TAIPEI (Taiwan News) — As the media circus around the Presidential Office email leaks dies down, the incident serves as an important reminder that the government must bolster its cybersecurity.
According to a recent report by the National Security Bureau (NSB), Taiwan has seen an uptick in cyberattacks and phishing emails. The NSB said attacks have been targeting the government, businesses, and citizens alike and have come in connection with the presidential election, the Wuhan coronavirus (COVID-19) pandemic response, and the presidential inauguration.
In terms of leaks, a report by the Ministry of Justice's Investigation Bureau stated that there are four main ways in which information can be leaked: USBs, springboard attacks, specific targeting of a person in an organization, or an intentional leak from within a group.
One way for leaks to occur could be personnel inadvertently transferring documents onto portable storage devices like a USB and then using a computer outside the office to view the files, or by uploading the documents onto a cloud server, which is then hacked. Another possibility is that the USB itself contains malware.
With springboard attacks, wireless networks or other internet of things (IoT) devices like printers, network servers, or network-enabled telecommunications equipment are targeted by hackers and then used as a springboard to gain access to desired files.
When specific people are targeted by hackers, phishing emails or fake websites are often used to trick unsuspecting personnel. Additionally, there is always the likelihood that leaks could come from within the group itself.
In a Facebook post, former National Security Council member Enoch Wu (吳怡農) explained three reasons for Taiwan’s frequent leaks: the lack of a cybersecurity chief, over-reliance on third-parties to police network security, and poor security awareness and practices by government officials.
Wu suggested that the president create a new cybersecurity chief position in order to better protect digital networks and coordinate efforts among relevant departments. He also said the government should develop a national cloud-based server while at the same time keeping security networks up to date.
Finally, Wu advised government officials to stop storing sensitive information on personal devices and using apps like LINE, Telegram, and Signal to communicate with each other. He urged those in the government to follow security protocols and avoid handling sensitive information outside of the office.