Infected USB sticks handed out at data security event

By Su Yung-yao and Jonathan Chin / Staff reporter, with staff writer





The Criminal Investigation Bureau has admitted that it handed out 54 malware-infested thumb drives to the public at a data security expo hosted by the Presidential Office from Dec. 11 to Dec. 15 last year.

The malware-infected USB sticks were among 250 drives that the bureau gave to the winners of a game about cybersecurity knowledge.

The malware program with the file name XtbSeDuA.exe was designed to collect personal data and transmit it to a Poland-based IP address that then bounces the information to unidentified servers, the bureau said, adding that it was known to have been used by an electronic fraud ring uncovered by Europol in 2015.

Only older, 32-bit computers are susceptible to the malware and common anti-virus software can successfully detect and quarantine it, the bureau said.

The 8-gigabyte thumb drives were purchased from contractors and some of them were made in China, but the bureau has ruled out Chinese espionage, it said, adding that the infection originated from an infected work station at New Taipei City-based contractor Shawo Hwa Industries Co (少華企業).

An employee at the company used the affected computer to transfer an operating system to the drives and test their storage capacity, transmitting the malware to 54 units, the bureau said.

Random sampling of the thumb drives, which were sourced from various contractors, failed to discover the malware, it added.

Distribution was halted in the afternoon of Dec. 12, after members of the public complained that drives had been flagged by their anti-virus programs, it said, adding that 20 drives have been recovered while 34 “remain in the wild.”

The server receiving the data from the malware was shut down after the bureau took measures to address the issue, it said.

National Police Agency Director-General Chen Chia-chin (陳家欽) and National Security Council cybersecurity adviser Lee Der-tsai (李德財) were briefed on the incident, an anonymous source said.

National security officials are unhappy that a Presidential Office event was compromised and concerned that the event might have been deliberately targeted by a hacker group, the source said, adding that they have demanded the bureau launch another probe.

The bureau has apologized to the Presidential Office and other government agencies that participated in the expo, the source said.