NIS claims threats warrant a cyber-terror bill

Posted on : 2016-03-09 17:42 KST Modified on : 2016-03-09 17:42 KST
The spy agency’s track record shows inability to prevent attacks, and abuses of power over access to information
Members of civic groups march from Gwanghwamun to Insadong in central Seoul
Members of civic groups march from Gwanghwamun to Insadong in central Seoul

As of Mar. 8, the level of alertness issued by the National Cyber Safety Center at the National Intelligence Service (NIS) is “caution.” This level was raised from “concern” to “caution” 27 days ago, on Feb. 11, in order to prepare for an additional provocation by North Korea after it launched a long-range missile.

The “caution” level of alertness requires heightened security throughout the government’s computer networks. The agency that is responsible for doing so is the NIS.

On Mar. 8, the NIS convened an emergency national cyber security countermeasures meeting, which was attended by representatives from 14 government ministries.

“Between late last month and early this month, North Korea hacked into the smartphones of dozens of major government officials and absconded with the logs and contents of voice calls, text messages and phone numbers,” the NIS said during the meeting, announcing that it was taking emergency measures to track the means by which this hacking occurred.

“Last month, we determined that a group of North Korean hackers had gotten into the internal network of a company that produces a security program for internet banking and payments that is used by more than 20 million South Koreans and that a company that provides security software to financial organizations had also been hacked by North Korea,” the NIS added.

On Feb. 18, the NIS reported to the Blue House and the ruling Saenuri Party (NFP) that North Korean leader Kim Jong-un had given an order to consolidate the North‘s capacity for cyber terrorism and that the North’s Reconnaissance General Bureau (RBG) was making preparations for this.

At the time when, according to the NIS, high-ranking government officials’ smartphones were ransacked and a hacking attack occurred that could affect 20 million South Koreans, the NIS had already raised the cyber alert level and was working to ascertain the activities of the RGB, the North Korean body that handles espionage against South Korea.

While this would suggest that the agency failed to prevent these hacks despite its sense of what was happening, the agency fired back on Tuesday that this happened because a bill to prevent cyber terrorism has not been passed.

The current regulations state that the security systems, software and IT networks of the agencies that were reportedly hacked have to pass an assessment by the NIS that examines security and passwords. This means that the NIS’s failure to block the hacking attack cannot be attributed to its lack of legal authority for cyber terrorism.

On several occasions, there have been attempts - presumably by North Korea - to hack into organizations affiliated with the railroads, a vital part of the national infrastructure. Internal documents at Korail were leaked in Aug. 2014, but it was not until four months later, that the NIS acknowledged this fact and took action. Previously, the agency had warned of terrorism against national infrastructure by the RGB.

“North Korea attempted to hack the passwords and email accounts of employees for regional railroad operating agencies this past January and February. This was preparations for carrying out cyber terror against the railroad transportation operating system,” the NIS said on Tuesday - effectively admitting that it had been unable to stop the attacks despite its foreknowledge.

The primary effect of the anti-cyber terror bill that the NIS wants so much would be to expand the NIS‘s current scope of activity from the national and public sector to include major components of the private sector as well.

At present, the NIS functions as the de facto control tower for cyber crisis management in the public sector. If the private sector were opened up to the agency as well, it would consolidate private information from the public and private sectors. Given the additional authority bestowed by the recently passed Anti-Terror Bill to listen in on private communication, check bank accounts and track locations, there are concerns that the power of the NIS would be too great to be regulated by the current methods of oversight, which are already largely ineffective.

In a report reviewing the anti-cyber terror bill, the National Assembly’s Intelligence Committee noted the need for “a means of providing democratic oversight and control of the agency that will serve as a control tower.”

With allegations about illegal hacking using the Remote Control System (RCS) thrown into confusion by the dubious suicide of an NIS official last year but still unresolved, there are also serious concerns that this [legislation] could give the NIS the key to firewalls in private-sector networks.

The NIS had also insisted that it could not do its job without the anti-terror legislation. After stirring up fears about terrorism in South Korea by announcing shortly after the Paris terrorist attacks by IS (Islamic State) last year that it had deported several dozen IS followers in South Korea, the NIS pushed for the anti-terror bill to be passed.

“The NIS appears to be trying to seize this opportunity to set the mood so that it can get the anti-cyber terror legislation passed as well by announcing North Korean hacking incidents,” said one security expert.

“Considering the difficulty of clearly distinguishing between the public and private sectors when it comes to cyber terrorism, the fact that the NIS is limited to state agencies could be interfering with its work,” the expert acknowledged.

“There are issues with passing a bill when there has not been adequate deliberation between the ruling and opposition parties, as there was with the Anti-Terror Bill. Some options we should be considering include setting up an independent body to oversee the NIS‘s cyber work or having the Korea Internet and Security Agency filter private sector information that is being given to the NIS,” the expert said.

By Kim Nam-il, staff reporter

Please direct questions or comments to [english@hani.co.kr]

button that move to original korean article (클릭시 원문으로 이동하는 버튼)

Most viewed articles