Face-Palm #89: Taiwanese Police Epic Fail

Face-Palm #89: Taiwanese Police Epic Fail

Charles Parker, II

There are a limited number of instances that would warrant a face-palm. These are generally limited to the moments in time when you are wondering what they were thinking. One of these recently occurred in Taiwan. The government ran a cyber-security quiz sponsored by the Taiwan Presidential office. This was designed to exhibit the government’s focus on cybersecurity and the efforts to address this. These events as a rule of thumb have a give-away or SWAG which is handed out with business or entity names and emblems on them. The Taiwanese event was no different and handed out 250 flash drives. Unfortunately, 54 of these were infected with a virus. The virus wasn’t a plain, vanilla variety intent to annoy the user, but was coded to steal the user’s personal data and had been linked to fraud. Of the 54 infected drives, 20 had been recovered.

The flash drives were manufactured in China. The malware however did not originate with the manufacturer, but with a supplier based in Taiwan. Allegedly, an employee intended to test the 54 flash drive’s storage. The malware, XtbSeDuA.exe, was on the employee’s system. This was coded to only affect 32 bit systems.

Although the affected parties are limited, due to the 32 bit system target, the issue is much larger. The governance was significantly lacking in this instance.

About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.