Hacker attack on Taiwanese financial institutes reveal security flaws

Hacker attack on Taiwan financial institutes online platforms shows need to shake up information security measures


A Bitcoin photographed on a shiny surface. (By Wikimedia Commons)

An anonymous hacker group's attack on several financial institutes in Taiwan and its demand of payment to prevent further attacks last week has been the first case of its kind in the country’s financial industry, said a senior manager of a financial institute. 

The hackers demanded Taiwanese financial institutes pay 10 Bitcoins, equivalent to US$10,466, or they would crash online their services with DDoS attacks, or infect their computer systems with an insidious Trojan Horse virus.

Taiwan’s Financial Supervision Commission (FSC) confirmed several financial institutions in Taiwan including Yuanta Securities, KGI Securities, and Masterlink Securities all received threats from the hacker group. 

The hackers' attack methods were slightly outdated affecting only a few financial institutes, said Taiwan’s Criminal Investigation Bureau (CIB).

Hackers have become omnipresent in the age of the Internet, but the level of cyber security in Taiwan’s financial institutions has long been criticized by the industry.

There is no telling if the next hacker attack could be even more vicious, or if hackers attempt to destroy a mainframe computer belonging to the Taiwan’s stock exchange. 

Serving as a recent reminder, the CIB found hackers remotely attacked First Bank’s  Automatic Teller Machines (ATMs) from its London branch in UK last July.

Even more concerning is the damage hackers could inflict on stock investors and Taiwan’s international image if they are able to launch an attack on top companies listed on Taiwan’s bourse, such as Largan Precision, TSMC, Foxconn and other companies with high market value. Plunging share values of these companies could wipe out values totaling billions of Taiwan dollars.

It is common for international hackers to attack financial institutes, and Taiwan should not be indifferent to these developments. In August 2015, global hacker group Anonymous Asia threatened to attack the Taiwanese government’s civilian systems, targeting specifically financial institutes. 

Taiwan’s stock exchange only recently upgraded its trading system from 32 bits to 64 bits, but its computer system crashed during the process. Largan Precision had to initiate trading curbs more than 10 times during the stock exchange’s computer upgrade.

To protect computer systems from hackers, the Taiwan stock exchange even requested employees not to upgrade word processing systems, which is only a short-term fix that cannot prevent hackers ever changing their method of attack.

Basically, Taiwan actually has the ability to defend itself from international hackers. For instance, Taiwan-based Micro-Trend is a top global information security company that is listed on the Japan bourse.

What is worrying is companies being lax about safeguarding information systems from security breaches, and not planning response measures in advance. 

Protecting investors should be the priority of financial institutes that provide commercial services, and that of FSC which is responsible for maintaining order in Taiwan’s stock exchange. Creating a safe environment for investors are these institutes' most important mission, and the first condition to convince investors to put their money in the stock market.

Taiwan’s financial institutes can no longer use the excuses of “never heard of” or “never thought of” anymore in the aftermath of this hacker attack.