South Korea was the target of over 110,000 cyberattacks in the past five years, according to a report submitted to the country’s National Assembly.
[This story was written originally for ZDNet on Sep. 21, 2015]
A report compiling 114,035 detected cyberattacks committed against South Korean government organisations between 2011 and June 2015 was made public on Friday.
The report — based on numbers from South Korea’s National Computing & Information Agency (NCIA) — was released by Im Su-kyung, a member of the National Assembly’s Public Administration & Security Committee.
The massive number of attempted hacks breaks down as follows: 8,663 targeted the Ministry of Foreign Affairs; 5,735 targeted the Ministry of Trade, Industry and Energy; 5,224 targeted the Ministry of Government Administration and Home Affairs; 3,093 attacks were committed against the Ministry of Health and Welfare; and 2988 attacks took place against the National Police Agency.
“If confidential state information leaks out, the consequences can be immense and more than 100,000 cases of hacking against government facilities have taken place,” said Im Su-kyung. “We must do more to stop the growing number and the growing number of types of cyberattacks.”
The hardest problem in finding the source of these attacks is attribution. Each package of data sent over the web contains source and destination information. But that source data can be spoofed by an attacker using a proxy server to make it seem like it’s coming from somewhere it’s not.
Of course, it is exceedingly easy to hide IP origin in an attempted hack, and almost none of the attacks showed a North Korean IP address. In 2013, three cases involved an IP from North Korea and in 2012, there were just two such cyberattacks.
Officially, the IPs used in the attacks point the finger at a number of countries. Most of them at 66,805 (58.6 percent) came from South Korea; next from China at 18,943 (15.9 percent); some 8,092 attacks (7.1 percent) came from the United States; 2,200 (1.9 percent) from Taiwan; and 1,484 (1.3 percent) from Russia. North Korea did not even register a percentage point.
Though over 110,000 attacks seems like a lot, that number excludes attempted hacks that were automatically filtered out by the web security systems of the government agencies targeted.
The figure also excludes numbers recorded by South Korea’s Ministry of National Defence and its National Intelligence Service, its main spy agency. Those numbers are not recorded by the NCIA.
There were four basic types of cyberattacks. The largest, totalling 33,544 — 29.4 percent of all attacks — was classified as “attempts to access information without permission”. The second largest type of cyberattack at 18,607 cases (16.3 percent) consisted of “information leakages”. Leakage of information could refer to customer or user information such as name, address, phone number, and national identification number, as well as other possibly classified information.
The third type of cyberattack was termed “authorisation acquisition attempts”, making up 16,243 attacks (14.2 percent); while the fourth type was classified as “information collections” at 14,077 (12.3 percent of the total).
The government did not say what damage the huge number of attacks caused, nor what type of information may have been leaked.