China's Cyber Warriors Keep Clicking at Taiwan Shows Reality of Detente

Photographer: Wally Santana/AP Photo

Protesters distribute sunflowers during a massive protest denouncing the controversial China Taiwan trade pact in front of the Presidential Building in Taipei, Taiwan. Close

Protesters distribute sunflowers during a massive protest denouncing the controversial... Read More

Close
Open
Photographer: Wally Santana/AP Photo

Protesters distribute sunflowers during a massive protest denouncing the controversial China Taiwan trade pact in front of the Presidential Building in Taipei, Taiwan.

"Why don't you guys use WeChat, is it because it's from China?"

That loaded question scrolled across the screen of an IRC (Internet Relay Chat) chatroom as conference delegates in Taipei listened to one researcher outline the evolution of backdoor network exploits.

With presentations at the four-day hacker event HITCON 2014 ranging from Android vulnerabilities to bitcoin security, the elephant in the room was, of course, China. While the U.S. has a long list of "hacked by China" stories to tell, such attacks come from within an already established paradigm that China is a political, economic and military rival.

Not so much in Taiwan. Since 2008 when Taiwan's current president Ma Ying-jeou came to power, tensions have eased between the world's largest country and the country which the world's largest country says is not really a country.

China has stopped stealing diplomatic allies, Taiwan has allowed direct flights, China has slowed its expansion of missiles pointed at Taiwan, and both sides have eased trade and investment rules. Ma himself has pointed to this truce as evidence of good governance and warming ties.

Seems no one told China's army of cyber warriors.

As recently as this summer, a new salvo has been fired at Taiwan from China's expanding arsenal of cyber weaponry, according to security company Verint Systems. Part of an offensive called Operation Blog Bot, a nefarious new remote admin tool called Hammor has been seen launched through Taiwanese blogs and connecting to a command and control server that leads back to Hubei, China, according to Yitzakh Vager, a vice president at Verint.

Photographer: Mandy Cheng/AFP via Getty Images

People wave Taiwan flags and chant slogans calling for peace during a rally near the Presidential Palace in Taipei on May 4, 2014. Close

People wave Taiwan flags and chant slogans calling for peace during a rally near the... Read More

Close
Open
Photographer: Mandy Cheng/AFP via Getty Images

People wave Taiwan flags and chant slogans calling for peace during a rally near the Presidential Palace in Taipei on May 4, 2014.

The latest move is part of a campaign dating back to 2011 that uses social media as a covert channel to connect back to those servers, with the forces behind the operation "highly interested" in the Taiwanese government, he said.

Verint's presentation wasn't the only one pointing to Chinese hackers and their interest in Taiwan. A denial of service attack on a Hong Kong pro-democracy movement dragged Taiwanese computers unwittingly into the fray, while a forensic analysis of the cyber platoons known as advanced persistent threats, or APTs, kept circling back to China, according to other presentations this week.

On the sidelines, away from overhead slides and prying eyes, security researchers tell of a steady stream of Chinese incursions on local networks, particularly the government's.

So as security experts ponder the question of a China-approved instant-message service it's hard not to bear in mind that detente or not, the cyber warriors keep marching on Taiwan.

Press spacebar to pause and continue. Press esc to stop.

Bloomberg reserves the right to remove comments but is under no obligation to do so, or to explain individual moderation decisions.

Please enable JavaScript to view the comments powered by Disqus.