In August, tensions between Taiwan and mainland China were running high in the wake of Taiwan's adoption of the "special state-to-state relations" formula. Unwilling to be left out of the debate, a few patriotic Internet users voiced their views by hacking into government websites belonging to the "other side." After several mainland hackers, primarily from Sichuan's "Red Guards," posted the message "Taiwan is part of China" on several Taiwan government websites, Taiwanese hackers hit back by plastering Hello Kitty! images all over the front page of a mainland government website, along with the message: "Taiwan is Taiwan! China is China!"
The press reported that hackers attacked web pages in Taiwan more than 72,000 times in just a few days, and that 165 of those attacks were successful.
Following these attacks, Taiwan's Institute for Information Industry (III) quickly established an "Internet Security Services Group" to provide consulting services to government and industry on Internet security and regulation. Chen Hsiang-sheng, who heads the group, says, "Having government sites hacked was a small price to pay for making people aware of security issues. Nothing more was lost than a little 'face.' They changed the sites, and we changed them back." Because most government sites simply publish policies or provide access to databases, when information is destroyed, it need only be restored. The information on these sites is like a message tacked to a bulletin board; if it gets blown away by the wind, you just tack up another copy of the message.
The hackers are coming?
In the US, statistics show hackers to typically be males aged between 18 and 35. They tend to be strongly individualistic or anarchistic, desire to defy authority, are introverted and possess poor interpersonal skills.
The 1991 book Cyberpunk, by journalists Katie Hafner and John Markoff, mentions that hacker culture got its start in the 1970s with the "phreaks," a small group of people who used a whistle from a cereal box to bypass the phone company's billing system and make free long distance calls. The early "phreaks" were simply having fun. By avoiding paying for long distance calls, they were just demonstrating their technical prowess. Kevin Mitnick is the hacker whose name perhaps rings a bell with most people. He is alleged to have hacked into the computers at NORAD in 1982, and he ultimately ended up in jail.
Markoff has written numerous further reports about Mitnick, but the image presented of the hacker has aroused much controversy. Mitnick himself, speaking from prison in an interview with Forbes magazine published in April 1999-one of his first interviews since his incarceration-denied hacking into NORAD computers, and Markoff admits he did not verify this allegation.
The Forbes article points out that although Mitnick did indeed gain access to the computers of such corporations as Motorola and Nokia, and illegally copy software, their is no evidence to suggest that he either corrupted their data or sold it for gain. The report questions why Mitnick is set to spend a total of five years in jail, when the average term served for manslaughter in the US is only three years. By treating Mitnick as a terrorist, the writer suggests, the US government has severely overreacted.
Statistics from the US's Computer Security Institute identify user carelessness as the greatest threat to computer security (55%). Next in line are equipment crashes (20%), disgruntled employees (19%), viruses (4%) and hacker attacks (2%).
Cheng Hsiang-sheng asks, "When a security company (or an individual) wants to hire a guard, shouldn't it check the guard's background?" He says that computer security is much the same. It is an issue you need to be aware of from the earliest stages of program development. When a newly written program begins testing, the company needs to note which commands are not executed, and see if these have been altered in any way.
Going on patrol
The idea of network security, and the companies which provide it, were brought into being by the fact that network safety requires both technology and manpower.
In 1988, Robert Morris, a graduate student at Cornell University, created the first computer virus. The virus propagated and got out of control, crashing the university's computer network.
The problem was eventually fixed through the combined efforts of a number of American computer scientists. Realizing that the increasing size and complexity of computer networks made it impossible for any individual to discover all the holes within them, these scientists established the Computer Emergency Response Team (CERT) at Carnegie-Mellon University. They hoped that by working together, network security issues could be predicted and resolved.
"The frequent network security problems that arise are the result of the rapid advance of computer technology," notes Liu Ta-chwan, head of the Internet group at National Chiao Tung University's computing center. He says that security issues increase in direct proportion to technological advances. CERT, a non-profit organization with offices in many nations, notifies users immediately when it discovers potentially harmful network problems (e.g. new viruses).
With the support of the Directorate-General of Telecommunications, Taiwan established its own Taiwan Computer Emergency Response Team (TCERT) in November of 1997. It is headed up by Chen Nian-shing, an associate professor in the Institute of Information Management at Sun Yat-sen University. TCERT currently has four full-time staff who provide 24-hour service to members. If a member discovers that one of its systems has been invaded, TCERT will trace the entry path to find the loophole which the invader exploited, then create a patch for it.
In addition, Chen's team will promote "the notion of patrolling like a security guard, setting up programs that investigate a system's status automatically, and providing warnings when necessary." But Chen points out that taking on this kind of investigative and preventative role will require written authorization from the enterprises or government agencies involved.
Scaring ourselves to death
This concern for security is related to the widespread interest in using the Internet to do business.
"There are currently some 120 million people online worldwide. But who dares do business online when websites are getting attacked or defaced?" asked III president Kuo Yun at a conference on Internet security.
Doing business on the Internet enables enterprises to spend less on storefronts and advertising. US Internet firms estimate that during last year's Christmas season, Americans spent US$1 billion online. Yet with constant news of illegal activities taking place online, and no credit card verification system yet in place in Taiwan, will consumers here feel comfortable shopping online?
Shoppers, take heart! First, operating an Internet scam is not as easy as you might imagine. In the real world anyone can go through your wallet to get your credit card number. But most people do not have the skills needed to get your card number online. Think about your friends. Every few days you hear of someone losing a purse or document. But how often do you hear of someone you know being ripped off online?
"Hackers with real skills wouldn't go after credit cards. Taking money from a bank would be much more efficient," says Liu Yi-sze, former general manager of China Times Inter@ctive. Liu says that most banks, moreover, operate closed networks that cannot easily be breached.
Many people in the business feel that although doing business online is not 100% safe, it is not the scary monster it has been made out to be. They are concerned that people are scaring themselves away.
If you try to buy a pirated CD online, and end up receiving a blank disk, Liu says, "You are dealing with someone you do not know, who has no reputation, and yet you send your money to that person. This is a human problem, not a computer problem."
Just as in the real world there will always be news of con artists running a scam, in the virtual world too there will always be "newbies." We learn from experience. Humanity has grown up by learning from history.
p.88
With government and industry pushing the development of e-commerce, computer users are concerned about the theft of their credit card numbers. (photo by Diago Chiu)