[Asia Economy Reporter Yang Nak-gyu] Attempts to hack and steal military secrets from our armed forces have sharply increased. Last year alone, there were about 9,500 hacking attempts, but fortunately, no military data is known to have been leaked.
According to the Ministry of National Defense on the 28th, recent hacking attempts targeting the South Korean military's defense information system from abroad increased from about 4,000 cases in 2017 to over 5,000 in 2018, reaching a total of 9,533 last year. Compared to 2017, last year saw an increase of about 5,500 attempts. Although there were 9,533 hacking attempts last year, the defense information system was not breached, and no cases of military data leakage are known. The defense information system is a term that collectively refers to equipment and software related to the collection, processing, storage, search, transmission, reception, and utilization of defense information.
Tracking the Internet Protocol (IP) addresses used in hacking attempts last year by the Ministry of National Defense Cyber Operations Command and others showed that most IPs were located in China and the United States.
In response to the recent surge in hacking attempts on the defense information system, the Ministry of National Defense has established and is operating a multi-layered protection system across networks, servers, and endpoint PCs. However, despite annual vulnerability analysis and evaluation of defense information systems by each military branch and agency, issues such as failure to apply the latest security patches, inadequate administrator account management, and poor password management continue to be identified.
In particular, it is known that there is difficulty in identifying security vulnerabilities and early signs of cyberattacks during security inspections of each defense information system due to the absence of standardized inspection items (checklists).
However, regarding the Information Operation Protection Condition (INFOCON), which is sequentially issued in five stages according to the level of cyber intrusion threat, a checklist has been created.
A military official explained, "We are researching measures to ensure safety, such as preventing cyber intrusions in advance and detecting early signs of cyberattacks targeting major defense information systems."
Previously, in September 2016, a significant amount of military data was leaked when malware was spread through hacking of the military internal network exploiting server security vulnerabilities.
Some of the IPs used in the attack on the defense network at that time were identified as IPs from the Shenyang area in China, which had been previously used by North Korean hackers, and the malware was similar to that used by North Korean hackers. The following year, the Ministry of National Defense prosecution team announced investigation results estimating that the attack was carried out by a North Korean hacker organization.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
