Hackers: Bringing down a nation not just a movie plot

‘Korea is a very attractive playground for international hackers.’

June 07,2008
Korea set up a National Cyber Security Center in 2003 to tackle rising cyber exploitation. [JoongAng Ilbo]
No electricity. No cell phone. No transportation. You’ve got a problem.
Can the click of a mouse shut down the world?
In the 2007 film “Live Free or Die Hard,” hackers trigger mass chaos and take down the power grid.
Sound far fetched? Hackers (and hacker trainers) I’ve met don’t think so.
“It’s all about making the impossible possible,” said Samuel Gu, a 19-year old hacker in Korea. “As people look for more convenience, the world becomes more digitalized. Crippling a nation’s infrastructure may be just a wild fantasy now. But we’re certainly getting closer.”
A hacker is an expert at programming and solving problems with a computer as well as a person who illegally gains access to and sometimes tampers with information in a computer system.
The first definition applies to Gu.
A business major at Konkuk University in Seoul, Gu recently won the 5th Hacking Defense Contest organized by the Korea Information Security Agency. He got interested in cyber adventures in high school. He joined a hacking club and has made a name for himself in number hacking competitions.
Last Monday Gu’s team, Taekwon V, won tickets to the world’s largest hacker convention, DEF CON in Las Vegas, Nevada. Taekwon V and six teams from around the globe will compete on Aug. 8 to 10 to see who can win at cyber-war.
Although Gu may be fighting in simulated warfare this summer, people around the world witnessed what was billed as the first real cyber war last year. In the small Baltic country of Estonia, cyber attacks closed down Web sites of the government, banks, telecommunications firms, Internet providers and news organizations for weeks. The attacks came from Russian hackers indignant about Estonia’s decision to relocate a war memorial.
The incident showed how hackers can take down an entire country. Experts say the attack was serious, because Estonia is one of the most wired countries in the world. Although it has just 1.3 million people, the country’s advanced hi-tech industry has earned it the nickname “E-stonia.”
“Korea is also a very attractive playground for international hackers,” said Lim Jang-soon, president of Hackers College in Korea. The college offers intensive courses on network security and information systems. Lim and other instructors at the college train network security officials in the public and private sectors.
“Korea’s strong IT sector has also made it a test-bed for hacking tools,” Lim said. “When hackers come up with new techniques, they test it on the Korean networks. Once you can intrude in Korea, you can attack most places elsewhere.”
In fact, Koreans have fallen victim to a string of personal data leaks in recent months caused by cyber attacks from international hackers.
In April a 24-year-old American hacked into the system of Moabank, a small bank headquartered in Incheon, west of Seoul and stole personal information of clients. Police arrested the suspect after tracking down his IP address.
In February, Chinese hackers attacked Auction, the Korean affiliate of the world’s largest online auction market, eBay, causing an information leak on 10 million Koreans, including their passwords and credit card numbers.
The same month the network of the presidential office was hacked. The presidential office at the Blue House told reporters that their probe suggested the attack came from a country in Asia, but there was “no damage whatsoever.”

Korea set up a National Cyber Security Center in 2003 to tackle rising cyber exploitation. [JoongAng Ilbo]
Said Gu: “Most of the recent hacking incidents could’ve been prevented had they properly installed security patches. Also, Korean Web sites love to have active bulletin boards, and some even consider them a gauge of their Web sites’ popularity. But such message boards make it more susceptible to hacker attacks and data leaks.”
Despite a rash of attacks aimed at Korean government and commercial networks, there are young ethical hackers or so-called white-hat hackers in Korea. They aspire to protect the nation from hacker attacks.
An example is “I-Grus,” a hacker club at Inha University in Incheon. The 25 students in the club are majoring in electrical, computer and information engineering science. The group sees potential in Korea’s information security.
Lee Jong-mun, the president of I-Grus, said, “Korea actually has a high level of infrastructure and technology in network security,” Lee said. “We work with hacker clubs in other universities and information security experts in the field. Most of us believe that Korea is above average.
“I first started hacking in middle school,” Lee said. “I was able to detect vulnerabilities in Windows and Web servers. I want to use my skills to protect our country from international hackers, hopefully working for the government.”
Since 2006 Lee and his friends have been working to protect their school’s Web site. They use their skills to look for vulnerabilities in the site, inform security officials of their findings and help them fix weaknesses.
Lee said his club made the school Web site stronger, though he was cautious about giving details due to security concerns. Lee and other students receive a small scholarship for their work. Several other universities, like Chosun University in Gwangju, do the same.
Said Lim: “I think it’s great that there are efforts to bring underground hackers out to the world. I personally dream of a Web site where high-level hackers auction their hacking tools to corporations. Of course, they should use their real names and everything should be lawful.”
Countries around the world are beefing up computer security.
The U.S. Air Force is setting up a Cyberspace Command. Its TV ad says, “You used to need an army to wage a war. Now all you need is an Internet connection.”

Last month NATO opened a new cyber-defense training center in Tallinn, Estonia to defend against Internet attacks.
There are allegations that China and North Korea are fostering a hacking army.
In Korea there are about 30,000 information security workers, about 4 percent of all IT professionals. Investment in security is about 5 percent of all investment in IT, compared to 10 percent in most advanced countries.
“They say information security is the new ‘it’ career in Korea,” said Kim Tae-il, an instructor and researcher at Hackers College. “But there’s still a long way to go. Companies are used to making heavy investments in developing newer and so-called hot technology like wireless Internet connection and Internet phones. But they don’t know the dangers these can bring. Investment in security is not an option like an insurance package. It’s our lifeline.”

Ten commandments for guarding your information on the Net
1. Install a vaccine software that can update automatically. Run it at all times.
2. Do not open e-mails from unknown senders or with suspicious attachments. Delete them immediately.
3. Run security patches and use PC firewalls.
4. Create passwords of more than eight characters with alphabet letters, numbers and symbols. Change them on a regular basis.
5. Always use passwords when booting up, logging in and restarting a computer.
6. Avoid using shared folders. When you must use it, allow only minimum authority.
7. When Web sites try to install programs in your computer, make sure to check their credibility with an authorized certificate.
8. Check files downloaded from peer-to-peer networks like messagers with a vaccine software.
9. Lock important files with passwords and backup the data.
10. Use only authentic software programs.

By Kim Hyung-eun Staff Reporter [hkim@joongang.co.kr]

dictionary dictionary | 프린트 메일로보내기 내블로그에 저장