U.S. Journal Reported 'Hacking Attempt' in August
Ministry of the Interior and Safety: "National Intelligence Service Investigating Impact"
Most Leaked Certificates Found to Be Expired
The Ministry of the Interior and Safety announced that it is investigating, under the supervision of the National Intelligence Service, the circumstances and impact of the attempted hacking of the Onnara System, which was reported by a U.S. professional journal two months ago. The ministry has strengthened security measures, such as utilizing phone authentication (ARS), and plans to replace administrative electronic signatures with a biometric authentication-based system going forward.
On October 17, Lee Yongseok, Director General of Digital Government Innovation at the Ministry of the Interior and Safety, held a briefing at the Government Complex Sejong and stated, "Around mid-July, our ministry, through the National Intelligence Service, identified signs that the government remote work system (G-VPN) was used to access the Onnara System, which is the government work network, from an external internet PC."
Previously, on August 8, the U.S. hacking-focused journal 'Phrack' reported that there had been hacking attempts on the Onnara System and other platforms managed by the Ministry of the Interior and Safety. According to the report, a white-hat hacker reverse-hacked the PC of an international hacker group and found access logs to the Onnara System, which is used for government work, administrative electronic signature (GPKI) certificate files used by public officials for authentication, and related source code. This is the first time the ministry has commented on the report.
Director Lee explained that in response to the confirmed hacking attempt, "On August 4, we strengthened security by requiring phone authentication in addition to administrative electronic signature authentication when accessing the government remote work system. We also completed measures to prevent the reuse of logins in the Onnara System, which were implemented for central government agencies and local governments on July 28."
Most of the leaked administrative electronic signature certificates were found to have expired. Director Lee said, "After receiving information about the certificates from the National Intelligence Service and checking their validity, we found that most certificates had expired. For the few valid certificates, we completed disposal measures on August 13." He added, "It is presumed that, from a management perspective, the certificate information was leaked from external internet PCs due to user carelessness. We have notified all central government agencies and local governments to prohibit certificate sharing and to strengthen management."
Regarding the code related to administrative electronic signatures used by institutions, Director Lee stated, "The API source code posted in the Phrack report is from an old version that used ActiveX. Since we have not used this since 2018, there is currently no security threat."
He further explained that the National Intelligence Service is conducting a joint investigation with relevant agencies into how the leak occurred and its impact. Director Lee stated, "If any areas for improvement are identified as a result of the investigation, we will immediately implement supplementary measures and respond accordingly."
He also announced plans to prevent future security threats to administrative electronic signature certificates by transitioning to an internal authentication system based on biometrics. Director Lee said, "We will replace the current administrative electronic signature-based authentication system used by public officials to access internal administrative systems with biometric-based multi-factor authentication methods, such as mobile government employee ID cards. For government services provided to the public, we will also actively expand the adoption of convenient and secure authentication methods, such as mobile identification cards using biometric authentication."
Director Lee concluded by saying, "We are closely monitoring recent trends in cyber threats and are inspecting and addressing major causes of security incidents, such as phishing, malware, and security vulnerabilities. We will do our utmost to prevent similar incidents from occurring in the future."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
