【China Times Reporter Li Tsong-you� Taipei 】
Sun Tzu, an author of The Art of War in China’s Spring and Autumn Period (722–481 BC), stated: "All warfare is based on deception". This implies that the act of engaging a war is no less than an exercise in trickery. Virtual warfare on the Inteet fits well in this description. In order to counter the all-pervasive network hackers, the National Center for High Performance Computing (NCHC) is deploying a "Honeynet", which "lures poisonous snakes into the u" or more precisely exposes security vulnerabilities in an effort to track and clamp down the network culprits that are spreading viruses.
The Honeynet Project was launched in the United States in 1999. It is an international organization set to detect, deflect, or counteract malicious hackers act in the Inteet. It has 36 chapters in 26 countries. Through the information captured and shared among these countries and chapters, a particular virus' distribution scope and invasive activity can be quickly assessed and employed in the development of anti-virus software. Taiwan Honeynet Chapter was founded in November 2008, and Dr. Eugene Yeh, Director General of the NCHC, is serving as its Chapter Lead.
Since its inception, the Taiwan Honeynet Project was assigned with monitoring and analyzing information from the Asia-Pacific region. In this connection, member chapters in Hong Kong, China, Australia, Singapore and Malaysia are to forward their monitored information to Taiwan chapter for collation and analysis before redirecting to the US headquarters. From there, the information will be exchanged with all the member chapters around the globe. For the task, Dr. Yeh pointed out: "We will set up software 'traps' on the Inteet that deliberately allow a virus to detect and exploit security holes, letting it enter and thereby capturing it. We can then analyze its behavioral pattes and track down the location where the culprit is spreading the virus." He stressed that trapping is only the beginning; the ultimate goal is to expose the culprit and wipe it out.
Up to now, the NCHC has detected more than 3,600 malicious programs in Taiwan. Notably, during the initial phase of their dissemination, only 20% could be effectively detected and blocked by anti-virus software, with the information security window opened for about a month. Nonetheless, Steven Yi-Lang Tsai, Contributor to the Honeynet at the NCHC, elaborated: "although these malicious programs were detected in Taiwan, they're not necessarily developed by local hackers." He judges that much of the unique malware in Taiwan actually represents a new batch of viruses developed by foreign hackers who are attempting to use Taiwan as a springboard to strike other countries. It is worth noting that these Taiwan-routed malicious programs change swiftly. Out of the viruses detected this year, some have already evolved into twenty new variants that can be grouped into specific virus families.
Mr. Tsai regards the hackers as all being very skilled, even creating viruses that are able to detect whether a given computer is a "trap" and avoiding it. "Sometimes, within controllable limits, we will intentionally allow a ‘trap’ computer to be taken over by a nefarious hacker and used as a springboard for attacking a third party. In this way, the hacker doesn't discover that the computer is indeed a trap." The thrust and parry between the two sides carries even more intrigue and deception than the real world!
Taiwan, an innocent casualty in Inteet warfare
The subtle nature of cross-Strait relations has tued Taiwan as an innocent online bystander into a casualty amid hacker warfare. China has gained notoriety as the world's malware factory. Because of this, China has also tued into a target for foreign hackers all over the world. But no matter which side initiates an online battle, the hackers of all stripes usually will attack Taiwan first as a diversionary tactic, based on a study conducted by Taiwan's National Center for High Performance Computing (NCHC).
Steven Yi-Lang Tsai, IT facilities team leader at the NCHC, points out that since the NCHC joined the Honeynet Project last November, the center has detected a daily average of 400,000 attacks that were originated outside Taiwan. Mr. Tsai's analysis indicates that Taiwan has become an essential relay station for disseminating new viruses. If China-based hackers want to spread viruses to attack other countries, they will go through Taiwan as a springboard and then launch the attacks elsewhere. On the other hand, if the hackers from other countries develop a new virus, they will also use Taiwan as an indirect channel for attacking China. No matter who is attacking whom, Taiwan, as an innocent online bystander, is subject to attacks from all sides.
The NCHC's subsequent analysis found that even though Chinese hackers are using Taiwan as a springboard to attack the World Wide Web, bizarrely, they would first go through the former republics of the Soviet Union to gain a foothold on Taiwan before seizing the opportunity to attack the world at large. It's thus clear that Chinese hackers still harbor some reservations to initiate a direct attack on Taiwan.
To stop wicked hackers from continuing to use Taiwan as a relay station to spread viruses throughout the world, the NCHC has been actively developing an automated detection system for malicious Web sites. It has also established a database of malicious programs and Web sites and has plans for large-scale network detection. In this way, the NCHC intends to completely prevent nefarious hackers from using Taiwan as a springboard in attacking others.
• China Times 2009-09-13
