[Weekend Briefing] Hacking democracy

By Dain Oh, The Readable
Jan. 26, 2024 9:03PM GMT+9 Updated Jan. 26, 2024 10:22PM GMT+9

“Weekend Briefing” is a weekly newsletter sent to subscribers of The Readable every Friday. Our journalists select important news items from the previous week on topics ranging from privacy to policy development in cybersecurity, all to help you stay abreast of the latest breaking issues. And not only is this provided free of cost to our subscribers, but the briefing contains new content exclusive to subscribers, such as our insightful industrial reports.

“A hack is a subversion.” Two years ago, Bruce Schneier spoke to the audience at the RSA Conference. The world-renowned cryptographer defined a hack as something that “subverts the rules of the system at the expense of some other part of the system.” I have not heard a better definition of hacking than his, particularly now, when cyberthreats pose a constant danger to democracy.

Hello! This is Dain Oh reporting from South Korea. The nation is busy, preparing for the upcoming general election scheduled for April. The National Election Commission (NEC) is once again conducting a security inspection with the National Intelligence Service (NIS), ensuring that all security requirements are being properly instituted. Separately, the NIS held a briefing which was focused on election security during which they revealed that North Korea and China were the primary sources of cyberattacks launched against South Korea last year. Hongeun Im and Chanwoo Yong covered these stories, respectively.

Addressing technology theft is another issue that South Korea has been keen on. Two stories on the topic are included in this briefing. You can also find Kuksung Nam’s opinion article about an ongoing Chinese influence campaign along with her follow-up on a data breach that she reported on half a year ago. Enjoy our stories, and we wish you a wonderful weekend!

1. South Korea reinspects election security prior to general election

The National Intelligence Service of South Korea (NIS) is conducting a security inspection of the National Election Commission (NEC) from January 23 to 31, fortifying national cybersecurity ahead of the general election scheduled for April.

The NIS is undertaking the inspection to ensure that the security measures and requirements instituted after last year’s investigation have been fully implemented, according to a representative of the NEC.

Last year, the NEC had its first security inspection, which occurred over three month’s time. As a result of the inspection, conducted by the NIS and the Korea Internet & Security Agency (KISA), a number of security vulnerabilities were discovered in the voting system. After the NIS revealed that the NEC system was vulnerable to ballot rigging and hacking, the NEC announced plans to improve its security posture. READ MORE

2. South Korea braces for cyberattack from North Korea, China, referring to ‘super-election year’

Designed by Sangseon Kim, The Readable

South Korea’s intelligence agency announced on Wednesday that it will thoroughly prepare to prevent North Korean and Chinese cyberattacks from influencing South Korea’s election.

On January 24, the National Intelligence Service (NIS) held a briefing at the National Cyber Security Center and stated that North Korea and China were identified as the main axes of cybersecurity threats to South Korea in 2023. Last year, the number of cyberattack attempts on South Korea’s public sector, conducted by state-sponsored hackers and international hacking groups, averaged 1.62 million per day. North Korea accounted for 80% of the total number of attempts, making it the most significant offender.

The NIS further stated that a significant portion of the threat directed at South Korea emanates from China, which has emerged as a major disruptor. The intelligence agency reported that although just 5% of detected and responded to cyberattacks were traced to China, these incidents represented 21% of the overall severity, considering factors like the extent of damage, significance of the targeted entities, and the methods used, placing China as the second most severe threat after North Korea. Additionally, the NIS revealed that last year, Chinese marketing firms created around 200 websites, impersonating South Korean media outlets. These sites posted pro-China and anti-United States content, which was spread through social network services by influencers. READ MORE

3. Supreme court to intensify sentencing guidelines on technology theft

South Korea’s efforts to grapple with technology theft takes a huge leap forward as the country’s top court seeks to introduce harsher sentencing guidelines that could increase punishments meted out to convicted offenders.

On January 19, the Sentencing Commission, which is affiliated with the Supreme Court, disclosed the result of two plenary sessions held on January 8 and 18 in which an agreement was reached to revise sentencing guidelines on crimes related to technology theft.

According to the draft, the Commission decided to insert a new sentencing guideline to enable the court to impose a maximum of 18 years of imprisonment on individuals found guilty of stealing national core technologies and exporting them abroad. The South Korean government designated 75 technologies, including semiconductors and displays, as national core technologies that, should they be stolen and put into the hands of foreign actors, could cause severe damage to the nation’s security and economy. In March of last year, South Korea’s intelligence agency identified 93 cases of industrial technology theft having occurred between 2018 to 2022, with one-third of these cases being classified as involving a national core technology. READ MORE

4. South Korea to guard technology drain in small business

Guidelines for small businesses to prevent technology breaches were published on Friday, January 26. The guidelines are currently being distributed by the National Industrial Security Center (NISC) of the National Intelligence Service (NIS) and the Korean Association for Industrial Technology Security (KAITS).

According to the findings of the Korea Internet & Security Agency (KISA), 92% of cyberattack damage suffered by South Korean companies last year occurred to small businesses. The NIS stated that many of these businesses were in ‘security blind spots’, lacking the financial capacity to either equip appropriate security systems themselves or appoint sufficiently trained security officers able to bring them up to a minimum level of security. Considering the circumstances, the guidelines are aimed at enhancing the security capabilities of such companies without burdening them with additional costs.

The guidelines are available in two versions: one for information security practitioners and the other for general staff who do not have a background in technology. The intention of the guidelines is for companies in the ‘blind spots’ to be able to implement essential security measures easily, just by following the instructions they provide. “It is expected to raise fundamental security capabilities among small businesses and to avoid technology leaks,” wrote the NIS. By Chanwoo Yong

5. National employment platform fined over data breach impacting 230,000 users

Designed by Areum Hwang, The Readable

South Korea’s privacy watchdog imposed a fine on the Korea Employment Information Service (KEIS) for their lack of safety measures to block unauthorized access to the national employment platform which led to the private information of 230,000 users being exposed last year.

On January 25, the Personal Information Protection Commission (PIPC) stated that they imposed a fine of 8.4 million won ($6,300) on KEIS over privacy violations and ordered the public organization to improve its security practices. The decision was made during a plenary session held on January 24.

On July 6 of last year, the KEIS announced that Work-Net, a national employment platform with more than 970 million users, suffered a data breach that exposed more than 230,000 users' data including names, gender, dates of birth, addresses, phone numbers, and work experiences. The public organization assumed that the break-in was conducted through credential stuffing, a method where the criminals use stolen login credentials and apply them until they successfully gain access to the victim’s account. READ MORE

6. [Perspective] Preparing for the best and the worst in the face of the Chinese influence campaign

Designed by Areum Hwang, The Readable

“Lousy” was the first word that came to mind after encountering Seoul Press, one of the growing number of Chinese-forged fake news sites targeting South Korea. Although at first glance the websites appeared to be the work of an authentic South Korean news organization, its operators left a trail of breadcrumbs that were enough to plant a seed of doubt to those with watchful eyes. The front page of the website featured articles written both in Korean and English. This is not common practice for South Korean news outlets, which maintain separate pages for foreign audiences. What’s more, a number of articles lacked a name attributing authorship, an unimaginable exclusion, not practiced by any reputable news organization around the globe. It was obvious to someone who has been in the journalism industry for more than four years. Something was wrong.

However, the perception changed drastically after looking into the articles in detail. Although there were awkward expressions that would stand out as odd to a native speaker, the writer used credible facts—details found in articles put out by credible news organizations—to camouflage their true intentions: to cloud the eyes of uncritical readers and mislead them into believing lies. In some cases, discerning the truth and falsity of even a single sentence was close to impossible, even if one were to compare it to a credible news article covering the same topic. The misleading statements bore such a close similarity to the facts that distinguishing true from false would require verification from an authority, such as the government, the foreign media, or experts from diverse related backgrounds. Without the knowledge that these articles were produced by Chinese influence operators, there is a strong possibility that even a journalist, one whose sole job is to deliver the truth, could be hoodwinked. READ MORE

7. [NCSC U.K.] The near-term impact of AI on the cyber threat

8. [38 North] North Korea’s artificial intelligence research: Trends and potential civilian and military applications

9. [Chainalysis] Funds stolen from crypto platforms fall more than 50% in 2023, but hacking remains a significant threat as number of incidents rises

10. [Wired] Notorious spyware maker NSO Group is quietly plotting a comeback


The cover image of this article was designed by Sangseon Kim. This article was copyedited by Arthur Gregory Willers.

Dain Oh is a distinguished journalist based in South Korea, recognized for her exceptional contributions to the field. As the founder and editor-in-chief of The Readable, she has demonstrated her expertise in leading media outlets to success. Prior to establishing The Readable, Dain was a journalist for The Electronic Times, a prestigious IT newspaper in Korea. During her tenure, she extensively covered the cybersecurity industry, delivering groundbreaking reports. Her work included exclusive stories, such as the revelation of incident response information sharing by the National Intelligence Service. These accomplishments led to her receiving the Journalist of the Year Award in 2021 by the Korea Institute of Information Security and Cryptology, a well-deserved accolade bestowed upon her through a unanimous decision. Dain has been invited to speak at several global conferences, including the APEC Women in STEM Principles and Actions, which was funded by the U.S. State Department. Additionally, she is an active member of the Asian American Journalists Association, further exhibiting her commitment to journalism.