According to the Executive Yuan Office of Information and Communication Security (OICS), Philippines-based units of an anonymous group have been waging a cyber assault on Taiwanese government agencies as well as private companies in recent days, Executive Yuan Spokesperson Cheng Li-wun said today.
The strikes, including distributed denial-of-service (DDoS) attacks and website defacement, were reported by a number of central and local government websites, with DDoS attacks being more common than website defacement. Given the timing, these attacks are suspected to be connected to the fatal shooting of a Taiwanese fishing boat by an official Filipino vessel on May 9, which prompted certain Taiwanese Internet users to declare a "keyboard war" and launch DDoS attacks on the websites of Filipino government agencies and corporations in response, Cheng noted.
Cheng said the Government Service Network (GSN) undertook an investigation as soon as it ascertained that official websites' response capabilities were weakening and their service was being interrupted as their bandwidth spiked. The GSN found that agencies like the Office of the President, Ministry of Foreign Affairs, Ministry of National Defense and Coast Guard Administration had fallen victim to DDoS attacks. It then requested help from Chunghwa Telecom's HiNet Internet Service to block the Internet Protocol (IP) addresses from which the attacks had originated. Afterward, the OICS tracked those IPs and found that most of the assailants were located in the Philippines.
The websites which were assaulted have all returned to normal. The GSN is on high alert for follow-up attacks and is employing necessary security measures, Cheng stressed.
The response measures taken by the OICS include the following, Cheng said:
1. The Executive Yuan Information and Communication Technology Service Center sent cautionary messages to government agencies and related organizations advising them to increase their vigilance against security threats.
2. The OICS forwarded the IP addresses of the assailants to the GSN, government agencies and information security officials so these addresses can be detected and blocked.
3. The Taiwan National Computer Emergency Response Team (TWNCERT) reported hacker-controlled Facebook pages to Facebook and requested removal of the hackers' accounts.
4. The TWNCERT alerted the Philippine Computer Emergency Response Team (PHCERT) of the attacks and requested assistance in dealing with the IP addresses responsible. If PHCERT does not comply, a mass blockage of Philippine IP addresses will be considered.