You may know Korea as one of the most wired countries on the planet, but did you know hackers have compromised more than 100 million user accounts from the country over the past five years?
Operator KT suffered a breach that endangered the records of nearly 9 million customers last year, while online games firm Nexon had more than 13 million user records compromised in 2011. The largest breach in recent times came from SK, the firm behind Facebook-forerunner Cyworld, which is estimated to have had 35 million records nabbed in 2011.
Experts are claiming that Korean IT policy — which has made the country reliant on Microsoft’s Internet Explore browser and ActiveX software — a lack of spending of cyber security, excessive collection of user data and other factors have enabled these attacks and others in recent years.
An article from the Korea Herald explores the issue in detail, and includes the graphic below to illustrate Korea’s security vulnerabilities.
Korea may boast the world’s speediest mobile Internet — thanks to the planet’s first and second LTE-Advanced networks — but it is overly reliant on Internet Explorer and, in particular, ActiveX, which is used to power a key certificate system that verifies Internet users in the country for transactions.
Google Chrome is widely considered to the Web’s most popular browser — analytics site Statcounter pegs it at a dominant 40 percent market share — but many Korean websites run on Internet Explorer only. That’s because ActiveX, which is not supported by Chrome, Opera or other browsers, is used as the identification platform to enable transactions over 300,000 won ($268).
Korea’s use of ActiveX isn’t down to an infatuation with Microsoft, the software protects personal data and make it almost impossible for fraudulent transactions to take place.
The issue with ActiveX, however, aside from limiting the browser choice in Korea, is that it makes PCs and storage systems attractive and susceptible to hacking because it is storing valuable details. Each user’s online ‘key’ is typically filed on their PC, motivating hackers to get their hands on the information.
“By allowing only the public key certificate to be used, the entire nation suffers inconvenience,” Korea University Kim Kee-chang told the Herald. “On top of that, countless online service providers are stuck on a single platform, blocking the broader IT industry from moving forward.”
The widespread use of ActiveX provides a target for hackers by storing information on networks and PCs, but it seems that a lack of preventative measures from companies is an equally significant factor.
The Herald cites data from KISA (Korea Internet Security Center) which says that some 73 percent of domestic companies spend no money on data protection because “there’s no immediate return” on their investment.
Korea eased up on some of its online regulations last August when it ended a law that required websites to authenticate visitors by collecting their national ID numbers — something which provided even more ‘hackable’ data — while a law requiring the use of real names online was deemed unconstitutional just days later.
A new bill aims to end the use of online certifications for Web-based purchases, but it isn’t for certain that it will become law.
While the abundance of digital records and lack of investment in security attracts hackers, the Korean government is not likely to transform the system until it finds another that keeps transactions as safe. The Herald says several companies are using ActiveX-free payment systems already, suggesting that change is possible for the future.
Headline image via Thinkstock