Security News > 2001 > February > Man pleads `self defense' after hacking
http://www.taipeitimes.com/news/2001/02/21/story/0000074560 Wednesday, February 21st, 2001 By Jou Ying-cheng STAFF REPORTER The Criminal Investigation Bureau (CIB) yesterday referred to prosecutors a computer engineer who allegedly hacked into a computer server in what he called "self-defense." The Hsinchu computer engineer, surnamed Fan (S), said he thought that the other side attacked his computer first, while the truth was that the other side was an innocent party which had been attacked by a so-called Trojan horse program, a special type of computer virus, the police said. A man last year reported to the police that a Web site which teaches magic and is run by him, had been hacked. He said some Web pages had been altered and some registered users' access to the Web site blocked. The CIB investigated the case and traced Fan. During questioning Fan told the police that last year his computer had been hacked several times and he detected the source of the attacks as the server of the magic-teaching Web site. He therefore decided to take revenge and counter-attacked, to warn the other side to stop the hostile actions, the police said. But the police found out that the server of the magic-teaching Web site had actually been attacked by NetBus, a kind of Trojan horse program, and it had been used as a stepping-stone to launch further attacks. The police said the hackers were very likely from abroad and therefore difficult to catch. The CIB says it is treating Fan as a suspect in a case of criminal damage. The CIB stressed yesterday that it was more concerned that another Internet nuisance, Internet scanning, which is less serious than Fan's offense but still harmful, remained unpunishable under the current law in Taiwan. Since Internet scanning -- scanning others' servers to detect system holes or test security -- does not cause damage, people who do it cannot be charged, Eric Lee (), Director of the CIB's Information System Office and Computer Crime Squad, said. Lee said the CIB recently received a series of complaints from various foreign institutions that Taiwan's Internet users had intruded on or harassed their servers with Internet scanning. Such Internet scanning is usually a preparation for hacking attacks, although people's real intentions may be multiple -- sometimes criminal and sometimes involving academic research, Lee said. Lee said such Internet scanning is outlawed in many countries but in Taiwan there is still no law against it, and this causes a lot of trouble. Lee said that the Pentagon last year sought the CIB's assistance in investigating a case in which the Internet attacks came from Taiwan. Lee said the CIB found out the source of the attacks was a computer in a university, but the university's network administrator replied that such domain name system scans were commonplace in Taiwan. The CIB says most of the Internet scan victims are computer companies, followed by universities. The countries in which these companies and universities are based include the US, Germany, France, the United Kingdom, the Czech Republic, Holland, Sweden, Canada and Australia. ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".