ID :
70194
Mon, 07/13/2009 - 19:48
Auther :
Shortlink :
https://oananews.org//node/70194
The shortlink copeid
(News Focus) Cyber attacks lay bare S. Korea`s security loopholes
By Kim Young-gyo
SEOUL, July 13 (Yonhap) -- The recent wave of cyber attacks against government
and private Web sites in South Korea has graphically demonstrated the loopholes
in the country's Internet security as well as tarnished its image as a global
information technology (IT) powerhouse, analysts say.
Last week, unidentified computer hackers bombarded the Web sites of 26 government
agencies, including the presidential office, and private firms with junk access
requests, paralyzing or slowing them down.
Legitimate users had difficulty logging onto the affected sites, while the
assaults destroyed the hard disks of more than 1,000 personal computers with the
exact extent of the damage yet to be assessed.
Experts say the incident raises doubts over the ability of South Korea, which
boasts the world's highest percentage of computers with high-speed internet
connections, to fight off massive on-line attacks.
"South Korea, an advanced IT country, can easily fall prey to hackers," said Hur
Young-il, head of Internet security company NSHC Inc. "The attacks have also
tarnished South Korea's image as an IT giant."
The latest attack shows how ill-prepared the government is against such an
incident, Hur said, stressing that the government needs to train more specialists
and establish a more efficient anti-hacking agency.
"During the recent attacks, all the vaccine programs were developed and
distributed by private firms," he said. "The state-run Korea Information Security
Agency (KISA) should have done much more than just blocking Internet connections
to those infected sites."
KISA, which is intended to play a central role in the country's computer network
security, falls far short of meeting its purpose due to its weak budget and a
dearth of specialists, according to analysts.
The agency has 41 security specialists out of a total of 250 employees. To make
matters worse, KISA's security division reported a high turnover rate of 18
percent during the last five years, with 32 specialists having newly arrived
during the same period.
Compared to the government agency, NHN Corp., which runs South Korea's leading
portal site Naver, says it employs more than twice the number of specialists as
KISA.
"There are some 100 security specialists here," said Lee Jun-ho, himself a
security specialist with NHN. "Small-and-medium sized Web sites could easily fall
victim to this kind of attack, as they lack security investments and specialized
personnel."
Naver, one of the main targets during the four-day attack, saw its mail services
undergo temporary access disruptions, though service was fully normalized within
four hours on the first day.
The government's lack of investment in Internet security is also to blame,
according to experts.
Last year, KISA spent only 2 billion won (US$1.6 million) on anti-hacking
equipment, the first such purchases since 2003 when hackers attacked the
country's major Internet service providers with malicious code, overwhelming them
with huge traffic volumes and knocking the country offline for nine hours.
Hwang Cheol-jeung, a senior official at the nation's telecom regulator, the Korea
Communications Commission, admitted that the country needs to train more security
specialists, saying, "It is a matter of how many men (of ability) we have."
According to a report by the Ministry of Public Administration and Security
earlier this year, an average of 0.7 specialists per organization out of 665
government ministries and agencies was engaged in computer security.
About 68 percent of organizations did not have any security specialist at all.
In order to prevent a repeat of the recent cyber attack, industry analysts
stressed the government must invest more in beefing up Internet security programs
and in nurturing more professional personnel.
"Only when government, corporations and universities all extend their investments
in cyber security, can the cyber war be won," stressed Kim Kwang-jo, a professor
at the Korea Advanced Institute of Science and Technology (KAIST).
ygkim@yna.co.kr
(END)
SEOUL, July 13 (Yonhap) -- The recent wave of cyber attacks against government
and private Web sites in South Korea has graphically demonstrated the loopholes
in the country's Internet security as well as tarnished its image as a global
information technology (IT) powerhouse, analysts say.
Last week, unidentified computer hackers bombarded the Web sites of 26 government
agencies, including the presidential office, and private firms with junk access
requests, paralyzing or slowing them down.
Legitimate users had difficulty logging onto the affected sites, while the
assaults destroyed the hard disks of more than 1,000 personal computers with the
exact extent of the damage yet to be assessed.
Experts say the incident raises doubts over the ability of South Korea, which
boasts the world's highest percentage of computers with high-speed internet
connections, to fight off massive on-line attacks.
"South Korea, an advanced IT country, can easily fall prey to hackers," said Hur
Young-il, head of Internet security company NSHC Inc. "The attacks have also
tarnished South Korea's image as an IT giant."
The latest attack shows how ill-prepared the government is against such an
incident, Hur said, stressing that the government needs to train more specialists
and establish a more efficient anti-hacking agency.
"During the recent attacks, all the vaccine programs were developed and
distributed by private firms," he said. "The state-run Korea Information Security
Agency (KISA) should have done much more than just blocking Internet connections
to those infected sites."
KISA, which is intended to play a central role in the country's computer network
security, falls far short of meeting its purpose due to its weak budget and a
dearth of specialists, according to analysts.
The agency has 41 security specialists out of a total of 250 employees. To make
matters worse, KISA's security division reported a high turnover rate of 18
percent during the last five years, with 32 specialists having newly arrived
during the same period.
Compared to the government agency, NHN Corp., which runs South Korea's leading
portal site Naver, says it employs more than twice the number of specialists as
KISA.
"There are some 100 security specialists here," said Lee Jun-ho, himself a
security specialist with NHN. "Small-and-medium sized Web sites could easily fall
victim to this kind of attack, as they lack security investments and specialized
personnel."
Naver, one of the main targets during the four-day attack, saw its mail services
undergo temporary access disruptions, though service was fully normalized within
four hours on the first day.
The government's lack of investment in Internet security is also to blame,
according to experts.
Last year, KISA spent only 2 billion won (US$1.6 million) on anti-hacking
equipment, the first such purchases since 2003 when hackers attacked the
country's major Internet service providers with malicious code, overwhelming them
with huge traffic volumes and knocking the country offline for nine hours.
Hwang Cheol-jeung, a senior official at the nation's telecom regulator, the Korea
Communications Commission, admitted that the country needs to train more security
specialists, saying, "It is a matter of how many men (of ability) we have."
According to a report by the Ministry of Public Administration and Security
earlier this year, an average of 0.7 specialists per organization out of 665
government ministries and agencies was engaged in computer security.
About 68 percent of organizations did not have any security specialist at all.
In order to prevent a repeat of the recent cyber attack, industry analysts
stressed the government must invest more in beefing up Internet security programs
and in nurturing more professional personnel.
"Only when government, corporations and universities all extend their investments
in cyber security, can the cyber war be won," stressed Kim Kwang-jo, a professor
at the Korea Advanced Institute of Science and Technology (KAIST).
ygkim@yna.co.kr
(END)
