[ISN] Hackers Declare Open Season on Korean Institutions

InfoSec News isn at c4i.org
Thu Sep 1 05:14:58 EDT 2005


Aug. 31, 2005

When the website of a local Education Office was hacked in January,
the hacker, who went in through a Chinese website, got hold of the
phone numbers, IDs and PIN numbers of hundreds of members, and using
them was able to take a peek at their e-mails.

Posing as the website administrator, the hacker played havoc with the
site, changing it as he pleased. The National Intelligence Service and
National Cyber Security Center discovered that the man had hacked into
some 170 local and foreign websites over a single year.

Educational institutions are the preferred target of hackers, making
up 52 percent of the 2,951 websites damaged in the first half of the
year, according to government materials. Authorities are not saying
whether any of the sites hacked this year are security-related, but
last year 211 PCs at the Korea Institute for Defense Analyses,
National Maritime Police Agency and Korea Atomic Energy Research
Institute were accessed by persons unknown. Some of the terminals had
defense secrets stored on them. Attempts to track down the culprits
revealed that the hackers were very likely Chinese, but because of
potential diplomatic consequences the government took no particular

Investigation shows that the computers of Korean public institutions
are being hacked almost indiscriminately.

This year¡¯s 2,951 cyber-violations of public institutions were twice
the total over the same period last year (1,482), and 74 percent of
last year¡¯s total of 3,970 incidents. Last year's total in turn was
triple the number of 2003. National bodies, local governments,
research institutes, educational institutions, government affiliates
-- they are all increasingly fair game for hackers.

An official with the Korea Information Security Agency says most
incidents are perpetrated by skilled hackers through several avenues,
¡°and because investigative cooperation with states like China is not
working properly, there are many cases where catching the hackers is
impossible.¡± The result is that authorities can only guess what
information hackers got away with, he adds.


More information about the ISN mailing list