China’s cyberspies hack Taiwan opposition again, ahead of elections

TAIPEI — Chinese hackers have attacked Taiwanese targets, including local news organisations and the opposition Democratic Progressive Party (DPP), in a bid to get information about policies and speeches ahead of presidential and legislative elections next month, said an Internet security firm and DPP officials.

An attack on the unnamed media outlets came in the form of phishing emails with the subject line “DPP’s Contact Information Update”, according to research by security company FireEye, which identified a Chinese state-backed group called APT16 as carrying out the attacks.

Hackers also infiltrated emails of party staff, changing security protocols and writing messages spoofing the account holders in what may have been an attempt to deliver malicious code, according to one of the victims.

Taiwan goes to the polls on January 16 and opinion surveys show the DPP is likely to win a legislative majority, with its leader Tsai Ing-wen securing the presidency after eight years of nationalist Kuomintang rule. China, which considers Taiwan to be one of its provinces, is wary of the DPP’s views on Taiwan independence and advocacy of more caution in its relationship with the mainland.

As well as not wanting the DPP in power, China may want to understand the party better so as to undermine them with access to non-public information, FireEye principal threat intelligence analyst Jordan Berry said by phone. “There’s a lot of people in China who want and need information for their own intelligence purposes.”

China’s Ministry of Foreign Affairs did not reply to a faxed request for comment.

Mr Alex Huang, director of DPP’s news and information department, told Kyodo News that attacks by Chinese hackers on the party’s website and the email accounts of its staff members have been a long-standing problem, and that the attacks have intensified since April.

Attacks come in two different forms, Mr Huang said. One is a distributed denial of service that paralyses the party website by flooding it with huge volumes of traffic.

The other is email hacking, in which hackers can do anything from changing security protocols to receiving email on behalf of the original account holder or distributing malicious computer viruses.

The situation became so bad that it was reported to Taiwan’s Criminal Investigation Bureau twice this year, Mr Huang said.

While Mr Huang was evasive about the result of the probe, he said it is “not hard” to figure out the origin of the hackers as the Chinese characters in emails are in the simplified form used by China, and the grammar and words are different to those used in Taiwan.

Apart from reporting serious episodes to authorities, Mr Huang said the party takes preventative measures such as storing important election information on computers without Internet access and only allowing one computer to connect to any printer.

Ms Ketty Chen, Deputy Director of International Affairs at the DPP, said her email account was one of the 50 belonging to party staff that was targeted by hackers.

She was alerted when she noticed inconsistencies in the writing style of a colleague in internal correspondence.

“There were fake emails that looked like they came from her (a colleague),” Ms Chen said. “When I read it, the style was not how she would talk, so I called to ask if she really sent it, and she hadn’t.”

Ms Chen received emails purporting to come from Ms Tsai’s speechwriter and another from a member of the DPP’s cross-strait policy team. In each case the email asked the recipient to open an attachment purporting to be a draft document.

Hackers typically send emails to targets hoping they will open attachments loaded with malware that infiltrate their computers, providing links to those of colleagues’ computers and contacts.

With concerns over security of their work accounts, some DPP staff switched to Gmail, Ms Chen said. Ms Chen’s Gmail account was compromised when hackers turned off the two-step identification verification process by deleting her mobile number, and adding a forwarding address so that all incoming emails went to an external Gmail account.

FireEye, based in California, provides malware and network-threat protection systems. After its Mandiant division alleged in February 2013 that China’s military may be behind a group that hacked at least 141 companies worldwide since 2006, the United States issued indictments against five military officials who were purported to be members of that group. BLOOMBERG