Friday, July 17, 2009

UNPREPARED : Korea Ill-Prepared for Online Attacks

UNPREPARED : Korea Ill-Prepared for Online Attacks

By Kim Tong-hyung


13 July 2009


South Korea has so big a hole in its cyber security that another wave of online attacks will prove to be as devastating as those of last week.

First, virtually anybody can mount such attacks. Although government officials suspect North Korea may have been orchestrating these virtual attacks, a gang of teenagers could possibly organize and bring the same amount of damage as a nation can, and with a program purchased online for the same price as a song.

When the country was pummeled by a massive distributed denial of service (DDoS) attack over four days until last weekend, it was a handful of private firms that came to the rescue.

In addition, systemic flaws such as over-reliance on Microsoft's Active-X program need to be addressed. Without them, all Korea can do appears to be nothing but pray that no such attacks recur.

The Korea Communications Commission (KCC) admits that more DDoS attacks are a possibility, considering that the types of malicious software that infected scores of Korean computers at homes and offices are programmed to update automatically. Whether the country would be better prepared for another powerful Internet attack is a totally different matter.

``We have been analyzing the malicious codes, and found that the programs were designed to self-destruct after initiating three attacks. We have yet to find a mutated version of the codes,'' said Hwang Cheol-joong, a KCC official.

As of Saturday, more than 97 percent of 77,875 infected computers had been cleared of the malicious programs, the KCC said. The state-run Korea Information Security Agency (KISA) is currently analyzing 22 sample types of the malicious codes.

``It is encouraging that the number of infected computers was fewer than first thought, even when considering the devices that remain unreported. However, considering that these DDoS bots are not controlled by command and control (C&C) operational software, but programmed for automated updates and self-destruction, we need to stay alert. There also might be types of codes that we have yet to discover,'' Hwang said.

The National Intelligence Service (NIS), the country's spy agency, is responsible for protecting public Internet infrastructure from Internet attacks, while KCC and KISA handle the private side.

However, the Ministry of Public Administration and Security deals with breaches within government networks, while the National Police Agency combats ``cyber crimes.''

The complicated relations between these agencies make it difficult for the government to muster a quick and coordinated approach when crisis hits, according to critics, who call for the establishment of a ``control tower.''

``We agree that there should be a more simplified chain of command. The current system has problems,'' Choi See-joong, the KCC chairman, told reporters last week.

It could also be said that Korea was behind for its Microsoft monoculture for Web browsers. In Korea, all encrypted transactions on the Internet are required to be done through Microsoft's ``Active-X'' controls, which work only on Internet Explorer browsers. As a result, the market share of Internet Explorer remains in the high 90s.

However, Active-X is also linked with security concerns, as the controls require full access to the Windows operating system on computers. This means that malicious programs can direct the browser to download files that compromise the user's control of the computer.

``Active-X happens to be one of the ideal tools for malicious codes to be distributed. Even Microsoft is phasing Active-X out due to security worries, but Korea has been a step behind,'' said an official from KTB Solutions, a computer software company.

(Why single out Korea? Most of the countries are ill-prepared for Cyber Security. In fact, in some countries, the concept of Cyber Security exist on paper only - Editor)

No comments:

This Day in History

Thanks for your Visit