South Korea faces $1bn bill after hackers raid national ID database
Father of Asian internet warns all is lost
The South Korean government is considering a complete overhaul of its national identity number computer system – after hackers comprehensively ransacked it and now hold the ID codes for as much as 80 per cent of the population.
Each South Korean citizen is issued with a lifetime unique ID number. This number is used in all transactions, and the system has been in place since the late 1960s.
A public hearing into the database raid heard that hackers have now stolen the vast majority of these numbers, sparking an online crimewave that has hit everyone, from the highest to the lowest.
"There is no doubt that we are talking about massive changes," said Kim Ki-su, a director at Seoul's Ministry of Security and Public Administration, at the hearing, AP reports today.
Changing the system now would cost the Korean government about $650m, but reissuing all of the numbers would also leave businesses footing a potential billion-dollar bill to get all the new data into their computers. On the other hand, if criminals continue to exploit the stolen ID numbers for identity theft, that bill could look cheap in comparison.
South Korean President Park Geun-hye was one of 20 million people who took a hit when online fraudsters subverted three of her country's credit card companies. She called for a rethink of the current ID system in response, leading to the hearings.
Professor Kilnam Chon, called the "Father of Asian Internet" for his work in wiring up the continent, has warned today's ID system is probably unable to cope with the security demands placed upon it and needs reform.
"The problems have grown to a point where finding a way to completely solve them looks unlikely," he said.
Part of the problem is the numbers themselves. The ID numbers aren't randomized – they start with the owner's birthdate, then have the digit one or two to indicate the recipient's sex, then other numbers depending on where they are from. These numbers are used in everything from opening a bank account to getting an accredited email address.
"Resident registration numbers' usage across different sectors made them 'master keys' for hackers to open every door and steal whole packages of personal information from unassuming victims," said researcher Geum Chang-ho at the state-run Korea Research Institute for Local Administration.
"Even if their numbers are leaked, people are unable to change them, so hackers are constantly trying to obtain these numbers and are managing it easily."
The other main issue is technological and springs from a reliance on Microsoft's ActiveX controls: the Korean government made Redmond's software a requirement for online shopping and banking; a historically weak spot in online security.
• Meanwhile, in the US last week, miscreants hacked into the Oregon Employment Department's website for job seekers and got their hands on confidential records for more than 850,000 people. ®
Sponsored: Becoming a Pragmatic Security Leader