How long does it take for hackers to break into the secure network of a commercial bank in South Korea?

A team from the Korea Advanced Institute of Science and Technology, under an agreement with the bank, managed to unlock its security protection in just a couple of weeks.

The simulated cyber attack, led by Lim Chae-ho, professor of information security at KAIST, worked as follows: When an official of the bank opened an email sent by the hackers, malware hidden in the email quickly infiltrated the computers in the network, neutralizing the antivirus system and threatening to disrupt the bank’s data and service systems entirely.

The simulation, helped by three students, sheds light on how vulnerable South Korea’s financial industry is to cyber attacks in a country where the daily online banking transactions amount to about 33 trillion won ($29.3 billion).

“Any Korean company or person could face cyber attacks if they lack security awareness even if they have great security solutions,” said Lim in an interview with The Korea Herald.

The real possibility of losing banking data to hackers goes squarely against the perception that South Korea is a technologically advanced nation with enviable broadband and mobile network infrastructure. But the country’s rich wireless and broadband resources are a double-edged sword because they offer more opportunities for hackers. 

“Hackers have an eye on South Korea due to its high-speed Internet environment and advanced technology,” said Dave DeWalt, chief executive of FireEye, a global network security company. “With massive intellectual property and economic growth, Korea has emerged as a main target of worldwide cyber attacks.”

From June 25 to July 1 this year, a series of cyber attacks paralyzed 69 government offices, news outlets and other institutions, including the presidential office website. The hackers stole a massive amount of personal data: 2.5 million members of the ruling Saenuri Party, 300,000 military personnel and 200,000 registered users of the presidential office’s website.

The latest cyber attacks took place just three months after the country’s major broadcasters and financial institutions were subject to similar attacks. In March, NongHyup and Shinhan banks suffered malfunctions from malware thought to originate in North Korea.

Despite the continued attacks, Korean firms and government agencies do not invest in security systems aggressively. The government’s 2013 budget for information protection is just 240 billion won ($214 million), and less than 10 billion won of the annual security budget was allocated to strengthen cyber warfare capabilities, according to the report by the National Information Society Agency.

The lack of manpower is another problem. According to the Defense Ministry, Korea has only 400 experts in cyber warfare, far fewer than the 3,000 professional hackers nurtured by Pyongyang. To catch up, Seoul plans to increase the number of cyber security experts to 5,000 by 2017.

Cyber terrorism, a global threat

Increasingly, cyber attacks are carried out internationally. On May 28, the Washington Post reported that Chinese hackers accessed the secret designs of major U.S. weapons systems including combat aircraft and advanced missile defenses. It is feared that China is rapidly strengthening its defense technology through state-sponsored hacking.

China is also known as a notorious source of hacking attacks in South Korea. Chinese hackers ― or hackers using Chinese networks to hide their real locations ― are speculated to have spearheaded the major cyber attacks on South Korea over the past few years.

For instance, the massive leak of personal information in 2011 involving SK Communications, Hyundai Capital and Nexon reportedly started in China. Research conducted by the Korea Internet & Security Agency showed that 53 percent of the hacking sources originated in China. 

China is Korea’s biggest trading partner and hosts a number of manufacturing plants for South Korean firms. Chinese companies also compete with Korean rivals in diverse markets around the world, and it is anybody’s guess how stolen data from Korea are being exploited for unfair business, military and security purposes.

“Cyber defense capability has emerged as vital to national security due to an increasing number of cyber attacks against major infrastructures,” said Kim Myung-chul, dean of KAIST’s Graduate School of Information Security.

Along with China, North Korea poses a serious cyber-related challenge to South Korea. Kim Heung-kwang, former professor at Pyongyang Computer Technology University and member of the North Korea Intellectuals Solidarity group, said that the North was aggressively pursuing cyber warfare capabilities including attacks on smartphones and other mobile devices, plus hacks into personal computers.

“Pyongyang trains 300 cyber experts every year and some 3,000 hackers are now working for four cyber warfare units,” the North Korean defector said.

Evolution of cyber attacks

While South Korea remains passive in beefing up its security solutions, hackers are sprinting forward with new technologies that could easily cripple antivirus software and inflict far greater damage. Experts said over 100,000 new strains of malware are created every day.

“Malware can be massively spread to all users of websites very quickly, and then hackers could use the infected PCs as zombie computers for Distributed Denial of Service attacks or to steal financial data,” said Lim Chae-ho of KAIST.

“The existing defense solutions are not powerful enough to respond to such sophisticated attacks.”

Hackers now prefer what is called “advanced persistent threat,” or APT, together with DDoS in their assaults. APT allows an unauthorized person to gain access to a network and stays there undetected for a long period of time, so that hackers can steal data more effectively.

“Nowadays many conglomerates in the world are helplessly attacked by APT. We need a paradigm shift from passive to active defense,” said Robert F. Lentz, former deputy assistant secretary of defense at the International Conference on Information Security held in Seoul on July 10.

Korea remains fully exposed to APT attacks.

“The existing security solutions cannot block APT attacks, so we need a new protection system,” said Shin Soo-jung, CEO of information security firm Infosec Co.

Amid growing concerns over cyber security, the Korean government announced a comprehensive national cyber security plan on July 4. Under the plan, policymakers plan to double the size of the domestic information security market to 10 trillion won ($8.76 billion) by 2017, according to the Ministry of Science, ICT and Future Planning.

The ministry also said it would provide systematic training to foster 5,000 cyber security experts. Cheong Wa Dae will act as a control tower of cyber security and the National Intelligence Service will handle working-level affairs.

Some experts, however, are skeptical of the government plan.

“Since there is no detailed action plan, it is questionable whether and how the government will implement the project,” said Lim Jong-in, professor of information security at Korea University.

The nation’s financial regulator also announced a cyber security plan on July 11. The Financial Services Commission will require banks to build a two-pronged network system to avert cyber attacks.

“Separating the network system into two partitions is the very basic for strengthening security,” said Jeon Sang-hun, CTO of Bitscan Inc. He said that enterprises here have considered cyber security as a part of the government’s regulation, but it’s time for them to realize that security is a vital investment for survival. 

By Park Han-na and Im Woo-jung
(hnpark@heraldcorp.com) (iwj@heraldcorp.com)