Premier urges security review after Taiwanese bank hacked

Premier William Lai speaks a seminar on foreign investment in this file from Sept. 27, 2017. The premier on Saturday requested relevant agencies review Taiwan’s information security after Far Eastern International Bank reported its system was hacked earlier in the week. (CNA)

TAIPEI (CNA) – Premier Lai Ching-te (賴清德) on Saturday requested relevant agencies review Taiwan’s information security after Far Eastern International Bank (遠東商銀) reported its system was hacked earlier in the week.

The premier has been fully informed of the incident and had instructed the government to learn from the case and tighten information security by closing loopholes, according to Cabinet spokesman Hsu Kuo-yung (徐國勇).

On Friday, Far Eastern Bank said it reported to the Financial Supervisory Commission (FSC, 金融監督管理委員會) that its computer system had been implanted with malware, which affected some of its PCs and servers as well as the Society for Worldwide Interbank Financial Telecommunication’s (SWIFT) network.

The SWIFT is a member-only organization which provides safe and secure financial transactions for its members via a standardized proprietary communications platform that can facilitate the transmission of information about financial transactions.

Through the planted malware, hackers conducted virtual transactions to move funds totaling nearly US$60 million from Far Eastern Bank customers’ accounts to some foreign destinations such as Sri Lanka, Cambodia and the United States, the bank found on Tuesday.

However, according to the bank, due to its efforts to trace back the lost funds, the hacker attacks cost the bank less than US$500,000. It added that since the bank continues to trace the lost funds by underpinning certain fund movements, the loss could be reduced to zero. It said the hacking did not lead to any leaks of customer information.

Liu Lung-kuang (劉龍光), vice president of the bank, told the press on Saturday that the origin of the malware has not been confirmed, but the bank is sure that the computer virus used to attack the bank’s transaction system is a new variety that has been never been spotted before.

The Criminal Investigation Bureau (CIB) said on Saturday it has launched an investigation into the hacking incident by requesting the bank submit details about its computer operations after the bank reported the case to the bureau on Thursday.

The CIB said that it has also informed the International Criminal Police Organization of the case and asked for assistance.

Due to the international assistance received, the CIB said Far Eastern Bank’s losses are expected to fall below US$500,000. The CIB added similar hacking cases were reported in Vietnam and Bangladesh in 2015-2016.

It was the first case of a Taiwanese bank suffering from such a hacking incident in which malware was implanted to transfer massive amounts of funds out of the bank’s customer accounts.

The FSC, the top financial regulator in Taiwan, said that it was an isolated case and so far no other incidents have occurred in Taiwan.

The FSC said that Far Eastern Bank will have to shoulder all of the responsibility of the incident and bear all of the possible losses from the hacking so that its customers’ interests will not be affected.

The commission said that it has asked Far Eastern Bank to submit a comprehensive report on the incident to determine whether the bank will face regulatory punishment.

Meanwhile, all of the banks in Taiwan have been asked by the commission to tighten their control on transactions during the current four-day National Day holiday which began on Saturday. 

By Sun Cheng-wu, Liu Chien-pan, Tsai Yi-chu and Frances Huang