Taiwan Traces Cyberattack on Taipei Department of Health to Chinese IP Address

January 3, 2019 Updated: January 3, 2019

TAIPEI, Taiwan—After months of investigation, Taipei authorities traced a cyberattack that resulted in the theft of 2.98 million Taipei residents’ personal data to an IP address in Shanghai.

The Taipei branch of the Investigation Bureau, an agency within the island’s Ministry of Justice, announced the findings Jan. 2, according to Taiwanese media. Hackers breached more than 70 computer systems operated by the Department of Health within the Taipei government.

While the hackers tried to sell the personal data, according to the Investigation Bureau, it isn’t known if the hackers successfully sold the information.

The Investigation Bureau was alerted about the possible hacking in August 2018, when the Taipei government’s Department of Information Technology detected that computers used to host an internal public health information management system were infected with a Trojan horse.

The investigation revealed that hackers planted the Trojan horse on computers belonging to Taipei’s Department of Health, on two different occasions, once in 2014 and again in 2017. The hackers successfully stole personal data that included information on residents’ personal health records, vaccination records, and childbearing allowance. The latter is a maternity benefit to encourage women to have more children and varies in amount, depending on the regional authorities.

According to the Investigation Bureau, before infecting the computers, hackers had breached unidentified corporate websites with weak computer security systems in place. After getting control of these corporate websites, hackers created fake administrative accounts, then used these sites as a springboard to infect computers owned by the Department of Health.

The Investigation Bureau concluded that more than 40 entities, including public hospitals, publicly listed companies, and other regional government departments in Taiwan were also hacked by the same attackers. The Investigation Bureau didn’t elaborate on the extent of the breach, or the kind of information stolen at those other entities.

Taiwan wasn’t the only country hit. The same attackers hacked 1,509 websites in 38 countries, including government agencies in the United States and Europe. They got their hands on more than 9 billion pieces of personal information, according to the Investigation Bureau.

According to Taiwanese media, the Bureau has informed the FBI in the United States and police organizations in Europe about its findings.

The Investigation Bureau said though the IP address originated from Shanghai, there is a possibility that the hackers were located outside China and used the Shanghai IP address to disguise their true location. While it remains to be seen whether China-based hackers were responsible for the latest attack, Taiwanese websites, especially those run by the military, have often been targeted by Chinese hackers.

In May 2018, Taiwanese newspaper The Liberty Times reported that Chinese hackers attacked Taiwanese websites about 200 million times in 2017, with the websites of Taiwan’s Ministry of National Defense, National Defense University, Political Warfare Bureau, and a number of military hospitals bearing the majority of these attacks (1.62 million times).

The Chinese regime considers Taiwan part of its territory and has never renounced the use of military force to unite Taiwan with the mainland, despite the fact that Taiwan is a de facto independent country, with its own constitution, democratically elected government, currency, and military.

Follow Frank on Twitter: @HwaiDer