《TAIPEI TIMES》 Investigators track Chinese hacker in data leak case
The Ministry of Justice Investigation Bureau in Taipei is pictured in an undated photograph. Photo: Taipei Times files
By Chien Li-chung and Jason Pan / Staff reporters
Cybersecurity investigators have identified a Chinese hacker using the handle “OKE” as the prime suspect in the biggest data leak in Taiwan’s history.
OKE offered a cache allegedly containing the personal information of 23.56 million Taiwanese for US$5,000 on the Breach Forums hacker marketplace in October last year, sparking concern about national security, lack of oversight and data management negligence by government agencies.
Investigators have identified OKE as a Chinese hacker in his 20s, the Ministry of Justice Investigation Bureau’s Cyber Security Investigation Office said in a news release on Friday.
The case is being handled by the Taipei District Prosecutors’ Office. The suspect could be charged with contravening the Personal Data Protection Act (個人資料保護法) and offenses relating to computer security in the Criminal Code. Prosecutors have issued an immigration control bulletin against him.
Investigators said that the hacker used virtual currency to receive and transfer payments through a digital wallet registered in China, which contains his national identification number and other personal information.
Investigators said they were able to ascertain the hacker’s gender, year of birth, province of residence and other personal data.
OKE provided a subset of 200,000 records so that buyers on Breach Forums could check the authenticity of the data.
The subset contained the data of a number of central and local government officials, investigators said.
An analysis found that the data were based on household registration records from before April 2018, although some deviations from the original entries were found, meaning it is possible the information was stolen from other government agencies, investigators said.
Prosecutors would continue to monitor the money flowing through OKE’s digital wallet and bank accounts, officials said.
“I don’t understand why the Taiwan government is so stupid. The KYC certification system is an easy thing for everyone here,” OKE wrote on Breach Forums on Monday.
He said his digital wallet is not as easy to track as the government claims, and he has a system in place to avoid being monitored.
Officials called on all government agencies and businesses to boost private data protection, enhance cybersecurity awareness among employees and keep backup data.
They reminded the public that it is illegal to sell, purchase or access private citizens’ information without authorization, while stolen data sets being sold on hackers’ forums could also contain malware and viruses.
新聞來源:TAIPEI TIMES