The UOS Times
FeatureCover Story
Hacking Alert_ Is Your Device Safe?
Byeon In-jin / Yang Chan-sik Reporter / Junior Re  |
폰트키우기 폰트줄이기 프린트하기 메일보내기 신고하기
[0호] 승인 2010.09.04  
트위터 페이스북 네이버 구글

“I’m an Information Technology (IT) trendsetter. So, I purchased the new smartphone, Galaxy S. I usually enjoy using several applications in my spare time. Today was the first day when I used a new application, which I had downloaded yesterday. So I was very excited! But when I opened the 1 application, the message window came up, ‘Check the cell phone 2 interface.’ At the moment, I touched the ‘Yes’ button unconsciously. Then, all my stored phone numbers and contents were transmitted into somewhere. Oops, what happened to my smartphone?”

“Ho hum. As soon as I wake up, I habitually turn on my computer in the morning. Then I usually watch some web cartoons and log into the website in order to give grades. However, a new e-mail is in my account. It was sent by twitter which I joined a few days ago. But the mail title is strange. The title is ‘Reset your Twitter password.’ I clicked the title to see what the mail was about. There was a URL address. So I clicked the URL address without any doubt. But in that moment, the window automatically moved to adult websites and five icons were installed on the desktop. Oh my! It was a junk mail. But I simply think ‘There is nothing wrong.’ A few days later, I checked my twitter account and I was very shocked. My twitter timeline was written in a strange command. It all started with opening the junk e-mail.”

New IT devices and services such as smartphones and 3 Social Network Service (SNS) provide convenience to many users. However, malicious hackers use new IT devices and services to spread malignant codes and viruses. So the extent of damage has gradually increased. Therefore, 4 AhnLab Inc. made public ‘12 security issues of this year’ in January. The contents are listed in the next page. In July 2010, a real case of several 7 zombie computers caused damage that was only marginally worse than the last DDoS crisis. However even now, there are reported hacking cases about new IT devices around our environment. So some netizens have spread a ‘September Hacking Theory’.

In the University of Seoul (UOS), we can easily check out some cases from the ‘12 security issues of this year’ list. Like number 9 of the list (diffusing of bodiless malicious codes), some of the commonly used computers in every classrooms, like the projector computers in Digital Library and the 21st Century Building, installed malignant codes. Even when USBs were plugged in the PC port, storage folder files have vanished, causing professors’ study material or students’ portfolios to disappear. Also, some students who login to their messenger on shared computers and forget to logout. It makes anybody can access to their personal information. Examples like this highlight hacking cases in today’s society and in the UOS. Therefore through some cases, we will look into the cause of hacking and how to safeguard ourselves against them.

1. Exploits of zero-day vulnerability of using 5 Distributed Denial of Service (DDoS Attack)
2. Increase of attacking smartphones
3. SpamBots (A program which is an E-mail address harvesting tool) is phishing you.

4. SNS is a target of online scammers
5. Increase of online game hacking tools
6. Increase of security threats about cloud computing

7. Appearance of security threats about 6 Voice of Internet Protocol (VoIP)
8. Increase of messenger phishing
9. Diffusing of bodiless malicious codes

10. Increase of attacking Windows 7 weaknesses
11. Web attacks get more audacious and sophisticated
12. Rogue anti-virus software has appeared

What is Hacking?

According to Wikipedia, the original term of “Hacking” means to express admiration for the work of a skilled software developer. However, some frown upon using ‘hacking’ as a synonym for security cracking - in distinct contrast to the larger word, in which the word hacker is typically used to describe someone who “hacks into” a system by evading or disabling security measures. Nowadays, ‘hacking’ is more widely used than ‘cracking’.

An On-line Environment Vulnerable to Hacking

Thanks to the development of the Internet, almost anything has become possible on-line, especially in the past few years. These days we are able to shop, create our own blog, chat on-line with others, download necessary data, and so on.

An on-line shopping mall allows us to buy products just like we did off-line for decades. Especially for clothes, now we can shop from various choices compared to real department store, and order them through the website. For modern people like us, who live hectic lives, this improvement in technology has made it possible both ordering and receiving products at home. Although we cannot actually try on the clothes before we buy them, we can predict ourselves wearing clothes we have chosen through photographs of clothes in their life-size. Also, we can get useful information from comments that other customers have written. The delivery is usually within 1~3 days, and refunds and exchanges are available when there is a problem on the product. This convenience in buying clothes is also applicable to other products such as cosmetics, furniture, foods, and so on. One click of a computer mouse is substituting all the money and time spent on going to look for and buy things.

We, human beings, are social animals and therefore require close relationships with other people. Every day we meet various people and create or maintain relationships. Unfortunately, it is not possible for us to personally meet all the people we know as each of us has our own work and life. Therefore, SNSs have been created in order to make our life and relationships more efficient. These days, we are able to let others know how we are getting along through SNSs like Cyworld, Micro Blogs, Nate-On, Twitter, and so forth. Most of you would probably have an experience of doing group assignments late at night through the instant messenger program called ‘Nate-On’.

Recently, a daily used cellular phone has been upgraded into a smartphone. This device has allowed people to do their work when they are moving, even making financial services available. As we download the necessary applications from the website, we can access the Internet through this one portable device!

Like shown above, we can enjoy a much more convenient life through the Internet and the improvement in science technology. However, this can also mean all the devices we use could be a passage where viruses and spywares of every kind can enter and hack our devices. Hacking not only paralyzes computer systems but can also cause an invasion of privacy and even financial damage by leaking personal data.

Damages Caused by Hacking

We are defenselessly exposed to the damages of hacking, from individuals to national institutions.

To begin with the narrow limits, there is a danger of leaking of personal data. Do you remember the big accident of the website ‘Auction’ in 2008? At that time, personal information of about 10,810,000 customers had been disclosed. After this massive incident, other management companies with excessive members (from shopping sites to portal sites) have strained themselves in preventing information leaks. They enhanced security by improving apparatus for implementing spam filtering service and offering members download hacking prevention programs. However, various incidents have occurred since early last year. In April 2009, about 90,000 members’ IDs and passwords were exposed and in the same year in July, customers’ 8 electronic money (e-money) was extorted from the Auction site. In August 2009, IDs and milege of the on-line shopping mall G-market members had been used in sending 2,100 spam massages advertising gambling sites. On March 2010, 25 enterprises including ‘Sinsegae Mall’ and ‘I-Love-School’ websites had leaked approximately 20 million customers’ personal information.

Personal information leaks can cause trivial inconvenience like spam messages sent to numbers disclosed but even worse, you can become a delinquent borrower by the groups of people who illegally take out loans. They make 9 Dae-po Phones (大砲 Phone, a phone opened with the name of a different person) and borrow money from financial companies using customers’ information.

The most apprehensive thing that should be concerned is one’s social security number. This is because your social security number is not changeable while your ID and password can be changed. To solve this problem, the government is planning to make the use of an i-PIN mandatory from 2015. When an i-PIN number is issued through six institutions including Seoul Credit Rating & Information Inc., there would be no need to insert your social security number when joining another website. Therefore, the government considers the use of it would prevent information leaks from hacking. However, a weak spot of this i-PIN policy has been revealed. Cyber Terror Response Center arrested a group of men who illegally issued i-PIN numbers using disclosed social security numbers and sold them to online game suppliers in China. They attempted to hack by seeking flaws in the security process in confirming identities. Therefore, Korea Communications Commission (KCC) immediately stopped the utilization of 4,700 i-PIN numbers that were possibly issued illegally. They also took measures to exclude unregistered prepaid cards in the identification process. However, the problem is that it is difficult to ultimately prevent illegal i-PIN issues because it is easy to get i-PIN numbers using social security numbers that have already been leaked. What is even worse is that there is no way to assume how many social security numbers have been disclosed. This implies that the security of introducing an I-PIN policy is not perfect.

  • Change your account password frequently and make your password 6 characters or more.
  • Use authentic software. If you use illegal software, it has a high possibility of installing malignant codes.
  • Do not save your ID and password in your smartphone.
  • If you download a PC file to your smartphone, check the smartphone for viruses.
  • Before you download applications, check the user’s reputation.
  • Use Bluetooth functions only if it is necessary, because Bluetooth functions are another way to distribute viruses.
  • If you use a messenger on a shared computer, don’t forget to logout completely.
  • Save your authentication certification on a USB or external hard-drive rather than on a PC.
  • Always update your IT device security program with the latest version.

DDoS Attack is a more serious problem. Though it has been a year since the DDos Crisis happened, a lack of improvements is being made. Recently, Researcher Ahn (Ahn Chul-soo, the chairman of the AhnLab Inc.) announced the problem of hacking into SNSs as one of the 12 security issues of the year. In fact, The Department of Justice, City of Seoul, and one of the famous Korean portal websites NAVER have been attacked by DDoS. While DDoS attacks were mainly focused on specific institutes in the past, now these attacks have little regard to any objectives and will attack game sites, online shopping malls, financial companies, and so on. Malignant codes are being widely distributed through SNSs these days.

Approximately 280 new malignant codes have been created in a year and there are recently about 30 DDoS attacks per day. But this cyber attack is not the only problem. According to the Cyber Terror Response Center, personal information taken away from zombie computers used in the process of an attack has even been disclosed to other countries. Individual data including the names of recently written files to a list of recently visited websites are saved in those computers. The police say that the malignant codes executed in zombie computers have leaking information features so that the partial list of saved files would likely be leaked when infected. This data has been released to 59 countries and to servers of 416 computers up until now. A serious financial damage is of concern if personal information, especially your authentication certificate, is leaked.

An invasion of privacy is another problem caused by hacking. As SNSs are widely used these days, members of these systems, especially celebrities, are all influential candidates of being privately invaded. Personal information of famous people is overtly exposed online under the excuse of ‘curiosity about celebrities.’ Therefore, their private areas in networks are often hacked and some hackers even pretend to be those celebrities by loading files or quotes to confuse their fans. Recently, a famous Korean comedian’s pictures were leaked by hackers. This not only violated her portrait rights but also infringed a copyright of the photos since those were for magazines. Unwanted exposure of one’s privacy (such as where they live, photos of the past and so on) can confuse people and let them write abusive comments about those facts. This could make the victims suffer from serious mental anguish and even lead to committing suicide.

Safeguarding Your IT Devices from Viruses

As seen above, the skill of hacking is gradually developing and many of institutions have trouble dealing with it. However, things we believe trivially could be the best effort and a way of preventing our devices from hacking. Listed below are some of the rules we should follow in order to safeguard ourselves from viruses.

  1. Application : Application software, also known as an application, is computer software designed to help the user to perform singular or multiple related specific tasks.
  2. Interface : The system which people (users) interact with a machine. It includes hardware and software components.
  3. Social Network Service (SNS) : A social network service focuses on building and reflecting of social networks or social relations among people, e.g., who share interests and/or activities. A social network service essentially consists of a representation of each user (often a profile), his/her social links, and a variety of additional services. Most social network services are web based and provide means for users to interact over the internet, such as e-mail and instant messaging.
  4. AhnLab Inc. : An antivirus software company founded and run by Ahn Chul-soo, the chairman of the company.
  5. Distributed Denial of Service (DDos Attack) : A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users.
  6. Voice of Internet Protocol (VoIP) : Internet telephony that refers to communications services - voice, facsimile, and/or voice-messaging applications - that are transported via the Internet, rather than the public switched telephone network (PSTN).
  7. Zombie Computers : A zombie computer (often shortened as zombie) is a computer connected to the Internet that has been compromised by a hacker, a computer virus, or a trojan horse.
  8. Electronic money (e-money): refers to money or scrip which is only exchanged electronically
  9. I-PIN : Internet Personal Identification Number or i-PIN is a “commercial” alternative to the Resident Registration Number used in South Korea for on-line identification.
< 저작권자 © The UOS Times 무단전재 및 재배포금지 >
Byeon In-jin / Yang Chan-sik Reporter / Junior Re의 다른기사 보기  
폰트키우기 폰트줄이기 프린트하기 메일보내기 신고하기
트위터 페이스북 네이버 구글 뒤로가기 위로가기
이 기사에 대한 댓글 이야기 (0)
자동등록방지용 코드를 입력하세요!   
- 200자까지 쓰실 수 있습니다. (현재 0 byte / 최대 400byte)
- 욕설등 인신공격성 글은 삭제 합니다. [운영원칙]
이 기사에 대한 댓글 이야기 (0)
Best News
Members of Multicultural Families, Are They Koreans?
Hacking Alert_ Is Your Device Safe?
Hi! Green Seoul
K-POP Hits the Europe
Their Stories Must Not Be Forgotten
Hackers are not `the Heck`Any More
Quarrelsome Daddy
A Warm Gift for Your Christmas
Are You Really Familiar with 'Spec'?
The TRUTH, Dokdo is Korean Territory,
02504 서울특별시 동대문구 서울시립대로 163 미디어관 3층 영자신문사
전화 : 02-6490-2496 | 발행인 : 원윤희 | 편집인 겸 주간 : 장경원 | 편집장 : 신정호 | 청소년보호책임자 : 김대환
Copyright © 2012 The UOS Times. All rights reserved. mail to