“The Russian hackers are really, really strong,” acknowledges veteran cybercrime fighter Eric Lee, as he comments on the escalating cyber war activity since Russia’s invasion of neighboring Ukraine. Lee headed the Criminal Investigation Bureau’s Internet crime squad before working as chief information security officer for the financial industry, and is well connected with the hacker scene. 

In real war, two armies fight each other. In cyberspace, hackers across borders fence off with each other with similar fierceness, triggering global concern over possible retaliatory cyberattacks as nations take sides.

During the past week, hackers in Russia and Ukraine have been upping their game. Both sides have employed so-called distributed denial of service (DDoS) attacks, where websites are flooded with more traffic than they can handle to bring down the targeted websites. In Ukraine, several government websites were temporarily not available, while the website of a hacked Russian television station played the Ukrainian national anthem.

Yet, these websites were all back online within a few hours. So far, the intensifying cyberwarfare has not yet destroyed Ukraine’s basic infrastructure such as water, electricity and gas supply, mobile phone and internet services, or the software of advanced weapon systems.

Lee thinks that Russian hackers infiltrated Ukraine’s key infrastructure with malware long before the military invasion, and that these destructive programs are only waiting to be launched in the infected systems to disrupt utilities, the financial system and telecommunications. “It is just that the time for the decisive battle has not yet come,” says Lee.

Taiwan’s semiconductor makers and stock brokers have already tasted Chinese hacker attacks

What is causing alarm is that the attacks in Ukraine were apparently prepared ahead of time. Investigators discovered that the recent “wiper” attacks, which destroy data on infected computers, in Ukraine were in fact launched more than three months after the malware had been installed.

Bloomberg news agency reported that Russian hackers are planting malicious software in private sector companies, government websites and financial firms through fake news, fake videos, and emails with malware-infected Word and Excel attachments. 

Disruptions of the power supply and internet in Ukraine in 2015 and 2016 are also believed to have been caused by Russian malware that had been sitting in infected machines for a long time before being activated.

Lee and many in Taiwan’s hacker community believe that China has planted many such “digital timebombs” in Taiwanese systems to activate them when it seems opportune.

Two years ago, CommonWealth Magazine exposed in an exclusive that seven Taiwanese semiconductor companies had their design drawings stolen in “Operation Chimera”, a cyber espionage attack by Chinese hackers. More than three months ago, hackers placed fake orders for Hong Kong stocks with seven Taiwanese stock brokerages, including Yuanta Securities and President Securities.

Having investigated many of the major cyberattacks, White hat hacker Benson Wu, Co-founder of cyber security company CyCraft/CyCarrier Technology, concluded that they were perpetrated by APT 10, a Chinese state-sponsored hacker organization.

Wu believes it is not just a question of “Ukraine today, Taiwan tomorrow”, since the threat already exists today. Chinese hackers have already tested the defense of Taiwan’s state-owned energy company CPC Corporation, financial institutions, and the semiconductor supply chain. There is no doubt that an unknown number of digital time bombs are ticking in Taiwanese systems, warns Wu.

40 million cyberattacks per month raise alertness and strengthen cyber resilience

Presently, Taiwan is barraged by 20 million to 40 million cyberattacks from abroad per month. Lee admits that “Chinese hackers are now a formidable force!” 

How can Taiwan defend itself? 

Chien Hung-wei, director of the Executive Yuan’s Department of Cyber Security, notes that the government has raised its level of alert and will learn from the recent cyber incidents in Russia and Ukraine. From Russia, Taiwan can learn “how to maintain normal operation of the financial system if the internet is down.” Ukraine provides a blueprint for pooling the skills of domestic and foreign hackers and cyber security experts to enhance the resilience of Taiwan’s internet to maintain telecommunications in times of war so that the government’s ability to make itself heard abroad is not compromised. 

Lee points to the “intimidation by Chinese military planes”. The increasing number of incursions into Taiwan’s Air Defense Identification Zone by Chinese fighter jets serves to find the dead angles in Taiwan’s radar detection system. Chinese fighters fly into the zone at different angles to test how and how fast Taiwan’s military reacts to find weaknesses and fine-tune their tactics for subsequent incursions. The procedure in cyberattacks is comparable, he says “The enemy constantly tries, and Taiwan needs to learn how to constantly clean (computer systems).” When it comes to DDoS attacks, Taiwan must “quickly disperse them, restore, and relaunch from backups.”

Civilian white hat hackers are currently conducting sand-table drills. Wu reveals that more than 300 Taiwanese hackers from all walks of life, at home and abroad, are meeting regularly to discuss major cyber security incidents and ways to quarantine malicious software. “I am convinced we can devise a strategy to prevent our internet from becoming paralyzed so that we can fight until we win,” declares Wu.

We might be at a point similar to the scenario in the documentary Zero Days, which portrays the substantial threat and damage caused by Stuxnet, a malicious computer worm that spread via USB sticks more than a decade ago. In predicting “World War 3.0”, one of the interviewees in the film warns: “This has the whiff of August 1945; someone’s just using a weapon. And this weapon will not go back into the box” (hinting at the U.S. atomic bombs that ended World War II in Asia).

Cyber security experts and hackers believe that Russian hackers have not yet demonstrated their ultimate strength in the cyberwar with Ukraine, something they will most likely only do should it become necessary to clinch victory in a “big war” between Russia and the United States. Meanwhile, China, the other sponsor of national hackers, is likely quietly infecting facilities across all sectors in Taiwan with malicious software to launch when Beijing feels the time is ripe. 

Have you read?

♦ Amidst Ukraine crisis, US sends envoy to Taiwan
♦ Should Taiwan put its future in U.S. hands?
♦ Why the Chinese military has increased activity near Taiwan

Translated by Susanne Ganz
Edited by TC Lin
Uploaded by Penny Chiang