China-based hackers access finance ministry intranet: sources

(ATTN: RECASTS headline, lead; ADDS spokesman's comment in 8th para; STREAMLINES
throughout)
SEOUL, April 8 (Yonhap) -- Hackers apparently based in China attacked the
intranet of South Korea's finance ministry in February, officials said Wednesday,
raising concerns over the theft of classified and sensitive information.
The affected computer network is located at the finance ministry's headquarters
in Gwacheon, south of Seoul, the officials said, adding intelligence authorities
are conducting a probe.
"The intranet was apparently breached by hackers from China," a ministry official
said on condition of anonymity. "An investigation is still under way to determine
whether any information has been compromised."
He quoted a source from the National Intelligence Service as saying that the
hackers might be "working for the Chinese government." NIS officials could not be
reached for comment.
The incident took place before South Korean President Lee Myung-bak and his
Chinese counterpart, Hu Jintao, held their first summit talks this year on the
sidelines of the G-20 gathering in London last week.
"It is unclear whether our information ended up in the hands of Chinese
officials, and the time gap between the incident and the summit was also quite
wide. Still, it is like showing all your cards to your counterpart before
important talks start," a separate ministry official said.
The hackers reportedly sent an e-mail to an unspecified number of ministry
employees that appeared to be from one of their colleagues. Many of them opened
it without any suspicions, activating surreptitious software that allowed the
hackers to gain access, the official explained.
Finance Ministry spokesman Choi Ho-cheon told Yonhap News Agency that the case is
still under investigation and it is not clear whether the hackers are from China
or not.
The finance ministry has been attempting to strengthen computer security since
late last year by making officials use two separate computers -- one used only
for Web access and another for working on documents -- so that information cannot
be leaked through the network.
The so-called "network separation" plan has reduced the number of information
leaks "significantly," the ministry said.
"(The leak) happened before the project was completed," another ministry official
said. "We have enforced the separated use of computers since April 1. It would be
difficult for such a case to happen again."
However, experts worry that classified information could be leaked even under the
tightened security system, as hackers continue to use more sophisticated methods.
kokobj@yna.co.kr
(END)