sources of attackers are spread across more than 6,000 computers infected by malicious programs. These “zombie computers” have become a target for hackers, and they constantly try to use various methods to launch DDoS attacks on “Central News Agency” that block a large amount of network traffic.

Advertisement (Please continue reading this article)

(DDoS attack*: short for Distributed Denial of Service, which refers to distributed denial of service. It uses a large amount of Internet traffic to overwhelm the target server or its surrounding infrastructure, thereby blocking the target server, service or network. Normal flow.)

In order to curb the offensive from the source, “Central News Agency” also applied to Chunghwa Telecom that day to upgrade the security protection level toLevel 2incorporating 24-hour attack protection monitoring and more levels of joint defense mechanisms to effectively mitigate a large number of DDoS attacks in an instant.“Because this is not the first time we have been attacked. It has been almost normal since 2020,”Zhang Ruichang sighed and explained.

The national news agency was disconnected from the Internet, copied and stolen, and targeted by hackers

As a national news agency, in addition to daily news releases, the Central News Agency also shoulders the important responsibility of providing correct information to government departments, which has also made them the focus of hacker attacks many times.

On July 1, 2020, “Central News Agency” experienced a wave of offensive. At that time, the three servers in the company were flooded with 250,000, 130,000, and 130,000 connection traffic per second respectively, which was dozens of times higher than normal times. On August 1 and September 1 of the same year, the same cyber attack was staged again. Zhang Ruichang analysis:

“It was the beginning of President Tsai’s second term, so we looked back and thought, what are July 1 and August 1? Only then did we realize that they were the days when the old Communist Party and the People’s Liberation Army were founded.”

Not just common DDos attacks, but mainly lurking and stealing dataAPT attack*Also focused on “Central News Agency”.Also in 2020, with national security in mind, an inter-ministerial committee was formedExecutive Yuan National Information Security Reporthad notified “Central News Agency” that the host had been hacked.

(APT attack*: APT is the abbreviation of “Advanced Persistent Threat” (Advanced Persistent Threat), which uses unauthorized methods to carry out widespread and sustained attacks for a long time. Its intrusion method is similar to traditional malware. Once successful, , they will hide their whereabouts, plant attack software in the network, and continuously extract data for months or even years.)

In order to find out which host was hacked, “Central News Agency” rarely shut down the external connection of the agency’s host, and then scanned and detected each computer before kicking out the attacker. But with hackers lurking for a long time, how long has “Central News Agency” been invaded? What information is missing? It’s almost impossible to investigate thoroughly.

A more serious problem occurred at the end of 2022, when the content of the “Central News Agency” website was completely copied and stolen, and the pirated webpage was even misjudged as the official version by the Google search engine.

After the “Central News Agency” investigated this incident, it was found that the perpetrator was an overseas gambling website, and the purpose may be to resort to unscrupulous means to increase traffic, but it has caused great concern among internal security personnel. A “Central News Agency” security officer pointed out that in addition to general readers, the customers of “Central News Agency” also include various media and portal websites such as Yahoo. The agency’s daily event preview is a service regularly used by media executives. Once “Central News Agency” has been counterfeited, paralyzed, or important information leaked, and the consequences are unimaginable.

Zhang Ruichang, who recently transferred to the new position of chief director of “China Central Radio”, emphasized that “authority” and “information accuracy” are the most important indicators in the operation of “Central News Agency”, but in the past few years, the diversified network Under the attack, these indicators have faced serious threats.

From the official to the private sector, many Taiwanese media have become the “broilers” of Chinese hackers

As early as 2013, information security companies had observed that Chinese hackers had implanted backdoors and malicious programs into computers used by political parties and media in an attempt to raise these units as “broiler chickens” and steal sensitive information. The picture shows the deputy control room of “Public Television” that was hacked. (Photography/Zheng Yuchen)

Not only Taiwanese media with an official flavor have been attacked by Chinese hackers. In a written response to the reporter’s inquiry, the “United Daily News” also confirmed that hacker attacks have become more frequent in recent years and the attack methods have become more sophisticated─they use The techniques are diverse, including account/password dictionary brute force attacks,Credential Stuffing Attack*social engineering phishing emails,SQL injection*,Cross-site scripting attacks*,Directory spanning attack*etc., but the hackers did not attack major news websites, and there were no specific acts of sabotage. They mostly tried to steal personal information and commit fraud. “United Daily News” pointed out that these attacks are unorganized independent hacker attacks.

(Credential stuffing attack*: Refers to an attack method in which hackers use botnets to continuously use stolen email addresses and passwords to “break open” the door of a website in an automated manner.)

(SQL injection*: SQL is the programming language used to maintain most databases. “SQL injection” (SQL injection) is a security vulnerability that occurs at the application and database layers. SQL is included in the input string Instructions, when a poorly designed program ignores character checking, these malicious instructions carried in will be mistaken by the database server as normal SQL instructions and executed, thus being destroyed or invaded.)

(Cross-site scripting attack*:Cross-Site Scripting (XSS) refers to attackers using website vulnerabilities to inject malicious code into web pages, which will be executed when other users browse these web pages, allowing the victim’s permissions to be hijacked and conversation content to be stolen. )

(Directory crossing attack*: Path Traversal refers to a vulnerability exploitation method that exploits security verification flaws of the website or user request verification flaws (such as passing a specific string to the file API) to list the server directory. This attack method The purpose is to exploit a flawed application to gain unauthorized access on the target file system.

Specifically, you can think of a website as a museum with many rooms, some of which are locked to prevent visitors from entering; but every room in the museum has ventilation openings. As long as you know the location of the room, you can pass through other rooms. Go to the Staff Only room through the vent in the room and get all the information you want. )

The situation when FTV was hacked was completely different. Not only did the hackers from the other side of the Taiwan Strait launch a fierce offensive, they also provocatively declared their unified intentions.On the evening of August 6, 2022, the live broadcast channel of “FTV News” on YouTube was suddenly displayed with a big red slogan.Covered with the words “China’s territorial sovereignty does not allow outside interference, China must not lose anything.”

“FTV” later issued a statement stating: “TV channels are broadcasting normally. What was affected by hackers was the content broadcast online. The main reason was that the source host was hacked, causing “FTV News” to be broadcast live on YouTube. The content is different from the content of the TV channel. I received a notification at 20:52 in the evening, the embedded video was removed at 20:54, and the source returned to normal.”

Looking back at this threatening information security incident, the person in charge of information security of “FTV” explained to the “Reporter” that the incident was due to the theft of the streaming key of YouTube live broadcast, resulting in the signal source being covered and the broadcaster The screen was replaced by hackers. Even though the problem was external, he was concerned about a breach into the company’s internal network.

“If successful, (the hacker) can do whatever he wants, such as controlling key systems, stealing or deleting data, broadcasting specific content, or even damaging the system to affect corporate operations,” the security director emphasized. . Afterwards, they quickly adjusted the system architecture, strengthened security regulations and personnel training, and even enabled “two-factor authentication” during the live broadcast to once again enhance the level of key protection.

(Two-factor authentication*: A method of computer access control. To improve security, users must pass two authentication mechanisms before they can be authorized to use computer resources. For example, they must enter a password and then obtain authorization through fingerprint comparison. )

In fact, this concern is well-founded. According to reports provided to FTV by external security companies, the number and frequency of attacks have increased significantly in recent years, highlighting that the war on media targeting is still heating up.

As early as more than ten years ago, such an offensive had already sprouted.

In 2013, famous for its AI security technologyAoyi Intelligent TechnologyIn what is regarded as the world’s highest palace of information security,Black Hat USAshare their observations. In the undisclosed report, the Aoyi Intelligent Technology team traced back all the way from a hacked computer, and finally discovered that everything from dozens of hosts in the “Kuomintang Party Headquarters” to hundreds of computers in “Apple Daily” and “Central News Agency” A backdoor has been implanted, which means that the information shared by both parties through the Internet is always under the surveillance of Chinese hackers.

Although hackers have been repeatedly exposed during incident investigations, the number of attacks has increased instead of decreasing in recent years. TeamT5 Dupu Digital Security Company, which specializes in cyber threat and information operations research, has discovered that since 2019, more and more Taiwanese media have been caught in the fire network of intensive cyber attacks.

Team T5 Dupu Digital Security Co., Ltd. recently released the “Operation Clairvoyance” report, which pointed out that most Taiwanese media have become targets of Chinese hacker attacks. (Photography/Yang Zilei)

“In the past two years alone, we have proactively reported at least 9 media outlets (being hacked) and conducted investigations at 5 of them. Most of them are mainstream media outlets with hundreds of employees, and they were taken down by (hackers) All are core systems,”TeamT5 threat intelligence researcher Liao Ziqing revealed to us.

The core systems that Liao Ziqing said were “defeated” were the email server and AD server (Active Directory server) that the media relied on most. One is in charge of internal and external communication, and the other is responsible for various account management and posting permissions. The two together constitute the most important function of the media: publishing news.

Due to confidentiality agreements, TeamT5 cannot disclose the names of the media outlets they discovered were hacked, and can only explain the specific process of the hacking. Chen Yuetian, another threat intelligence researcher who participated in the forensics, explained to us that at the end of 2022, the company detected an APT attack targeting newspaper A.

Chen Yuetian pointed out that the hacker first used a vulnerability scanning tool to find the SQL injection web vulnerability of newspaper A, sneaked in along the vulnerability and obtained preliminary permissions; then he used a vulnerability scanning tool called “Cute Cat (Mimikatz)“Put the password stealing tool into the compromised host and prepare to move to different computers.

The powerful “cute cat” is known as the “password stealing artifact” in the security circle. It can use the flaws of the Windows system to easily steal the account and password of the memory, creating a powerful springboard for hackers, allowing them to easily jump between different computers. . Such a tool was also one of the weapons used by Russia when it launched cyber attacks on Ukrainian power plants.

As the “cute cat” took effect, the hackers further obtained the highest authority of the IT staff of newspaper A. After being able to roam freely throughout the company’s network, they implanted backdoor programs into most hosts, moved laterally step by step, and finally occupied the newspaper’s mail server, successfully obtaining the mailbox accounts, passwords, and passwords of hundreds of employees in the company. All letter content and contact persons.

“The stolen information will be very extensive, including who the reporter is contacting? What is the content of the conversation? Who is the contact person for a specific project?APT attacks against the media are an important stage in information warfare. The goal is to collect a large amount of information.,” further analysis by the TeamT5 team.

In order to describe the frequent APT attacks on Taiwanese media, TeamT5 gave this offensive a code name: “Operation Clairvoyance.” They also used this to reveal several major intentions of the attackers, including malicious purposes such as collecting unique information, obtaining important information on political figures, and pretending to be media outlets to publish news.

As for the impact of the attack, TeamT5 pointed out that most people still tend to believe reports from credible news media. If the Chinese APT group invades Taiwanese media to spread false information, it will have the opportunity to incite public emotions and affect the political situation.

Because of this, every time during Taiwan’s elections, attacks targeting Taiwan’s media frequently occur. Wu Mingwei, the founder of Aoyi Intelligent Technology, pointed out the reason. He pointed out that the election period is the time when political media interact most frequently. In addition to reaching out to political parties, Chinese hackers are also deliberately infiltrating media that actively communicate with political parties. The media has therefore become information The priority target in the war.

Specifically, Chen Zhongkuan, director of information security research at Aoyi Smart Technology, used a “chicken farm” as a metaphor. He explained,Every media computer infected by a malicious program is like a “broiler chicken.” Hundreds of broiler chickens collected from all over form a chicken farm, and the hackers are the chicken farm owners. The owner will regularly collect eggs and chicken from the “broiler chickens”. This may be for interpretation of political events or high-value smart information.

How serious can a media hack be?The precedent of North Korea’s hacking operation “Dark Seoul”

On March 20, 2013, many television media and banks in South Korea were attacked by hackers at the same time. The picture shows the YTN newsroom in Seoul that day, and multiple computer hosts were paralyzed at the same time. (Photography/AP Photo/Yonhap/Dazhi Image)

There are many examples from various countries where hacker organizations have targeted the media and carried out attacks to bring unrest and social unrest.

In recent years, Proofpoint, an information security company with customers in the top 1,000 companies in the United States, releasedreportcontent display,Hacking groups often masquerade as journalists and media organizations because they can “easily open doors that others cannot.”. Gaining access to a journalist’s email account not only provides access to sensitive information, internal news, key insights into a specific field, and unique sources; the account itself is also a good disguise, allowing hackers to attack other targets and even be used to spread the message. False information.

In 2013, a hacker used APT to attacksuccessful takeoverThe official Twitter account of the Associated Press published a tweet claiming that then-U.S. President Barack Obama was injured in the attack on the White House. U.S. stocks fell more than 100 points in about 2 minutes after the tweet was posted.

In the same year, the infamousOperation “Dark Seoul”Here, North Korean hackers spent 8 months launching APT attacks through phishing emails. They infiltrated South Korean banks and media at least 1,500 times, stole information and deployed up to 76 types of malicious programs. According to an investigation by the Korea Broadcasting and Communications Commission (KCC), this wave of carefully planned attacks eventually led to nearly 50,000 computers being hacked. South Korea’s three major TV stations “KBS”, “MBC” and “YTN” even stopped because their computer hard drives were wiped. Operations; in addition, tens of thousands of personal computers at Shinhan Bank, Nonghyup Bank and Jeju Bank have also been shut down, causing online banking transactions to be interrupted and ATM machines to be unable to connect.

Later, South Koreareportpointed out that the country’s Defense Minister Kim Kwan-jin held an emergency security meeting and decided to change the “Military Intelligence Operational Defense Situation” (INFOCON)Upgraded from Level 4 to Level 3*be prepared for cyber war.

(Raised from Level 4 to Level 3*: INFOCON is divided into five levels, namely: peacetime preparedness (Level 5), enhanced military alert (Level 4), enhanced preparedness (Level 3), enhanced preparedness (Level 3) Level 2) and the highest readiness posture (Level 1). )

To this day, “posing as journalists” is still a common method used by North Korean hacker groups.In March this year, Mandiant, an information security company acquired by Google, releasedreportIt is pointed out that APT43 is a hacker group closely related to North Korea’s interests. The most common attack method they use is to pretend to be journalists or think tanks in phishing emails to defraud victims of specific information.

The report also cites several attacks in which the attackers used email addresses ending in “,” which is the same address as “@voanews” used by reporters from the US news outlet Voice of America (VOA). .com” address is almost the same.In addition, the identity of Shin Jin-woo, a reporter from South Korea’s Dong-A Ilbo, is alsobe usedAsk U.S. think tanks about the direction of North Korea policy.

After the large-scale hacker attack on the Korean Broadcasting Corporation (KBS) on March 20, 2013, the computer hard drives that were shut down by the attack were examined in the evidence collection laboratory of the Cyber ​​Terrorism Response Center of the Korean National Police Agency. (Photography/AP Photo/Lee ​​Jin-man/Dazhi Image)

Information security company: This is a “quasi-war” level attack and defense

Back in Taiwan, Lin Yingyou, assistant professor at the Institute of International Affairs and Strategy at Tamkang University, told the “Reporter” that in October 2022, he published a study on China’s military dynamics and the development of cyber forces.articleAfter that, my mailbox began to receive Chinese phishing letters from various sources of unknown origin, some pretending to be various think tanks, pretending to be students asking for advice, and some even claiming to be reporters.

“Why do you know it’s fake? Because there are some strange typos in the website, and there are attachments or links in the (fake) interview letters, saying that you need to interview online first, so it may be a Trojan horse (program),” Lin Yingyou concluded.

Lin Yingyou’s personal statement confirms the fact that Taiwanese media and reporters have also become tools for hackers.

Globally, 500,000 companies rely on their information security services, and they have also helped many Taiwanese mainstream media solve information security crises.Trend Microinterpreted this cyber offensive from the perspective of “quasi-war”.

“I recently received a case where a (media) client’s production and broadcasting system was hacked, which means that the entire TV station has been penetrated by (hackers),”Hong Weigan, general manager of Trend Micro Taiwan and Hong Kong, revealed.

He further explained that the problem with this mainstream TV station in Taiwan occurred in the core software responsible for recording and broadcasting news. Such software usually requires very high operating rights to activate, and it is hidden deep in the company’s overall network. Once such a production and broadcasting system is captured by hackers, it means that the AD server (Active Directory Server) connected to it has a high probability of having already fallen. Just like the castle gate falling into the hands of the enemy, the attacker will have unimpeded access within the city. .

Hong Weigan is worried that this type of intrusion is extremely dangerous and can stop the operation of the entire media in just one step.

“So I think this is a preparation for a quasi-war. Controlling the media is definitely the most efficient way to create social disturbance. In addition, the media are mostly small and medium-sized enterprises. It is easy to fight but valuable, so he (the hacker) There is no reason not to fight.”

On April 20, 2022, China Television, one of the public broadcasting groups, announced on the marquee one after another that cross-strait war was starting during the morning news broadcast.News, was not taken down until more than 7 minutes after it started broadcasting. Afterwards, although “China Television” claimed that it was a disaster prevention drill message that was mistakenly planted, it already caused panic among the public in a short period of time. Faced with such a mistake, Hong Weigan emphasized that although this was not an actual attack, it was the best example for hackers. Once the situation suddenly changes and the attacker takes over control of the media, they can use the news to spread fear.

Automated troops are in full force, and a smokeless war has already begun

Trend Micro, an information security company, revealed that in one of the cases they took over, the production and broadcasting system at the core of news production at a mainstream TV station was hacked. (Photography/Zheng Yuchen)

Since Central News Agency, many mainstream media outlets have fallen victim to APT attacks; what is even more worrying is that these may be just a few examples that have surfaced.

According to Trend Micro’s first half of 2023Security reportIt shows that Asia alone accounts for 51% of the global APT attacks, and attacks against the media have also increased in the past two years. Many information security companies have consistent observations.

Wu Mingwei, who serves as the vice chairman of both the Taiwan National Defense Industry Development Association and the Information Security Association, interpreted from a military perspective,He believes that the offensives faced by Taiwan’s media in recent years are no longer sporadic and tentative low-tech attacks in the past, but more like a full-scale attack by automated mechanical troops. A smokeless war has already begun.

How is the mechanical army composed? When Aoyi Intelligent Technology used AI to observe frequent network attacks in recent years, it discovered that in addition to using proprietary malicious programs such as “Waterbear”, “ShadowPad”, and “Taidoor”, Chinese hacker organizations have also used “Cobalt Strike” such Commercial penetration tools are fully used.

They explained to the Reporter that Cobalt Strike mainly assists information security companies in conducting red team intrusion attack drills, including a variety of penetration testing tools. As technology developers continue to rewrite it, it can now generate various Trojan programs, launch phishing email attacks, scan for vulnerabilities, and steal passwords. It almost covers all the technical aspects required in APT attacks, and is more compatible with teamwork to exert greater power. , which is why it is called an “artifact” by the information security industry and was even a U.S. export controlled product in the past.

In addition to excellent performance, the automation of this kind of specially crafted backdoor program is even more powerful. Chen Zhongkuan further explained that this artifact is like a combination of various weapons. As long as the operator orders it, large-scale operations will automatically start; therefore, its damage to the system is more serious. Once it breaks through the loopholes, it can not only hide from anti-virus software, It can also move laterally under information security protection, eventually laying down the entire company’s system and establishing a dense control network, and all of this is done automatically.

Actual data can support the power of automated weapons. Chen Zhongkuan gave an example, “Ten years ago, 20 hackers could invade and manage 300 companies. With the support of this tool, the same group of people can control tens of thousands of companies. This is why Taiwan’s media is commonly hacked.”

Behind being named by the United States is the APT organization supported by the CCP: Painted Skin and Hook Snake

As for the identity of the Chinese hackers who targeted Taiwanese media for attacks, TeamT5 analyzed at least three active hacker groups from their attack methods. They were formally prosecuted by the U.S. Department of Justice and named by the U.S. government as being behind the CCP’s support. Customer groups “APT41”, “Painted skin*” (Huapi) and “Hooked Snake” (GouShe*) (It is recommended to add their other international aliases in comments).

(Painted Skin*: This APT organization is also known internationally as BlackTech, CIRCUIT PANDA, Temp.Overboard, HUAPI, Palmerworm, G0098, T-APT-03, Manga Taurus, Red Djinn, etc. The main attack targets are East Asia (especially Taiwan) ), and occasionally Japan and Hong Kong.)

(GouShe*: This APT organization is also known as TroppicTropper or Keyboy internationally. In its attack operations in the past one or two years, it has shown its high interest in targeting the transportation sector and industry. They can also be observed in energy and government units. Traces. In addition, according to TeamT5 tracking results, this group may accept instructions from their units to monitor Taiwan’s critical infrastructure, and may control and take over these units at critical moments.)

(This APT organization is also known internationally as TroppicTropper or Keyboy. In its attack operations in the past one or two years, it has shown its high interest in targeting the transportation sector and industry. Their traces can also be observed in energy and government units. In addition, according to TeamT5 tracking results, this group may accept instructions from its units to monitor Taiwan’s critical infrastructure, and may control and take over these units at critical moments.

When naming these APT organizations, TeamT5 usually uses Chinese monster stories as inspiration, and selects suitable characters based on attack methods and characteristics. They explained that the hacker group “Huapi” is accustomed to wrapping the malicious programs it uses in various disguises to avoid detection by anti-virus software, just like the monsters in “Strange Tales from a Chinese Studio” who wear human skin. “Now these monsters change their faces.” , hiding in several Taiwanese media.”

Another group of Chinese hackers was named “Hook Snake”. TeamT5 threat intelligence researcher Liao Ziqing pointed out that this is because the most common method used by this organization is phishing letters. They will change one or two words of the link in the letter. So as to lure the victim into taking the bait. During the interview, we saw two familiar words in the phishing URL that were only one word different from the names of Taiwanese media: “UDM” and “liberty time”. In addition, he also added that the organization has been attacking Taiwan’s military and transportation departments in the past, and now its arrows are also aimed at the media. It is like a “hooked snake” hiding under the water, and will be eaten alive as long as anyone comes close.

Although the outlines of these APT attack organizations are still vague amid layers of camouflage and low-key lurking, from the notorious APT41, Painted Skin to Hook Snake, the logic behind TeamT5’s naming after Chinese gods and monsters is to emphasize the hacker community. Highly connected with the Chinese government.

On November 14, the Hacker Association of Taiwan (HIT) held the HITCON Carnival to help the government strengthen its information security capabilities and implement the information security resilience of various industries through public-private and transnational collaboration. (Photography/Lin Yanting)

When Chinese hackers attack Taiwanese media, it has become the norm, which not only affects the work and reputation of the media, but also threatens civil society and freedom of speech.

Among them, Hong Weigan pointed out another concern, that is, “Most media underestimate their own value.”

In recent years, Trend Micro has taken the initiative to report to the IT units of hacked media, and also provided voluntary incident investigations and structural adjustment suggestions, and signed confidentiality agreements afterwards to protect victims; but only less than 40% of Taiwanese The media is willing to accept assistance, not to mention taking stock of the overall system and finding the root of the problem. Hong Weigan said euphemistically:

“They (the media) may think that even if they are hacked, it shouldn’t be too serious. Because they don’t have great personal information or smart intelligence, I personally feel that their attitude towards this aspect (anti-hacking) is not that positive.”

A realistic consideration is that improving information security protection requires a large investment. Except for large media organizations that are more capable, small and medium-sized media organizations are often unable to do so.

In addition, in recent years, the“Information Security Management Law”Although it is targeted at our countrycritical infrastructureInformation security is regulated, and there is also the field of “communications and communication” in the classification. However, except for public broadcasting groups and specific media, most news organizations are not within the scope of such information security control. It is even more difficult for the information security environment to keep up with the continuous acceleration of hackers. pace of.

In comparison, the Central News Agency, which has experienced many hackers in recent years, has relatively strict information security requirements. Zhang Ruichang, the then president of the Central News Agency, which experienced a website crash earlier this year, pointed out that in order to prevent cyber attacks, the news center of the agency would send phishing emails to field reporters from time to time to test and remind reporters not to click on letters from unknown sources. In addition, when reporters connect to the company’s intranet, the company is also equipped with tools to detect whether their computers contain Trojan horse programs. Once an abnormality is discovered, the victim will be notified to shut down the computer, isolate it, and hand it over to information personnel for disposal.

On the other hand, in order to enhance employees’ awareness of information security, “Central News Agency” has also established a “Journalism School”, which holds special lectures regularly every month. Experts have been invited to give courses on information security topics such as APT attacks and social engineering. It is necessary for the news practitioners in the society to understand how information security should start from everyone in today’s frequent Internet offensives.

Despite this, “Central News Agency” still realizes that the existing information security defense lines are not strong enough. Zhang Ruichang pointed out that in the “Financial Security Action Plan 2.0” promoted by the Financial Supervisory Commission at the end of 2022, in addition to stipulating that every financial institution must set up a professional “Information Security Officer”, it also promotes regular joint liaison meetings to strengthen exchanges and research discuss information security strategies in the financial sector, but most media in Taiwan do not do this and generally lack relevant understanding.

He emphasized,Media security is actually a national security issue:

“Providing correct information is the most basic line of defense. If information security is not done well, no matter how good the message (the media) is, it will not be conveyed. If the message is confusing, the people will not follow it. If even this line of defense is broken, then Taiwan’s Safety is at stake.”

As one of the few media outlets that has the position of “Chief of Information Security”, “Public Television” (Public Television for short) also holds the same view. Chen Yunli, deputy general manager of “Public Television” emphasized:

“There will be more than 30 cases of hackers trying to invade or implant malicious programs every week in “Public Television”. If such a character is used as a tool by hackers, whether it is spreading false information or videos, it will cause social chaos, so Normal media is an important pillar in maintaining national stability.”

In the past, Chen Yunli worked in the financial industry, which has relatively strict information security requirements. Chen Yunli only took up the position in July this year. His main task is to establish an information security protection system for “Public Television”, including establishing a full-time information security team to plan relevant policies, The core production and broadcasting systems of the news are specially separated, and they even stipulate that all USB uses must be scanned for viruses first. They have also set a mid-term goal of 3 to 5 years, and allocate a budget of 20 million per year to convert the old system. Replace them gradually to prevent software vulnerabilities from becoming an easy way for hackers to gain entry.

Compared with the above-mentioned national news agencies and public media, FTV has used various channels to strengthen information security resilience. They told the “Reporter” that in addition to cooperating with external security companies to purchase traffic cleaning services to prevent DDos traffic blocking attacks, “FTV” has also introduced more security equipment and vulnerability scanning tools in recent years, and invested more in security Manpower is used to deal with abnormal situations, hoping to reduce the impact of attacks as much as possible when being listed as the main attack target by hackers.

“United Newspapers” also emphasized in a written reply to the “Reporter”‘s questions that the newspaper attaches great importance to information security management and obtained ISO27001 (information security management) certification on May 5, 2016. In recent years, hacker attacks have become more frequent and attack methods have become more complex. Relatively, more resources and manpower are needed to deal with hacker attacks.

In view of the increasing importance of the media in the face of false information and cyber attacks flying all over the world, TeamT5 once again suggested that Taiwan’s media need to take more proactive measures at this year’s Black Hat Asia, Asia’s largest information security event. Take measures to protect your systems and data, including strengthening employee information security education, establishing complete security control measures, updating and patching software vulnerabilities, and conducting regular vulnerability scanning and testing.

In the smokeless war, the front lines continue to advance bit by bit. Hackers use automated software to feed the media as “broiler chickens”, not only stealing key information, but also deliberately using the media as attack tools. As the presidential election in January next year gradually heats up, Chinese hacker organizations’ offensive against Taiwan’s media has also escalated step by step. How to make media security more resilient will be an important part of strengthening Taiwan’s democratic defense mechanism that cannot be ignored.

The article is in Chinese

Tags: Taiwans media broiler Chinese hackers attack defend red cyber war manipulates information Reporter LINE TODAY


PREV An escape photo shocked the world. The woman in the red shawl survived: Sometimes she feels guilty for surviving | The Israeli-Palestinian conflict has resumed | Global
NEXT Malaysian actress died suddenly after blowing her hair?Doctors say the cause of death is “a bit far-fetched”: but if you encounter two symptoms, seek medical attention immediately