KT Hacking Incident: Man-in-the-Middle Attack on National Telecom Network and Its Impact

The recently revealed KT customer device hacking incident is considered one of the most serious incidents in the history of internet security in Korea. This incident goes beyond a mere corporate transgression, showcasing a national-level security crisis. Even more alarming is the government's lukewarm response and the public's lack of attention to it.

Course of Events

1. June 2020: Police investigation initiated following a complaint filed by a company that suffered hacking damages
2. October 2020: Police conduct the first seizure of evidence at KT's Bundang IDC center
3. Summer 2022: Police carry out a second seizure of evidence at KT headquarters
4. November 2023: Police refer about 10 people, including KT employees and subcontractors, to the prosecution
5. May 2024: Prosecution requests supplementary investigation from the police

The Core of the Incident: Man-in-the-Middle Attack at the National Core Telecommunication Network Level

1. Unprecedented Scale and Severity: This KT hacking incident can be viewed as a "man-in-the-middle attack at the national core telecommunication network level," going beyond a simple case of corporate illegality. This is an extremely serious issue that threatens the internet security of the entire nation.

2. Wide-Ranging Impact: KT is one of the major telecommunications companies in South Korea, and its network forms part of the national core telecommunication network. Attacks at this level can affect not only individual users but also businesses, government agencies, and the nationwide network infrastructure.

3. Erosion of Security Trust: The fact that a company operating the national core telecommunication network directly carried out hacking severely undermines the trust in the entire internet ecosystem.

4. Direct Hacking Through Network Modification: KT did not simply block problematic traffic. Instead, it actively manipulated the network to directly hack its customers' PCs. This is a serious abuse of its authority as an internet service provider (ISP).

5. Methods of Hacking:

• Packet Modification and Eavesdropping: KT intercepted and modified information exchanged through the network to prevent its customers from using the grid software of webhard companies.
• Malware Attacks: Through the modified packets, KT disseminated malware that could cause program malfunctions on the PCs of its customers.
• Suspicion of DNS Modification: There are suspicions that KT disseminated malware by making it appear as if it was being distributed from a webhard site, while actually changing the IP address to a KT site.

6. Large-Scale Damage: According to estimates by the affected companies, about 600,000 individual users were impacted over a month, and these errors persisted for five months.

7. Legal Issues: Packet interception is an act strictly restricted by the Telecommunications Secrecy Protection Act, and violators can face severe punishment.

8. Security Vulnerabilities: Due to malware infection, there is a possibility that the firewall on individual PCs was damaged, potentially leading to further security issues.

Government Connivance and Evasion of Responsibility

1. Ministry of Science and ICT's Connivance: Despite becoming aware of this incident in September 2023, the MSIT took no action. This can be seen as tacit approval of illegal activities.

2. Evasion of Responsibility: The MSIT has not conducted any independent investigations or audits, citing the ongoing nature of the investigation. This amounts to neglecting its supervisory responsibilities.

3. Lack of Transparency: It is deeply concerning that information about this incident has not been properly disclosed even after four years.

KT's Position and Questions Raised

1. KT's Claim: KT maintains that this incident was a legitimate action to control 'malicious' grid services.

2. Questions:

• Why was malware disseminated targeting individual PCs instead of webhard companies or grid service providers?
• What was the reason for choosing this approach instead of the legal methods of traffic blocking following the Supreme Court ruling in 2019?
• A legal review is needed to determine whether grid services can still be considered 'malicious' programs.

3. KT's Past Actions: Was this KT's first hacking attempt? The possibility of similar actions in the past cannot be ruled out.

4. Reasons for Government Connivance: What were the reasons behind the MSIT's condoning of such serious illegal activities? A thorough investigation is needed.

5. Possible Involvement of Other Telecommunications Companies: Is there a possibility that other telecommunications companies besides KT engaged in similar actions?

Insufficient Attention Given the Severity of the Incident

The current level of media and public attention to this incident is remarkably low, considering its gravity. The fact that an ISP violated the privacy of its customers and attempted direct hacking should be treated as a national-level security crisis. However, the failure of this incident to receive appropriate attention is deeply troubling.

Conclusion and Future Tasks

The KT hacking incident, especially considering it was a man-in-the-middle attack at the national core telecommunication network level, suggests the need for a fundamental review of South Korea's overall cybersecurity framework. This goes beyond a simple case of corporate illegality, revealing serious flaws in the nation's internet security system and supervisory mechanisms. The following measures should be implemented urgently:

1. Thorough investigation of KT and punishment of those responsible
2. Clarification of the MSIT's responsibility and improvement of the supervisory system
3. Comprehensive investigation of other telecommunications companies
4. Establishment of legal and institutional mechanisms to prevent ISPs from abusing their power
5. Strengthening security and reforming the supervisory system for the national core telecommunication network
6. Raising public awareness of cybersecurity and building a continuous monitoring system

This incident cannot be brushed aside. We, the government, businesses, and citizens, must approach this critical issue, which threatens the personal information of citizens and the cybersecurity of the entire nation, with a heightened sense of awareness. Furthermore, this incident presents an opportune moment for a social discussion about the responsibilities and authority of internet service providers, as well as the rights of users.