Cyber-attacks targeting KMT, DPP revealed

TAIWAN - Following recent revelations of a worldwide hacking scandal known as "Operation Shady Rat," both the ruling and opposition political parties yesterday confirmed they have been victims of sustained cyber-attacks.

Democratic Progressive Party (DPP) Spokesman Michael Chen said the hackers were traced to mainland China, among other countries, adding that in one instance, the Internet Protocol (IP) address used in the hack came from the nation's own Legislative Yuan.

The IP addresses included those from the China-based Xinhua News Agency's branch in Malaysia, addresses in Australia and Taiwan's Research, Development and Evaluation Commission (RDEC) under the Legislative Yuan, Chen said, adding that while it is possible the commission office was also hacked, the nation's information security overseer should be the first to thoroughly investigate the breach.

The RDEC issued a statement in response, explaining that as it supervised and issued IP addresses to many central and local government agencies, a number of emails could be traced back to them.

The Cabinet-level agency urged related government offices or hacking victims to provide suspected RDEC IP addresses. Such information would help expedite investigations and identify the origin of the cyber-intrusion, the RDEC statement said.

Incumbent President Ma Ying-jeou's campaign office also confirmed having suffered recent hacking attacks, although it did not reveal details or whether any information was leaked.

Garfie Li, a spokesperson for the Kuomintang (KMT) presidential campaign office said it has erected an internal information security team in response. So far, the team has cautioned staff members to be doubly alert when it comes to suspicious attachments and web links, she explained.

As for the suspected identity of the hackers, the campaign office said time constraints prevented them from looking into the high number of hacking activities, and to chase after each case would be futile.

In the case of the pan-green party, DPP Policy Research Committee Deputy Director Alex Huang said the Chinese cyber attacks started in March. Among the hacked items were presidential campaign schedules and promotional materials taken from party officials' emails.

DPP Chairwoman Tsai Ing-wen's personal email was not attacked, he added.

Chen said initial probes into the hacking revealed it as not an individual endeavor, but an organized attack with "state-level" support.

In the meantime, the DPP campaign office and party headquarters have set up information security workshops to strengthen management and ensure data security; Chen admitted it has also reverted to using written or spoken messages to communicate. "This has become necessary for security concerns," he said.

The confirmed attacks come in the wake of the findings of computer security firm McAfee, which uncovered a massive, five-year-long cyber attack on various governments including the US and Taiwan dubbed "Operation Shady Rat."

The cyber-intrusion reportedly targeted the intellectual property of 72 victims that could cause vast economic repercussions, the McAfee report said. The company implied but did not officially identify China as the "state actor" behind the attacks. China has denied the accusation, with a local newspaper calling it "irresponsible."