[ad_1]
Regardless of the federal government’s proclamation of strengthening private data security measures whereas advocating for a digital platform authorities, it has been revealed that they’re totally helpless in opposition to exterior hacking. When the Board of Audit and Inspection (BAI) performed simulated hacking assaults on main public methods utilizing white hackers, safety vulnerabilities that might enable entry to the resident registration numbers of fifty million individuals, equal to the whole inhabitants, had been found, confirming that the safety system is in a state of complete failure.
The BAI disclosed an audit report titled “Private Info Safety and Administration Standing” containing these findings on Jan. 27. This audit was performed to look at the safety standing of the general public sector following frequent large-scale private data leakage incidents.
The BAI deployed 11 white hackers to aim simulated hacking assaults on 7 methods with giant quantities of non-public data among the many government-designated intensive administration methods (present public methods). The outcomes had been stunning. All 7 methods examined had been discovered to have safety vulnerabilities that might enable unauthorized third events to entry or steal others’ data.
One system had vulnerabilities the place essential data wanted for login was transmitted with out encryption. If hackers intercepted this and obtained administrator privileges, they might utterly extract the resident registration numbers of 130,000 individuals registered in that system.
Circumstances had been additionally found the place limitless data entry was attainable as a consequence of insufficient enter worth verification methods. A selected system lacked enter frequency limits or irregular exercise detection features when accessing private data, making it theoretically attainable for hackers to entry the resident registration numbers and names of fifty million individuals by means of repeated makes an attempt utilizing automated applications. One other system failed to dam irregular exterior entry, permitting the leakage of 10 million members’ data in simply 20 minutes.
Such safety gaps are identified as stemming from coverage missteps. Evaluation of current causes of non-public data leakage within the public sector reveals that 95.5% resulted from exterior hacking, whereas intentional leakage by inner employees accounted for under 0.1%.
Nonetheless, when the Private Info Safety Fee, the accountable establishment, established the “2022 Public Sector Private Info Leakage Prevention Measures,” it centered solely on controlling inner leakage such because the Songpa three sisters homicide case. Measures to examine safety vulnerabilities in opposition to exterior hacking threats, which represent absolutely the majority, had been nearly absent.
Fundamental entry authority administration was additionally a multitude. When the BAI performed pattern inspections of 4 public methods, quite a few circumstances had been confirmed the place entry privileges of retired or transferred workers weren’t revoked in a well timed method. Within the case of the Nationwide Schooling Info System (NEIS), entry privileges for 3,000 contract lecturers who retired from Gyeonggi Workplace of Schooling remained lively, with holes present in all 4 methods.
Darkish net response and harm reduction methods additionally proved ineffective. The Discover My Leaked Info service operated by the Private Info Safety Fee and Korea Web & Safety Company (KISA) solely offers leaked ID and password data with out indicating which web site the leak occurred from, making a construction that makes it troublesome for customers to take substantial motion. Moreover, roughly 38,000 web sites had been in inspection blind spots as a result of the web site handle database (DB) that KISA manages as darkish net detection targets didn’t match the DB used for precise present standing investigations.
The BAI notified the chairperson of the Private Info Safety Fee to ascertain a system for inspecting public system safety vulnerabilities in opposition to exterior hacking and to enhance providers so residents can take substantial harm prevention measures when leakage incidents happen. It additionally demanded instant corrective measures from the 7 system working companies the place hacking vulnerabilities had been found
[ad_2]
