This is an AI translated post.
Select Language
Summarized by durumis AI
- The KT customer device hacking incident is a serious incident that could affect not only individual users but also businesses, government agencies, and nationwide network infrastructure, as it is a man-in-the-middle attack at the national telecommunications network level.
- This incident revealed that KT invaded the personal information of customers and attempted direct hacking, and it has been carried out with the government's condoning and avoidance of responsibility, as well as the lack of attention from the media and the public.
- This incident suggests the need for a fundamental review of Korea's overall cybersecurity system, and urgent measures are needed, including a thorough investigation of KT and punishment of those responsible, clarifying the Ministry of Science and ICT's responsibility, and establishing legal and institutional mechanisms to prevent ISPs from abusing their authority.
The recent revelation of KT's hacking of customer devices is considered one of the most serious incidents in the history of Korean internet security. This incident goes beyond a simple corporate transgression, demonstrating a national security crisis. What's even more alarming is the lukewarm response from the government and the public's lack of attention to the matter.
Timeline of Events
1. June 2020: Police investigation launched following a complaint filed by a company that suffered hacking damage.
2. October 2020: Police conducted the first search and seizure of KT's Bundang IDC center.
3. Summer 2022: Police conducted a second search and seizure of KT's headquarters.
4. November 2023: Police sent over 10 KT employees and contractors to the prosecution.
5. May 2024: Prosecutors request supplementary investigation from the police.
The Core of the Incident: Man-in-the-Middle Attack at the National Backbone Network Level
1. Unprecedented Scale and Severity: This KT hacking incident can be viewed as a "man-in-the-middle attack at the national backbone network level", exceeding simple corporate wrongdoing. This is an extremely serious matter that threatens the internet security of the entire nation.
2. Widespread Impact: KT is one of the major telecommunication companies in South Korea, and its network comprises a part of the national backbone network. An attack at this level can affect not only individual users but also businesses, government agencies, and national network infrastructure.
3. Erosion of Security Trust: The fact that a company operating the national backbone network directly carried out hacking seriously undermines the trust of the entire internet ecosystem.
4. Direct Hacking through Network Tampering: KT did not simply block problematic traffic; it actively tampered with the network, directly hacking into customers' PCs. This is a serious abuse of its authority as an internet service provider (ISP).
5. Hacking Method:
- Packet Modification and Eavesdropping: KT intercepted and modified information exchanged through the network to prevent customers from using the Grid software of webhard companies.
- Malware Attack: Through modified packets, KT spread malware that could cause program malfunctions on the personal PCs of KT customers.
- Suspected DNS Tampering: There are suspicions that KT, disguised as a webhard site spreading malware, changed the IP address to its own site to distribute malware.
6. Large-Scale Damage: According to estimations by the affected company, approximately 600,000 individual users were affected over a period of one month, and these errors persisted for five months.
7. Legal Issues: Packet interception is a practice strictly regulated by the Telecommunications Secrecy Protection Act, and violators can face severe penalties.
8. Security Vulnerabilities: Malware infection could have damaged firewalls on personal PCs, potentially causing further security issues.
Government's Connivance and Evasion of Responsibility
1. Connivance of the Ministry of Science and ICT: Despite being aware of the incident in September 2023, the Ministry of Science and ICT did not take any action. This can be seen as tacit approval of illegal activities.
2. Evasion of Responsibility: Citing the ongoing investigation, the Ministry of Science and ICT did not conduct any independent investigation or audit. This is a dereliction of duty as a regulatory body.
3. Lack of Transparency: The lack of proper disclosure of information about this incident, even after four years, is deeply concerning.
KT's Position and Questions Arising
1. KT's Claim: KT claims that this incident was a legitimate action to control "malicious" grid services.
2. Questions:
- Why was malware spread targeting personal PCs instead of webhard companies or grid service providers?
- Why was this method chosen instead of legitimate traffic blocking methods, which were established following the Supreme Court ruling in 2019?
- Legal review is necessary regarding whether grid services can still be considered "malicious" programs.
3. KT's Previous Actions: Was this KT's first hacking attempt? It's impossible to rule out the possibility of similar activities in the past.
4. Reasons for Government Connivance: What were the reasons for the Ministry of Science and ICT's connivance in such serious illegal activity? A thorough investigation is needed.
5. Possible Involvement of Other Telecom Companies: Is there a possibility that other telecommunication companies engaged in similar activities besides KT?
Insufficient Attention Considering the Severity of the Incident
The current lack of attention from the media and the public is concerning given the severity of this incident. The fact that an ISP violated customer privacy and attempted direct hacking should be treated as a national security crisis. However, it is worrying that this incident is not receiving proper attention.
Conclusion and Future Tasks
The KT hacking incident, especially its nature as a man-in-the-middle attack at the national backbone network level, indicates the need for a fundamental review of South Korea's overall cybersecurity system. This goes beyond mere corporate wrongdoing, exposing critical flaws in the national internet security system and regulatory oversight. The following actions are urgently needed:
1. Thorough investigation and punishment of those responsible at KT
2. Clarification of the Ministry of Science and ICT's responsibility and improvement of regulatory oversight systems
3. Comprehensive investigation of other telecommunication companies
4. Establishment of legal and institutional mechanisms to prevent abuse of ISP power
5. Strengthening security and revamping the supervisory system for the national backbone network
6. Raising public awareness of cybersecurity and establishing a continuous monitoring system
This is not a matter that can be easily dismissed. We must all, the government, businesses, and the public, approach this crucial issue with a sense of urgency, as it threatens the personal information of citizens and the cybersecurity of the entire nation. Furthermore, this incident marks a turning point for a societal discussion on the responsibilities and powers of internet service providers, as well as user rights.