Digital Chosun Ilbo
April 18, 2008
Korea's Internet industry has been rocked by the news that the personal
information of some 10.81 million users of Auction, the country's
largest e-marketplace, was leaked in a hacking incident. The massive
leak vividly demonstrates the vulnerability of Korea's e-marketplaces,
which last year processed some W413 trillion (US$1=992) in online
Several highly-publicized hacking incidents have proved an embarrassment
for a country that prides itself on its technological savvy. After the
attack on Auction earlier this year, Daum, the country's second-largest
search engine, and Mirae Asset, the country's largest securities firm,
were both attacked by hackers. Popular online video games, including
Blizzard Entertainment's "World of Warcraft" and Yedang Online's
"Priston Tale 2," each of which boasts hundreds of thousands of users,
have suffered similar attacks.
Worryingly, the attacks are becoming better organized and more
dangerous. In the past, many hackers were so naive as to show off their
abilities or to stage public "cyber-demonstrations." Now an increasing
number of criminal hackers are seeking to obtain web users' personal
information and profit from it.
More and more hackers are targeting Korean Internet sites from bases in
China, or going through poorly protected China from bases in third
countries. According to a study by the Korea Information Security
Agency, more than 50 percent of all malicious foreign Internet traffic
into Korea comes from China.
The personal information of Korean Internet users, such as residence
registration numbers, are traded on China's black market and passed
around on China's largest websites, including Baidu and Google China.
Last year, the South Korean government formally asked Beijing to have
Chinese websites remove the contraband information. So far China has
done little to help, regarding the problem as the responsibility of
Korean service providers.
Indeed, lax security at Korean web companies is one reason information
leaks are so frequent. Compared with their foreign counterparts, Korean
websites demand too much information from their users. And when leaks
occur, the companies are often slow to act or evasive, denying that
damage has been done. After it discovered that its server had been
hacked in early February, Auction kept the news to itself for almost a
full day, only reporting it to police after the hacker attempted to make
The prevailing trend in the U.S. is toward making it mandatory for
service providers to inform their subscribers of personal information
leaks. Since California took the initiative in 2003, 19 states,
including New York, have either passed laws or introduced bills to this
effect. Such measures are intended to prevent web companies from using
legal loopholes to avoid responsibility for leaks.
An official with Broadcasting and Communications Commission said it is
considering ways to pass a similar law in Korea. Meanwhile the
commission is planning a publicity campaign with 300 Web service
providers for next month to encourage Internet users to change their
Let identityLoveSock take your personal information into
their wanting hands. http://www.identity-love-sock.com/
Because victims have money too.