SEOUL, KOREA — In December 2010, a group of teenagers were found to have been involved with the DDoS attack on government websites. Last year, a senior high school student was arrested for bringing down a Korea Educational Broadcasting System’s website using DDoS attack. These hackers stated that they committed the crime simply out of curiosity rather than for money or revenge.
On a positive note, internet-based services including SNS raised the public’s interest in politics through manifold discussions. They also provide an easy route through which false information on a candidate quickly spreads. Furthermore, according to a review of Korea Communications Standards Commission, SNS posts such as those on Twitter, Facebook, Cyworld, etc, violate the defamation of character. This issue increased from 54 in 2009 to 780 in 2011.
As part of an effort to promote 2012 as the starting year of establishing Internet ethics, Korea IT Times visited Simon Suh, President and CEO of Korea Internet and Security Agency (KISA). Suh has resolved to lead proper internet culture and prepare measures against cyber-attacks for upcoming major national events including the general election in April, International Exposition Yeosu Korea 2012 in May, and presidential election in December.
KISA takes measures against security threats
President Suh began the interview by explaining, “Since the general election is in April and the presidential election is in December, we feel that such events could trigger cyber-attacks. KISA (www.kisa.or.kr) has already set up an emergency network with authorities last December and conducted test training courses against cyber terrorism. Basically, we have an intensive monitoring operation and an emergency response system that is available 24/7. If necessary, we plan to upgrade the cyber crisis alarm system by adding additional personnel for each shift. We feel this would be a safer option, as opposed to the usual three and four, while operating a separate 24-hour taskforce.”
KISA also focuses on monitoring the related websites for major events. Normally, they check the websites every five minutes to see if there is any problem in accessibility. However, once the events commence, the websites are checked every minute. In addition, the hidden malicious code detection system is strengthened to a five-minute interval in comparison to once a day in general. The agency has prepared cyber shelters for DDoS attack so that there would be no accident involving information security. Such a case would be disastrous.
Advancement of the system plays a crucial role in response to a violation case
After major security accidents including the 3.4 DDoS attacks last year, KISA improved the system and its analytical ability. First of all, the agency introduced the cyber treatment system for infected PCs: unlike the old system that required an individual phone call, the current system adopted a popup window to guide users for vaccine treatment services. So far, 11.9 million people were advised and 11.5 million downloaded the vaccine.
In the incident of a DDoS attack, the DDoS cyber shelter detours traffic and transfers only normal traffic to bring the service to its original state. Zombie PCs involved in the attack are listed for separate management. Although the former system didn’t analyze all the malicious codes during the 7.7 DDoS Attacks, the new system analyzed all 53 malicious codes in detail and blocked the hackers.
“KISA played a key role in the private sector, responding to violation cases,” said Mr. Suh. “The 3.4 DDoS first attacked public sector websites. We then received relevant information from the National Intelligence Service. Afterward, we rapidly collected and analyzed the malicious codes and sent the analysis results of the DDoS attacks to relevant institutions. We also found and blocked 28 servers that spread the codes and distributed the special vaccines by running the cyber treatment system for infected PCs”. He added, “The close network with relevant institutions including the prosecution and police force helped us successfully perform our role. We were commissioned to analyze 54 malicious codes among the 81 collected by the prosecution for the Nonghyup Bank network attack in April 2011. For the DDoS attack on National Election Commission in December, we carried out the log analysis to provide results to the National Intelligence Service (NIS), prosecution and police.”
KISA also checks hidden malicious codes in all Korean websites that equaled to nearly 1.8 million. They developed Castle, a hacking prevention program, and Whistl, a hacking elimination program, to sites that detect codes in order to prevent those codes from spreading further.
Those who have difficulty obtaining DDoS protection devices, such as small and medium businesses and non-profit organizations can benefit from the agency’s free service for protection against DDoS attacks.
Globalization of Korean information security system
Collaboration with international organizations is also being diversified. Last year, KISA’s KrCERT/CC (Korea Computer Emergency Response Team Coordination Center) was appointed as the deputy chair of Asia-Pacific Computer Emergency Response Team (APCERT) and successfully held the annual meeting and conference.
Furthermore, KISA suggests establishing the Cyber World Health Organization (WHO) in the need of an international organization that provides collaborative campaigns. For example, sharing malicious code data; collaborative response and investigation system against cyber-attacks; establishing and sharing of best practices for cyber security; and exchange of professionals in the field.
More countries want to adopt the Korean information security model of KISA: last December, the agency signed an MOU for information protection with the Rwanda Development Board. President Paul Kagame visited Korea to express the country’s strong willingness to pursue relevant projects. The UAE, Ethiopia, Botswana, and Vietnam along with other countries have expressed interest in the model and requested collaboration and support from the agency.
When asked about the ways to enhance general PC security, President Suh said, “The awareness and practice of information security is more important than anything else. The public needs to prepare against such attacks in advance. To do so, you need to use legal SW, install a security patch, and frequently run vaccine programs. You should also change the password often and avoid downloading suspicious programs.”