Smartcard hacker falls in Taiwan

An engineer was arrested after hacking into Taiwan’s “EasyCard” smartcard system and crediting NT$9,000 (P12,861) on each of three e-ticket cards.

Prosecutors are now looking into whether the engineer, identified only as Wu, was involved in other criminal activities, Taiwan’s Central News Agency reported Tuesday night.

The CNA report described Wu as in his 20s and working as an information security consultant at a technology company n Neihu in Taipei.

But since he was found to have actually illegally used only NT$39, police said prosecutors decided not to detain him and he was released without bail.

While the incident occurred September 10, the matter was not publicized at the time because the corporation was still investigating whether other people were involved.

EasyCard is an RFID-based smartcard system operated by the Taipei Smart Card Corporation for payment on the Taipei MRT, buses, and other public transport services.

Police said Wu had admitted during interrogation that he wanted to look at a new method of financial fraud and was “only testing whether the system could be decoded.”

Investigation showed Wu used the cards six times, spending NT$608. But he used only NT$39 illegally, police said. EasyCard fraud would have netted offenders a prison sentence of up to 10 years and a fine of NT$10 to 200 million, warned Jason Lin, commissioner of the Taipei City Department of Transportation and former general manager of EasyCard Corporation.

The CNA report said Wu managed to decrypt the EasyCard security system, although the card company management refuted the report.

“The EasyCard security encryption system has not been cracked,” said Cheng Yu-chin, general manager of EasyCard Corporation.

Cheng said the security system detected an intrusion when Wu topped up the first card. Cheng claimed Wu was allowed to top up two more cards just so he can be tracked down.

For his part, Taipei Mayor Hau Lung-bin also assured the public the EasyCard security system was completely safe.

Meanwhile, the CNA report cited a Liberty Times report that questioned the safety of the card, citing information from Taipei City Councilors Wu Szu-yao and Chou Wei-you in 2009.

At the time, the councilors presented a short film to the city council, showing that some countries had cracked the Mifare chip.

The EasyCard Corporation’s response in 2009 was that while the Mifare chip had been hacked, there were no international reports of cloned smart cards.

In Taiwan, the maximum storage of the EasyCard was increased in April to NT$10,000 and the card can now be used to pay for consumer goods and services at major convenience stores, designated shops, libraries and hospitals. — TJD, GMA News

Article source: http://ph.news.yahoo.com/smartcard-hacker-falls-taiwan-085605100.html

View full post on National Cyber Security » Computer Hacking

Leave a Reply