NIS finds national election commission vulnerable to hacking

On Tuesday voting booths being set up at the Seoul Botanic Park in Seoul ahead of the by-election in voting for the head of the Gangseo District Office on Wednesday. [YONHAP]

South Korea’s intelligence agency warned against potential hacking of electronic voting machines.

On Tuesday, the National Intelligence Service (NIS) said it had found the National Election Commission (NEC) network vulnerable to cyberattacks, especially from North Korea.

The NIS said it conducted a joint security evaluation of the NEC system with the Korea Internet and Security Agency (KISA) for two months since July.

The evaluation found that the NEC’s internal network and the voting management system could easily be infiltrated even through the internet, exposing vote results to manipulation.

Intruders could even access voter lists managed by the NEC, inspectors found.

The NIS said hackers could make it appear that voters took part in early voting when they hadn’t or registered people who did not exist on voter lists.

The intelligence agency could also steal the NEC’s official stamp or the stamps of polling officers.

The NIS also said they could make multiple printouts of early election ballots and those with the same QR code due to the weak security system of the NEC’s printing program.

It also infiltrated the NEC’s internal network through the telecommunication system at early voting polling stations.

The NIS also read the results of absentee ballots cast by voters at sea. The votes are supposed to be encrypted.

The test also found that the election results, subject to the highest levels of protection, including encrypted passwords, were exposed to manipulation.

The NIS said poor security management could easily allow hackers to manipulate election results.

For example, hackers could install a program on the internet network using a USB drive that could tamper with vote-sorting machines.

Sorting machines connected to the internet were vulnerable to infiltration through wireless communication devices.

The NIS took particular issue with the passwords, noting that the NEC’s internal portal password was not encrypted.

The intelligence agency said that despite two years of warnings, the NEC was unaware of North Korean hacking attempts and took no proper measures to protect themselves.

The investigation found that data stored on an NEC employee’s computer and documents saved in the employee’s email were leaked after the computer was infected with a malicious code by the North Korean hacker group Kimsuki.

The NEC immediately countered the NIS’ findings, stressing that manipulating early votes, including printing ballots, couldn't happen without an insider’s help.

In a statement, the NEC rejected the NIS’s warning, calling the manipulation of early voting an “impossible scenario” that would require an organized group of insiders swapping the physical ballots to manipulate the election results.

The election agency stressed that the vote counts are ensured since voters are verified before casting their votes, and the votes are counted in public by hand.

It also noted that many people monitor voting, including ballot counting.

The NEC argued that implying election rigging simply basing it on technological hacking possibility could only lead to stirring up election denials.

It said the latest “consultation” found no evidence that North Koreans had hacked into its election system.

“Although there had been one incident in April 2021 where the external computer used by one of our employees was infected with a malicious code, no signs have emerged that our internal network or the election system was infiltrated,” the NEC said.

The election agency said it had completed its security measures, including tightening access to its database of voter lists, to ensure the legitimacy of Wednesday’s by-election for the head of the Gangseo District office in Seoul.

This is not the NEC’s first time embroiled in controversy over voter fraud.

During last year’s presidential election in March, six voters in Busan claimed they received ballots with existing stamp marks.

In July, the Korean spy agency reported that 1.37 million cyberattacks, on average, were detected daily in the first half of the year.

That’s roughly 15 percent more than the daily average of 1.18 million last year.

Some 70 percent of those attacks were by actors believed to be connected to North Korea. China followed with 4 percent and Russia 2 percent.

BY LEE HO-JEONG [lee.hojeong@joongang.co.kr]