Hackers raid South Korea's social ID database
Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!Tweet Share on Twitter.
October 15, 2014
The South Korean government is seriously considering a full overhaul of its computerized national identity number system after hackers comprehensively ransacked it and now hold the ID codes for as much as 80 percent of the country's population.
Overall, each South Korean citizen is issued with a lifetime unique ID social insurance number, like today's most modern countries.
That number is used in all government transactions, and the system has been in place since the late 1960s.
A public hearing into the database security breach revealed that hackers have now stolen the vast majority of those SIN numbers, sparking an online crimewave that has hit everyone, from the highest to the lowest.
"There's absolutely no doubt that we are talking about some very massive changes here," said Kim Ki-su, a director at Seoul's Ministry of Security and Public Administration.
Understandably, revamping the whole system would cost the Korean government at least $650 million or more, but reissuing all of the numbers would also leave businesses footing a potential billion-dollar bill to get all the new data into their computers.
On the other hand, if criminals continue to exploit the stolen ID numbers for identity theft, that bill could look very cheap in comparison.
South Korean President Park Geun-hye was one of 20 million people who took a hit when online fraudsters subverted three of her country's credit card companies.
The President called for a complete revamp of its current ID system in response to the massive security breach.
Professor Kilnam Chon, called the "Father of Asian Internet" for his work in wiring up the continent, has warned that today's ID system is probably unable to cope with the security demands placed upon it and needs some serious redesign.
"The issues have grown to a point where finding a way to completely solve them looks unlikely," he added.
Part of the real issue is the sheer numbers themselves. The ID numbers aren't randomized – they start with the owner's birthdate, then have the digit one or two to indicate the recipient's sex, then other numbers depending on where they are from.
Those numbers are used in everything from opening a bank account to getting an accredited email address.
"Resident registration numbers' usage across different sectors made them master keys for hackers to open every door and steal whole packages of personal information from unassuming victims," said researcher Geum Chang-ho at the state-run Korea Research Institute for Local Administration.
"Even if their numbers are leaked, people are unable to change them, so hackers are constantly trying to obtain those same numbers and are managing it easily," he added.
The other key problem is technological and stems from a reliance on Microsoft's ActiveX controls-- the Korean government made Microsoft's software a core requirement for online shopping and banking, a historically very weak spot in internet security.
Meanwhile, in the United States last week, miscreants hacked into the Oregon Employment Department's website for job seekers and got their hands on confidential records for more than 850,000 people.
Source: The South Korean Government.
Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!