[Weekend Briefing] Korea facing multiple cyber-attacks

By Dain Oh, The Readable
Sep. 9, 2022 6:18PM KST

Hello, this is Dain Oh in South Korea. For the past few days, there have been some notable security breaches in this country. The official YouTube channel of the government was hacked. Personal information was leaked from an international event which was held by the Ministry of Unification. As we all know, a data breach is a steppingstone for a bigger purpose.

Including these stories, The Readable has picked four noteworthy pieces of news for our readers. Have a restful weekend!

1. Korean government’s YouTube was hacked

If you were a subscriber to the South Korean government on YouTube last Saturday, you would have seen Elon Musk talking about cryptocurrencies through a live stream on your feed. On September 3, the official YouTube channel of the South Korean government was hacked. According to local news outlets, a hacker took over the government’s YouTube account and changed its name to “SpaceX Invest” at 3:30 a.m. Saturday. Then, the hacker played a video in which Elon Musk, CEO of Tesla Motors, is talking about cryptocurrencies. The channel is followed by approximately 263,000 subscribers.

The Ministry of Culture, Sports, and Tourism, which oversees the government’s YouTube accounts, explained that they acknowledged the security breach around 6 a.m. and restored the account within an hour. The ministry is currently working with YouTube and the South Korean police to discover how the breach happened. This was not the first time that the official channels of the South Korean government were hacked. On September 1, the Korea Tourism Organization and the National Museum of Modern and Contemporary Art went through similar security incidents. The YouTube channels of both institutions were infiltrated by unspecified hackers and played videos related to cryptocurrencies.

2. 301 diplomatic figures’ personal information was leaked

Source: The Korea Global Forum for Peace

The Korea Global Forum for Peace, which was hosted by the Ministry of Unification of South Korea from August 30 to September 1, exposed its attendees’ personal information to threat actors. The names, occupations, email addresses, and contact information of the attendees were handed over to the hackers. The Ministry of Unification confirmed that a total of 301 people’s personal information was leaked through a hacking incident.

At the event held in Seoul, national and international leaders in diplomatic relations participated in discussions. It included officials from the Unification Council of Korea, the East Asia Institute, the National Institute for Unification Education, the South-North Korea Exchanges and Cooperation Support Association, the Gaeseong Industrial District Foundation, and the United Nations Human Rights Office of the High Commissioner Seoul.

According to the Ministry of Unification, a PC belonging to an event agency for the Korea Global Forum for Peace was hacked. The ministry acknowledged a hacking incident on August 29 and notified the attendees of the breach on September 3. The ministry particularly mentioned that the personal information of high-profile figures, such as Antonio Guterres, Secretary-General of the United Nations, and former ministers of the Ministry of Unification, was not affected in the incident.

3. Korea sets international standards for IoT security

South Korean representatives from the Korea Internet & Security Agency and the Korea Testing Certification Institute attended a meeting, which was hosted by the International Telecommunication Union's telecommunication standardization sector in Geneva from August 24 to September 2. Photo by the Korea Internet & Security Agency

South Korea's security standards regarding the internet of things were adopted by a prestigious international organization. The Korea Internet & Security Agency announced on Monday that security requirements for IoT devices and gateway, which the agency submitted, were selected as the international standards by the International Telecommunication Union's telecommunication standardization sector, or ITU-T. In a recent meeting, which took place in Geneva from August 24 to September 2, the ITU-T approved the use of Korea's standards at the international level.

The security requirements, suggested by South Korea, include identifying security threats which can be found in IoT devices and gateway. The requirements of certification, cryptology, data, platform, and physical security are also dealt with. Prior to this adoption, the international telecommunication industry followed the IoT security framework, which was called “'X. 1361.” Based on X. 1361, the Korea Internet & Security Agency developed a new set of security standards and recommended them to the international community in September 2018. Over the years, the international community went through several reviews and discussions before finally adopting South Korea’s proposed security provision.

4. Global orgs discuss a new concept of cybersecurity: Bright internet

Yoo Yeon-chul, executive director of UN Global Compact Network Korea, is delivering a speech at a workshop held in Seoul on Tuesday. Photo by the World Smart Sustainable Cities Organization

Leaders of international organizations, enterprises, and universities gathered in Seoul to discuss a new concept of cybersecurity which is called “bright internet.” Under the theme of a sustainable cyber environment, the World Smart Sustainable Cities Organization, the United Nations Global Compact Network Korea, the Bright Internet Consortium, the Korea Advanced Institute of Science and Technology, and Chung-Ang University  held a workshop at the Seoul Global Center on Tuesday.

As a preemptive measure against the skyrocketing number of cyber-attacks, the notion of bright internet urges trusted individuals and corporations to voluntarily get certified and expand secure cyberspace throughout the internet. By focusing on the origin of information, bright internet suggests a new approach toward cybersecurity. It brings trusted parties together, instead of reacting to untrustworthy actors. In this regard, the mechanism of bright internet is compared to that of credit cards, which are based on users’ trust. Credit card users voluntarily certify themselves in order to use cards. The Bright Internet Consortium expects that the same logic can be applied to internet usage. To read the original reporting, click here.

ohdain@thereadable.co

The cover image of this article was designed by Areum Hwang.


Dain Oh is an award-winning cybersecurity journalist based in South Korea and the founding editor-in-chief of The Readable by S2W. Before joining S2W, she worked as a reporter for The Electronic Times, the top IT newspaper in Korea, covering the cybersecurity industry on an in-depth level. She reported numerous exclusive stories, and her work related to the National Intelligence Service led to her being honored with the Journalist of the Year Award in 2021 by the Korea Institute of Information Security and Cryptology in a unanimous decision. She was also the first journalist to report on the hacking of vulnerable wallpads in South Korean apartments, which later became a nation-wide issue.