Burgeoning Internet Security Budget Fails to Stop Rising Hacking Attacks

Burgeoning Internet Security Budget Fails to Stop Rising Hacking Attacks. October. 15, 2007 07:10. ditto@donga.com.

Citing figures submitted by the Ministry of Government Administration and Home Affairs (“MOGAHA”), Grand National Party Congressman Lee Sang-bae of the Government Administration and Home Affairs Committee confirmed yesterday that the hacking attacks on government websites have been on the steady rise. In 2004, for example, 3,907 attempts were made, which rose to 4,549 in 2005, and to 4,286 in 2006. As of September this year, hackers tried to breach security 5,881 times.

Hackers have caused several types of damage. Worm viruses harmed security in 4,929 cases and fake proxy servers in 582. Also, hackers’ attacks distorted homepages in 187 cases, and resulted in the leakage of protected data and information in 134.

80 percent of the attacks targeted e-government customer service centers of the central and local governments, and individual agency homepages.

In the face of the burgeoning number of attacks, all the Roh administration did was to increase the security budget. In 2006, the budget amounted to $92 million and rose to $101 million this year.

Despite the skyrocketing number of attacks and budget amounts, the Roh administration has failed to fully secure our government websites with filtering protection, which can prevent unauthorized access to the personal information stored in government databases. As of April this year, 8 out of the 29 central government sites and 353 out of 480 local government sites are not equipped with the filtering protection.

The August 2007 MOGAHA report on privacy protection pointed out several vulnerable areas. For example, in South Korea, an online user has to verify his or her social security number to subscribe to e-government services. But private firms conduct the verification, leaving wide open the possibility of abuse by the firms. Also, government agencies provide personal information of citizens via unsecured e-mail. Furthermore, the personal information of users is stored in government databases without any password protection.

The MOGAHA explains, “We are working on ways to protect damaged government sites against future attacks. The National Intelligence Service primarily conducts probes upon occurrence of attacks. To reduce hacking vulnerability, we plan to separately operate the intranets of 30 government agencies by 2010 so that access to the sites from the Internet is impossible. The agencies are the ones that handle classified information most frequently.”

Government workers selling protected information –

It transpired that quite a number of government workers have sold protected and personal information to private firms using their e-government authorization.

In October 2003, for example, using vehicle registration information retained by the tax authorities, a government worker provided 60 types of personal information to his relatives on the owner of a vehicle. A private investigation firm, after buying the information, secretly videotaped the owner and his mistress having an extramarital affair. Then, the firm extorted money from them.

In November 2004, another government employee accessed a recruitment site and retrieved the personal information of 100 job seekers. The government official used the information for his paper without their consent.

In other cases, a worker leaked the personal information of students to his buddy to help promote his buddy’s teaching institute. In addition, a low-level worker abused his access to a government site to obtain the personal information of a girl he got to know online.

Rep. Lee called for prompt actions from the government yesterday, saying, “The situation is really dire and deplorable. Nonetheless, the authorities, including the MOGAHA and the Audit Board, have never looked into this matter. The Roh administration promoted the e-government system as a tool for better serving the public. But what we really need now is a more secure system that can better protect citizens’ privacy.”