By Dain Oh, The Readable
Jun. 2, 2023 8:18PM GMT+9
“Weekend Briefing” is a weekly newsletter that is sent to The Readable’s subscribers every Friday. Cybersecurity journalists for The Readable carefully select important news stories from the previous week and deliver them in a compact form. Topics encompass cybercrime, geopolitics, and privacy. There are no costs involved with a subscription, and some content, such as the monthly ransomware index report, is only available to those who subscribe to our newsletters.
Hello! This is Dain Oh in South Korea. The Readable came back from its trip to Singapore, which gathered hundreds of media entrepreneurs and global reporters together to discuss the future of journalism. As a unique news provider and a network builder in the international cybersecurity industry, The Readable will keep striving to achieve quality journalism which we believe is the solid foundation for our society. For this week’s briefing, I have selected seven news stories that include North Korean hacking attacks as well as the Amazon’s Ring settlement on privacy breaches. Have a great weekend!
1. National Election Commission agrees to have security inspection done by intelligence agency
The National Election Commission of South Korea (NEC) will have a security inspection from an intelligence agency, putting an end to a month-long controversy that revealed North Korean hacking attacks against the organization. According to local news outlets, Rho Tae-ak, the Chairperson of NEC, confirmed on Wednesday that his organization will conduct a security inspection with the National Intelligence Agency (NIS) and the Korea Internet & Security Agency (KISA). The NEC encountered severe criticism in the nation after it was discovered that they had ignored the security alerts from the NIS, which includes seven instances of hacking attacks by the Reconnaissance General Bureau of North Korea from April of 2021 to March of this year.
2. Amazon’s security camera was abused by its employees, resulting in a $5.8M settlement
Amazon’s Ring, the video doorbell security camera, settled a lawsuit with the Federal Trade Commission (FTC) paying $5.8 million to the government agency, CNBC reported on Wednesday. The United States consumer protection watchdog alleged that Amazon’s Ring division compromised customers’ privacy by allowing third-party access to customer videos. According to the report, employees and contractors of Ring were able to “access and download every customer’s videos, with no technical or procedural restrictions on the practice before July 2017.” For example, one employee allegedly watched thousands of private videos through Ring, which included at least 81 female victims. Furthermore, the FTC claimed that Ring did not carry out basic security measures, such as privacy training, although it had received constant warnings.
3. College student was arrested for hacking and exposing 270,000 high schoolers information
The South Korean police arrested a college student who allegedly hacked the Gyeonggido Office of Education and exposed 270,000 second year high school students’ examination records online. The suspect was in high school when committing this crime, the police disclosed. The Gyeonggi Nambu Provincial Police, which tracked down the suspect for over three months, stated on Thursday that the suspect confessed to having carried out the cybercrimes out of curiosity and to show off their hacking skills. Last February, the Gyeonggido Office of Education announced that the personal information of second year high school students, such as names, schools, genders, and test scores, were leaked online by a hacking incident and started its investigation with law enforcement.
4. South Korean eBook company was hacked, allegedly leaking 1M eBooks online
Aladin, a major eBook provider in South Korea, is facing tremendous pressure from the publication industry after it was publicly known that the company was hacked last month. The Korean Publishers Association released a statement on Tuesday, regarding a hacking incident which took place on May 19 and resulted in at least 5,000 different eBooks being circulated onto social media platforms, including Telegram. Hackers claimed through several Telegram channels that they extracted 1 million eBooks from Aladin. The company acknowledged the hacking, but not the number that the bad actors mentioned. “It is not possible to retrieve eBooks once they are exposed online,” the Korean Publishers Association criticized. “This is a significant occurrence which can shake the foundation of the publication industry,” the statement added. The South Korean police has been looking into the hacking attack.
5. South Korea issues sanctions on North Korean hacking group Kimsuky
South Korea imposed sanctions on Friday on a North Korean hacking group known as Kimsuky over espionage campaigns. In a joint press release on Friday, the Ministry of Foreign Affairs, the National Police Agency, the Ministry of Economy and Finance, and the Financial Services Commission stated that the hacking group has been stealing sensitive information related to diplomacy and national security and targeting South Korean organizations and individuals.
According to a joint cybersecurity advisory issued by South Korea and the United States on the same day, Kimsuky has been conducting cyberattacks over the past ten years, especially using spear phishing campaigns posing as real journalists, academics, or other individuals to collect intelligence linked to their country’s interests. The joint statement also explained that the hacking group was one of the North Korean state-sponsored hackers who stole the latest technology and took part both directly and indirectly in the development of spy satellites. On May 31, North Korea’s attempt to launch its spy satellite into space failed as the rocket fell in the west sea of South Korea. To read the full story, click here.
6. South Korean government uses AI to uncover phone scammers
The South Korean government is increasing their efforts to deter phone scams, applying an artificial intelligence model that offers a detailed picture of the phone scamming ecosystem. In a press release on Wednesday, the Ministry of the Interior and Safety stated that they analyzed 12,323 scam calls reported to the Financial Supervisory Service (FSS) from 2015 to March of 2023 using an AI model specifically designed to combat phone scammers. This model, which was developed by the South Korean government last February, is the first of its kind to be able to analyze the relationship between bad actors by employing enhanced voice recognition and the latest deep learning technology. To read the full story, click here.
7. Korean security researchers introduced new AI. And it is sweeping the globe
A new artificial intelligence model developed by a group of cybersecurity researchers in South Korea has gone viral in the global technology industry, swamping social media with its potential to deter cybercrimes. As an example of using AI for good purposes, this latest accomplishment is expected to empower cybersecurity professionals and international law enforcement to detect criminal activities on the dark web at a much quicker pace and with enhanced accuracy.
Six researchers at the South Korean cybersecurity company S2W and the Korea Advanced Institute of Science and Technology (KAIST) conducted joint research to develop an AI model which can understand the language used by cybercriminals on the dark web. The dark web, a vast space of the internet that is not accessible through general web search engines, has been overflowing with jargon cybercriminals use to sidetrack investigators when trading illegal content, such as drugs and counterfeit credit cards.
For example, “Philipp Plein” normally refers to German fashion designer and his brand while the same term is used on the dark web to indicate a particular type of drug. This deceptive practice of communication has added one more layer to masking criminals, raising hurdles for law enforcement to detect criminal activities in their early stages. To read the full story, click here.
The cover image of this article was designed by Areum Hwang.
Dain Oh is a distinguished journalist based in South Korea, recognized for her exceptional contributions to the field. As the founder and editor-in-chief of The Readable, she has demonstrated her expertise in leading media outlets to success. Prior to establishing The Readable, Dain was a journalist for The Electronic Times, a prestigious IT newspaper in Korea. During her tenure, she extensively covered the cybersecurity industry, delivering groundbreaking reports. Her work included exclusive stories, such as the revelation of incident response information sharing by the National Intelligence Service. These accomplishments led to her receiving the Journalist of the Year Award in 2021 by the Korea Institute of Information Security and Cryptology, a well-deserved accolade bestowed upon her through a unanimous decision. Dain has been invited to speak at several global conferences, including the APEC Women in STEM Principles and Actions, which was funded by the U.S. State Department. Additionally, she is an active member of the Asian American Journalists Association, further exhibiting her commitment to journalism.