South Korea faces $1bn bill after hackers raid national ID database

Father of Asian internet warns all is lost

The South Korean government is considering a complete overhaul of its national identity number computer system – after hackers comprehensively ransacked it and now hold the ID codes for as much as 80 per cent of the population.

Each South Korean citizen is issued with a lifetime unique ID number. This number is used in all transactions, and the system has been in place since the late 1960s.

A public hearing into the database raid heard that hackers have now stolen the vast majority of these numbers, sparking an online crimewave that has hit everyone, from the highest to the lowest.

"There is no doubt that we are talking about massive changes," said Kim Ki-su, a director at Seoul's Ministry of Security and Public Administration, at the hearing, AP reports today.

Changing the system now would cost the Korean government about $650m, but reissuing all of the numbers would also leave businesses footing a potential billion-dollar bill to get all the new data into their computers. On the other hand, if criminals continue to exploit the stolen ID numbers for identity theft, that bill could look cheap in comparison.

South Korean President Park Geun-hye was one of 20 million people who took a hit when online fraudsters subverted three of her country's credit card companies. She called for a rethink of the current ID system in response, leading to the hearings.

Professor Kilnam Chon, called the "Father of Asian Internet" for his work in wiring up the continent, has warned today's ID system is probably unable to cope with the security demands placed upon it and needs reform.

"The problems have grown to a point where finding a way to completely solve them looks unlikely," he said.

Part of the problem is the numbers themselves. The ID numbers aren't randomized – they start with the owner's birthdate, then have the digit one or two to indicate the recipient's sex, then other numbers depending on where they are from. These numbers are used in everything from opening a bank account to getting an accredited email address.

"Resident registration numbers' usage across different sectors made them 'master keys' for hackers to open every door and steal whole packages of personal information from unassuming victims," said researcher Geum Chang-ho at the state-run Korea Research Institute for Local Administration.

"Even if their numbers are leaked, people are unable to change them, so hackers are constantly trying to obtain these numbers and are managing it easily."

The other main issue is technological and springs from a reliance on Microsoft's ActiveX controls: the Korean government made Redmond's software a requirement for online shopping and banking; a historically weak spot in online security.

• Meanwhile, in the US last week, miscreants hacked into the Oregon Employment Department's website for job seekers and got their hands on confidential records for more than 850,000 people. ®

Similar topics

Broader topics

Narrower topics

Other stories you might like

  • Biden tours Samsung fab, talks chip cooperation with South Korea
    Factory is a model for one the company has planned in Texas

    US president Joe Biden kicked off his first Asian tour since taking office in South Korea, where he visited a Samsung semiconductor fab said to be the model for the company's planned plant in Taylor, Texas.

    While speaking at the Samsung Electronics Pyeongtaek Campus, Biden said the region will be a key part of the next several decades – a reason "to invest in one another to deepen our business ties.". 

    Much of the talk on Biden's five-day trip to South Korea and Japan will center around broader deepening of economic and business ties. In Pyeongtaek, however, the emphasis was on semiconductor cooperation. While touring the plant with recently elected South Korean president Yoon Suk Yeol, Biden noted "these little chips are the key to propelling us into the next era of humanity's technological development."

    Continue reading
  • China reveals its top five sources of online fraud
    'Brushing' tops the list, as quantity of forbidden content continue to rise

    China’s Ministry of Public Security has revealed the five most prevalent types of fraud perpetrated online or by phone.

    The e-commerce scam known as “brushing” topped the list and accounted for around a third of all internet fraud activity in China. Brushing sees victims lured into making payment for goods that may not be delivered, or are only delivered after buyers are asked to perform several other online tasks that may include downloading dodgy apps and/or establishing e-commerce profiles. Victims can find themselves being asked to pay more than the original price for goods, or denied promised rebates.

    Brushing has also seen e-commerce providers send victims small items they never ordered, using profiles victims did not create or control. Dodgy vendors use that tactic to then write themselves glowing product reviews that increase their visibility on marketplace platforms.

    Continue reading
  • Another ex-eBay exec admits cyberstalking web souk critics
    David Harville is seventh to cop to harassment campaign

    David Harville, eBay's former director of global resiliency, pleaded guilty this week to five felony counts of participating in a plan to harass and intimidate journalists who were critical of the online auction business.

    Harville is the last of seven former eBay employees/contractors charged by the US Justice Department to have admitted participating in a 2019 cyberstalking campaign to silence Ina and David Steiner, who publish the web newsletter and website EcommerceBytes.

    Former eBay employees/contractors Philip Cooke, Brian Gilbert, Stephanie Popp, Veronica Zea, and Stephanie Stockwell previously pleaded guilty. Cooke last July was sentenced to 18 months behind bars. Gilbert, Popp, Zea and Stockwell are currently awaiting sentencing.

    Continue reading

Biting the hand that feeds IT © 1998–2022