《TAIPEI TIMES》 Chinese man wanted for data leak

OKE WANTED: A man surnamed Tong is suspected of listing household registration data for sale, while prosecutors recommended a deferred sentence for the buyer

By Jake Chung / Staff writer, with CNA

請繼續往下閱讀...

A Chinese national surnamed Tong （童） has been named the prime suspect in Taiwan’s largest data leak and is now a wanted person, while a Taiwanese surnamed Cheng （鄭） was indicted for contravening the Personal Data Protection Act （個人資料保護法）, the Taipei District Prosecutors’ Office said yesterday.

The prosecutors’ office launched an investigation after the Ministry of Justice’s Investigation Bureau forwarded the case to it.

The office said that Tong — who reportedly used OKE as an online persona — is suspected of listing 23.57 million household registration records obtained via hacks for sale on BreachForums in October last year, seeking a cryptocurrency payment of US$5,000.

The data were primarily from before April 2018, prosecutors said.

Tong was named the primary suspect, as an electronic wallet in his name was designated as the recipient for the cryptocurrency transaction, prosecutors said.

The wallet had been active and Tong could have transferred funds from it into fiat currency in China, they said.

Cheng on Oct. 31 last year allegedly purchased the hacked data, using the ACE Exchange to transfer 4,999.2 Tether tokens to Tong’s wallet, prosecutors said.

At the time of the trade, one Tether token was worth US$1.0003 when the market opened and US$1.0002 at the close of the day.

Cheng told investigators that he had made the purchase because he wanted to know if personal information could be bought, the office said.

Prosecutors recommended that Cheng’s indictment be deferred for one year, as he had shown remorse, had not used the data for illegal activities and had agreed to delete the information.

He should pay the state NT$500,000 in compensation, they said.

The office instructed the bureau’s Digital Security Division to continue to track the hacker who breached the Ministry of the Interior’s servers.

However, as the incident occurred in 2018, equipment and system data from other agencies that might have been connected to the household registration data servers were no longer stored, the bureau said.

The US Department of Justice, the FBI, the US Department of Health and Human Services and the Office of the US Inspector-General on June 23 seized the clearnet domain for BreachForums under a warrant issued by the US District Court for the Eastern District of Virginia.

新聞來源：TAIPEI TIMES