The National Election Commission's internet PCs were breached by the North Korean hacking group 'Kimsuky,' resulting in the leakage of confidential documents, and the election management system was found to be vulnerable to security threats, allowing hackers to alter election result values, according to the government joint inspection results.
The joint security inspection team, consisting of the National Intelligence Service, the National Election Commission, and the Korea Internet & Security Agency (KISA), announced the results of the security inspection conducted from July 17 to September 22 at a briefing held on the 10th at the National Cybersecurity Cooperation Center in Pangyo, Gyeonggi Province.
The joint security inspection was conducted in three areas: ▲system vulnerabilities ▲hacking response status ▲infrastructure security management, and was carried out by simulating a hacker attempting to infiltrate the National Election Commission's computer network.
First, the 'Integrated Voter Registry System,' which manages voter registration status and voting participation, was found to have vulnerabilities that allowed infiltration into the internal network of the National Election Commission via the internet, and access rights and account management were also poor, making hacking possible. Through this, it was possible to mark 'people who voted early as those who did not vote' or 'people who did not vote early as those who voted,' and even register non-existent ghost voters as legitimate voters, thereby altering the contents of the voter registry, the joint inspection team reported.
Additionally, hackers were able to infiltrate the internal system of the National Election Commission and steal the official seal (廳印, National Election Commission) and private seal (私印, polling station) files stamped on early voting ballots. It was also confirmed that the test early voting ballot printing program was not properly controlled, allowing unauthorized printing of ballots with the same QR code as actual early voting ballots. Non-authorized external PCs could also be connected to communication devices installed at early voting stations, enabling infiltration into the internal election network, and in the case of 'Seonsang Voting,' a type of absentee voting, the voting results of specific voters could be viewed.
The 'counting system,' where the vote counting results are stored, was found to have insufficient security management, allowing hackers to alter the vote counting results. Although external devices (such as USBs) should be restricted from connecting to the ballot sorting machines, unauthorized USBs were connected without permission, enabling the installation of hacking programs that could change the sorting results. Furthermore, wireless communication devices capable of internet communication were also connected to the ballot sorting machines.
The National Election Commission's network separation security policy was inadequate, allowing communication between computer networks and enabling intrusion from the internet into the internal critical network, and passwords used to access major systems were simple and easily guessed, allowing system infiltration. Follow-up blocking and security enhancement measures were also insufficient in response to previously occurred hacking incidents. The inspection team confirmed that the National Election Commission had not been aware of North Korean hacking incidents notified by the National Intelligence Service over the past two years and had not taken appropriate countermeasures. It was also confirmed this time that around April 2021, the National Election Commission's internet PCs were infected with malware from the North Korean 'Kimsuky' group, resulting in the leakage of confidential documents and work materials stored in commercial mailboxes and data stored on the internet PCs. The joint security inspection team explained, "The National Election Commission's system was infiltrated using hacking methods commonly employed by international hacking groups, and if external forces such as North Korea intended, attacks could occur at any time."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
