South Korea’s government hit with 114,000 cyberattacks in 5 years

Almost none of the attacks showed a North Korean IP address, although it’s not difficult for hackers to hide their origin.

South Korea may have the fastest Internet speed in the world, but it looks like the country needs to ramp up its security. South Korea’s government has been hit by more than 110,000 cyberattacks in the past five years.

Im Su-kyung, a member of the National Assembly’s Public Administration & Security committee, made the findings of the organisation’s report public on Friday. Filtering data given to it by the National Computing & Information Agency (NCIA), the National Assembly’s report compiled 114,035 detected cyberattacks committed against government organisations from 2011 to June of this year.

“Cyberattack” generally refers to any attempt made by hackers to damage or destroy a computer system or network, however the figures above don’t include attempted hacks that were automatically filtered out by the web security systems of the targeted government agencies. It also excludes numbers recorded by South Korea’s Ministry of National Defense and its National Intelligence Service, which are not kept by the NCIA.

Almost none of the attacks showed a North Korean IP address, although it’s not difficult for hackers to hide their origin. In 2013 there were three cases that involved an IP from North Korea, and in 2012 there were just two. Despite this, South Korea has pointed the finger at North Korea following various cyberattacks in recent years.

The Ministry of Foreign affairs was attacked most frequently, being targeted 8,663 times. The Ministry of Trade, Industry and Energy was hit 5,735 times, while the Ministry of Government Administration and Home Affairs was attacked 5,224 times. The National Police Agency and the Ministry of Health and Welfare were each targeted around 3,000 times.

“If confidential state information leaks out, the consequences can be immense and more than 100,000 cases of hacking against government facilities have taken place,” Su-kyung said. “We must do more to stop the growing number and the growing number of types of cyberattacks.”

The hardest problem in finding the source of these attacks is geographical attribution. Each package of data sent over the web contains source and destination information, but that source data can be tweaked to make it seem like the attack has a different point of origin.

Officially, the IPs used in the attacks point the finger at a number of countries. At 66,805, most of them came from within South Korea. China was next with 18,943, while 8,092 came from the USA. North Korea did not even register a percentage point.

There were four main types of cyberattacks listed in the report. The most prevalent, at 33,544 occurrences, was defined as “attempts to access information without permission.” Behind it, with 18,607 cases, was “information leakages,” which refers to customer/user information such as name, address, phone number, and national identification number being stolen and distributed.

The third type of cyberattack was termed “authorization acquisition attempts” and made up 16,243 attacks. Least frequent was of the four was classified as “information collections,” which had 14,077 recorded instances.