Poor security led to military hacking by NorthEarlier this month, the South Korean military accused Pyongyang of hacking South Korea’s defense intranet, and cyber experts are now pointing out holes in the security system.
A high-level government official said on Dec. 12 that a total of 3,200 computers were contaminated with malware, including 700 computers in the Ministry of National Defense’s intranet and 2,500 military computers connected to the internet. This hacking of the South’s Cyber Command occurred back in August.
“Currently,” the official said, “the Defense Ministry does not know how much confidential military data was leaked.”
Among the targets was the Defense Integrated Data Center (DIDC), monitored by the Cyber Command, the military intranet’s hub where all South Korean defense information is integrated and stored.
Minister of National Defense Han Min-koo’s computer was compromised as well.
An examination of the hacking process shows that three levels of security regulations were not properly implemented.
According to cyber security experts, the first stage of protection against hacking is disconnecting the military intranet from the internet. The second stage is conducting regular security checks. The third is maintaining control over the network.
If any of the three security stages were maintained, the military intranet would not have been hacked and compromised, according to these experts.
The hacking was done through a malicious code in the form of a patch from a vaccine program.
Every morning, a military officer is supposed to download new vaccine patches from the internet on a computer that is not connected to the military intranet and check if there are any issues with it such a viruses.
If there are no problems with the vaccine patch, it is copied onto a USB driver or a CD-ROM and then installed on the Defense Ministry’s intranet.
It’s a process that generally takes five minutes.
In late 2014, he command directly linked the vaccine intermediary computer to the military intranet through a Local Area Network (LAN) card in violation of security regulations. The LAN card was supposed to be managed in a way that served as a block between the internet and the military’s intranet, but it wasn’t.
This left the military intranet vulnerable to hackers for the entire period.
The official blamed a company in charge of installing the computer. “This is the fault of the company that set up the vaccine intermediary server two years ago and connected it [to the intranet],” he said.
“Because of the hassle of downloading patches onto a USB every single time, the command seems to have connected the computer to the internet [for vaccine downloads] to expedite the process,” a cyber security expert pointed out. “But connecting to the internet is in violation of security regulations.”
Properly conducted security checkups could also have uncovered that the military intranet was connected to the internet.
The military conducts regular security checks every six months and spot checks in between.
Sohn Young-dong, a professor at Korea University’s Graduate School of Information Security, said, “When you run security software, you can easily check illegal external internet access. It seems that a proper security check was not run.”
Aside from antivirus programs, proper security checks also include physically checking to see if the computer is connected to a LAN card. But such visual checkups were just formalities and the official in charge of cyber security never questioned why the vaccine server was connected to the LAN card the whole time.
A Defense Ministry official admitted, “We should check every LAN card that is connected to the internet but we were negligent in this.”
The Defense Ministry’s control of its intranet was also lax. Through intrusion detection software, it should have been able to detect the hacking and contain it.
Malware that infiltrates a computer creates data as it secretly searches for information to leak.
Personnel in charge of the intranet may have been negligent, or noticed warning signals but ignored them, according to experts.
The Defense Ministry official said, “While we have a control system, there are limitations to its capabilities and it was not able to completely detect the malicious code’s activities.”
A Defense Ministry report to the National Assembly last week said that by the first half of next year, a new vaccine system will be installed and that an infrastructure capable of handling big data and artificial intelligence (AI) will be adopted. The ministry report added that it will implement a system to block the leaking of information and also put passwords on confidential data so that hackers would not be able to find it.
BY KIM MIN-SEOK, SARAH KIM [email@example.com]