The government investigating the SK Telecom hacking incident has recently begun security checks on KT and LG Uplus. Soon, it is expected to conduct security checks on Naver, Kakao, Coupang, and Woowa Brothers (Baedal Minjok). Some experts point out that rather than expanding the scope of inspections and dispersing investigative personnel, it would be more desirable to concentrate personnel on the SK Telecom investigation to quickly produce results.
According to the industry on the 28th, cybersecurity personnel specializing in hacking from the Korea Internet & Security Agency (KISA) at its headquarters in Naju have been urgently dispatched to Seoul. This is due to the Ministry of Science and ICT launching urgent on-site inspections of other telecommunications companies and major platforms following the SK Telecom hacking incident.
The on-site inspections of KT and LG Uplus have already begun on the 23rd. Security checks on platform companies Naver, Kakao, Coupang, and Woowa Brothers will be conducted after the investigations of KT and LG Uplus are completed.
What is the reason the government expanded the scope of the investigation before completing the widely publicized investigation into the SK Telecom hacking incident? It is because there is a possibility that the organization that hacked SK Telecom may have attempted cyberattacks on other corporations using a Linux malware called BPF Door. The Ministry of Science and ICT explained, "Considering the public's anxiety about information protection and cybersecurity due to the SK Telecom hacking incident, inspections targeting other telecommunications companies and major platforms were launched."
However, there are also concerns about dispersing investigative personnel while the investigation into the SK Telecom hacking incident is not yet complete. Minister Yoo Sang-im promised that the final investigation results would be announced by the end of next month, but there are reports that additional new infections are emerging, which could extend the investigation period.
During the announcement of the first investigation results on the 29th of last month, four types of malware and five infected servers were discovered; however, the second investigation results announced on the 19th of this month revealed 21 types of malware and an additional 18 infected servers.
The lengthening of the investigation period is problematic. With 25 million SK Telecom subscribers (including MVNOs) awaiting the final investigation results, time cannot be wasted. The longer it takes to announce the results, the greater the impact will be on SK Telecom’s direct stores and agents, where new subscription sales have been suspended since the 5th of this month. SK Telecom shareholders also hope for a quick resolution to the current setback that is holding back stock prices.
The issue is the shortage of investigative personnel. Currently, the joint investigation team of public and private sectors investigating the SK Telecom hacking incident consists of only 11 members, with five of them being cybersecurity experts dispatched from KISA. In this situation, the Ministry of Science and ICT has expanded the scope of inspections by forming around 10 additional personnel to include KT, LG Uplus, Naver, Kakao, Coupang, and Woowa Brothers.
According to the security industry, there are estimated to be fewer than 30 cybersecurity experts available for hacking inspections within KISA. An industry representative noted, "It would be more efficient to deploy all personnel dispatched for the SK Telecom hacking incident to quickly conclude the investigation and then conduct investigations on other corporations in succession."
Professor Jang Hang-bae from the Department of Industrial Security at Chung-Ang University stated, "Rather than expanding security inspections in a multilateral manner, the strategy of 'selection and concentration' should be employed to focus all resources on the SK Telecom incident that has occurred and complete the investigation quickly." He added, "Dispersing the already limited number of cybersecurity experts would be a display of administrative action that would disappoint the public once again."