South Korean Student Hacks Central Government Complex in Seoul
David Lee, April 11, 2016, 8:07 a.m.
A student applying to be a government official broke into the Central Government Complex in Seoul and fabricated a list of those who passed the exam. The incident raised concern over security problems with e-government officials and the government building. According to the police, Song (26), who had already taken the Korean civil service exam, snuck into the HR department at the Central Government Complex, accessed the PC of the official in charge of the exam, and fabricated a list of those who passed.
The case clearly shows that Song used the government official’s computer as if it were his own. The security status of Korea’s e-government is being questioned as all preventative measures were easily disarmed by a 26-year-old civil service applicant. The incident is a national embarrassment, as the Korean government has been selected as the world’s top e-government three years in a row.
All government employees are required to set multiple passwords on their PCs. ACMOS password needed when booting, a password to start Windows, and screensaver passwords are required. Passwords are also a must for all important documents. Every month, government employees’ passwords are checked. However, Song seemed to have had no problem bypassing the passwords on the government official’s PC.
Whether the employee whose computer was broken into followed the rules regarding passwords properly is not clear. However, experts commented that if he or she saved the passwords on a USB key instead of the computer’s hardware, the incident could have been prevented. Authorities at the Ministry of Government Administration and Home Affairs say that it is too early to comment as the investigation is still underway. However, if Song broke into the computer even though all the passwords were set properly, the situation would be ever more serious.
Although there might have been problems with government personnel, authorities also suggest that the Windows-based administrative network is weak. “Software that helps clear passwords is easy to find on the internet. Song might have saved a Linux program on a USB key to crack the passwords.”
Authorities are refraining from commenting for now, saying that the Windows-based system is not the only problem as other operating systems such as Linux-based systems also have their flaws. They said that bypassing all four passwords requires technique and time, and whether there were faults with management will be revealed once the investigation is complete.