“I’m an Information Technology (IT) trendsetter. So, I purchased the new smartphone, Galaxy S. I usually enjoy using several applications in my spare time. Today was the first day when I used a new application, which I had downloaded yesterday. So I was very excited! But when I opened the 1 application, the message window came up, ‘Check the cell phone 2 interface.’ At the moment, I touched the ‘Yes’ button unconsciously. Then, all my stored phone numbers and contents were transmitted into somewhere. Oops, what happened to my smartphone?”
“Ho hum. As soon as I wake up, I habitually turn on my computer in the morning. Then I usually watch some web cartoons and log into the website in order to give grades. However, a new e-mail is in my account. It was sent by twitter which I joined a few days ago. But the mail title is strange. The title is ‘Reset your Twitter password.’ I clicked the title to see what the mail was about. There was a URL address. So I clicked the URL address without any doubt. But in that moment, the window automatically moved to adult websites and five icons were installed on the desktop. Oh my! It was a junk mail. But I simply think ‘There is nothing wrong.’ A few days later, I checked my twitter account and I was very shocked. My twitter timeline was written in a strange command. It all started with opening the junk e-mail.”
New IT devices and services such as smartphones and 3 Social Network Service (SNS) provide convenience to many users. However, malicious hackers use new IT devices and services to spread malignant codes and viruses. So the extent of damage has gradually increased. Therefore, 4 AhnLab Inc. made public ‘12 security issues of this year’ in January. The contents are listed in the next page.
In July 2010, a real case of several 7 zombie computers caused damage that was only marginally worse than the last DDoS crisis. However even now, there are reported hacking cases about new IT devices around our environment. So some netizens have spread a ‘September Hacking Theory’.
In the University of Seoul (UOS), we can easily check out some cases from the ‘12 security issues of this year’ list. Like number 9 of the list (diffusing of bodiless malicious codes), some of the commonly used computers in every classrooms, like the projector computers in Digital Library and the 21st Century Building, installed malignant codes. Even when USBs were plugged in the PC port, storage folder files have vanished, causing professors’ study material or students’ portfolios to disappear. Also, some students who login to their messenger on shared computers and forget to logout. It makes anybody can access to their personal information. Examples like this highlight hacking cases in today’s society and in the UOS. Therefore through some cases, we will look into the cause of hacking and how to safeguard ourselves against them.
1. Exploits of zero-day vulnerability of using 5 Distributed Denial of Service (DDoS Attack)
2. Increase of attacking smartphones
3. SpamBots (A program which is an E-mail address harvesting tool) is phishing you.
4. SNS is a target of online scammers
5. Increase of online game hacking tools
6. Increase of security threats about cloud computing
7. Appearance of security threats about 6 Voice of Internet Protocol (VoIP)
8. Increase of messenger phishing
9. Diffusing of bodiless malicious codes
10. Increase of attacking Windows 7 weaknesses
11. Web attacks get more audacious and sophisticated
12. Rogue anti-virus software has appeared
What is Hacking?
According to Wikipedia, the original term of “Hacking” means to express admiration for the work of a skilled software developer. However, some frown upon using ‘hacking’ as a synonym for security cracking - in distinct contrast to the larger word, in which the word hacker is typically used to describe someone who “hacks into” a system by evading or disabling security measures. Nowadays, ‘hacking’ is more widely used than ‘cracking’.
An On-line Environment Vulnerable to Hacking
Thanks to the development of the Internet, almost anything has become possible on-line, especially in the past few years. These days we are able to shop, create our own blog, chat on-line with others, download necessary data, and so on.
An on-line shopping mall allows us to buy products just like we did off-line for decades. Especially for clothes, now we can shop from various choices compared to real department store, and order them through the website. For modern people like us, who live hectic lives, this improvement in technology has made it possible both ordering and receiving products at home. Although we cannot actually try on the clothes before we buy them, we can predict ourselves wearing clothes we have chosen through photographs of clothes in their life-size. Also, we can get useful information from comments that other customers have written. The delivery is usually within 1~3 days, and refunds and exchanges are available when there is a problem on the product. This convenience in buying clothes is also applicable to other products such as cosmetics, furniture, foods, and so on. One click of a computer mouse is substituting all the money and time spent on going to look for and buy things.
We, human beings, are social animals and therefore require close relationships with other people. Every day we meet various people and create or maintain relationships. Unfortunately, it is not possible for us to personally meet all the people we know as each of us has our own work and life. Therefore, SNSs have been created in order to make our life and relationships more efficient. These days, we are able to let others know how we are getting along through SNSs like Cyworld, Micro Blogs, Nate-On, Twitter, and so forth. Most of you would probably have an experience of doing group assignments late at night through the instant messenger program called ‘Nate-On’.
Recently, a daily used cellular phone has been upgraded into a smartphone. This device has allowed people to do their work when they are moving, even making financial services available. As we download the necessary applications from the website, we can access the Internet through this one portable device!
Like shown above, we can enjoy a much more convenient life through the Internet and the improvement in science technology. However, this can also mean all the devices we use could be a passage where viruses and spywares of every kind can enter and hack our devices. Hacking not only paralyzes computer systems but can also cause an invasion of privacy and even financial damage by leaking personal data.
Damages Caused by Hacking
We are defenselessly exposed to the damages of hacking, from individuals to national institutions.
To begin with the narrow limits, there is a danger of leaking of personal data. Do you remember the big accident of the website ‘Auction’ in 2008? At that time, personal information of about 10,810,000 customers had been disclosed. After this massive incident, other management companies with excessive members (from shopping sites to portal sites) have strained themselves in preventing information leaks. They enhanced security by improving apparatus for implementing spam filtering service and offering members download hacking prevention programs. However, various incidents have occurred since early last year. In April 2009, about 90,000 members’ IDs and passwords were exposed and in the same year in July, customers’ 8 electronic money (e-money) was extorted from the Auction site. In August 2009, IDs and milege of the on-line shopping mall G-market members had been used in sending 2,100 spam massages advertising gambling sites. On March 2010, 25 enterprises including ‘Sinsegae Mall’ and ‘I-Love-School’ websites had leaked approximately 20 million customers’ personal information.
Personal information leaks can cause trivial inconvenience like spam messages sent to numbers disclosed but even worse, you can become a delinquent borrower by the groups of people who illegally take out loans. They make 9 Dae-po Phones (大砲 Phone, a phone opened with the name of a different person) and borrow money from financial companies using customers’ information.
The most apprehensive thing that should be concerned is one’s social security number. This is because your social security number is not changeable while your ID and password can be changed. To solve this problem, the government is planning to make the use of an i-PIN mandatory from 2015. When an i-PIN number is issued through six institutions including Seoul Credit Rating & Information Inc., there would be no need to insert your social security number when joining another website. Therefore, the government considers the use of it would prevent information leaks from hacking. However, a weak spot of this i-PIN policy has been revealed. Cyber Terror Response Center arrested a group of men who illegally issued i-PIN numbers using disclosed social security numbers and sold them to online game suppliers in China. They attempted to hack by seeking flaws in the security process in confirming identities. Therefore, Korea Communications Commission (KCC) immediately stopped the utilization of 4,700 i-PIN numbers that were possibly issued illegally. They also took measures to exclude unregistered prepaid cards in the identification process. However, the problem is that it is difficult to ultimately prevent illegal i-PIN issues because it is easy to get i-PIN numbers using social security numbers that have already been leaked. What is even worse is that there is no way to assume how many social security numbers have been disclosed. This implies that the security of introducing an I-PIN policy is not perfect.
Change your account password frequently and make your password 6 characters or more.
Use authentic software. If you use illegal software, it has a high possibility of installing malignant codes.
Do not save your ID and password in your smartphone.
If you download a PC file to your smartphone, check the smartphone for viruses.
Before you download applications, check the user’s reputation.
Use Bluetooth functions only if it is necessary, because Bluetooth functions are another way to distribute viruses.
If you use a messenger on a shared computer, don’t forget to logout completely.
Save your authentication certification on a USB or external hard-drive rather than on a PC.
Always update your IT device security program with the latest version.
DDoS Attack is a more serious problem. Though it has been a year since the DDos Crisis happened, a lack of improvements is being made. Recently, Researcher Ahn (Ahn Chul-soo, the chairman of the AhnLab Inc.) announced the problem of hacking into SNSs as one of the 12 security issues of the year. In fact, The Department of Justice, City of Seoul, and one of the famous Korean portal websites NAVER have been attacked by DDoS. While DDoS attacks were mainly focused on specific institutes in the past, now these attacks have little regard to any objectives and will attack game sites, online shopping malls, financial companies, and so on. Malignant codes are being widely distributed through SNSs these days.
Approximately 280 new malignant codes have been created in a year and there are recently about 30 DDoS attacks per day. But this cyber attack is not the only problem. According to the Cyber Terror Response Center, personal information taken away from zombie computers used in the process of an attack has even been disclosed to other countries. Individual data including the names of recently written files to a list of recently visited websites are saved in those computers. The police say that the malignant codes executed in zombie computers have leaking information features so that the partial list of saved files would likely be leaked when infected. This data has been released to 59 countries and to servers of 416 computers up until now. A serious financial damage is of concern if personal information, especially your authentication certificate, is leaked.
An invasion of privacy is another problem caused by hacking. As SNSs are widely used these days, members of these systems, especially celebrities, are all influential candidates of being privately invaded. Personal information of famous people is overtly exposed online under the excuse of ‘curiosity about celebrities.’ Therefore, their private areas in networks are often hacked and some hackers even pretend to be those celebrities by loading files or quotes to confuse their fans. Recently, a famous Korean comedian’s pictures were leaked by hackers. This not only violated her portrait rights but also infringed a copyright of the photos since those were for magazines. Unwanted exposure of one’s privacy (such as where they live, photos of the past and so on) can confuse people and let them write abusive comments about those facts. This could make the victims suffer from serious mental anguish and even lead to committing suicide.
Safeguarding Your IT Devices from Viruses
As seen above, the skill of hacking is gradually developing and many of institutions have trouble dealing with it. However, things we believe trivially could be the best effort and a way of preventing our devices from hacking. Listed below are some of the rules we should follow in order to safeguard ourselves from viruses.
Application : Application software, also known as an application, is computer software designed to help the user to perform singular or multiple related specific tasks.
Interface : The system which people (users) interact with a machine. It includes hardware and software components.
Social Network Service (SNS) : A social network service focuses on building and reflecting of social networks or social relations among people, e.g., who share interests and/or activities. A social network service essentially consists of a representation of each user (often a profile), his/her social links, and a variety of additional services. Most social network services are web based and provide means for users to interact over the internet, such as e-mail and instant messaging.
AhnLab Inc. : An antivirus software company founded and run by Ahn Chul-soo, the chairman of the company.
Distributed Denial of Service (DDos Attack) : A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users.
Voice of Internet Protocol (VoIP) : Internet telephony that refers to communications services - voice, facsimile, and/or voice-messaging applications - that are transported via the Internet, rather than the public switched telephone network (PSTN).
Zombie Computers : A zombie computer (often shortened as zombie) is a computer connected to the Internet that has been compromised by a hacker, a computer virus, or a trojan horse.
Electronic money (e-money): refers to money or scrip which is only exchanged electronically
I-PIN : Internet Personal Identification Number or i-PIN is a “commercial” alternative to the Resident Registration Number used in South Korea for on-line identification.