[ISN] Ministry halts online service on hacking fears

InfoSec News isn at c4i.org
Mon Sep 26 00:03:36 EDT 2005


http://joongangdaily.joins.com/200509/23/200509232253101239900090609061.html

By Seo Ji-eun
September 24, 2005 

The government service of issuing copies of civil documents online
will be temporarily suspended due to security problems.

The Ministry of Government Administration and Home Affairs said
yesterday that it would temporarily halt the service until it seals
security loopholes that have enabled hackers to invade its Web site
(www.egov.co.kr) and forge civil documents such as the residence
registry.

"It has become common knowledge that documents issued on the Internet
could be forged, thus opening doors for some people to make ill use of
them when submitting documents to financial agencies," Minister of
Government Administration Oh Young-kyo said in a National Assembly
special audit session.

As of yesterday, the Web site stopped issuing 21 kinds of civil
documents, including resident, land, construction and military
registrations. About 20,000 documents have been issued since the
service was launched in September 2003.

The service's suspension is thought likely to cause a great deal of
inconvenience to the disabled or those households whose family members
are too busy to visit government offices.

An official from the Administration Ministry said it would take about
a month to completely establish a hacking-prevention system.  Earlier
in the day, Representative Kwon Oh-eul of the opposition Grand
National Party demonstrated at the National Assembly how easy it is to
forge documents downloaded from the Web site the government has been
touting as part of an ambitious digital venture project.

Mr. Kwon pointed out that the hackers can forge and print documents
directly from the Web site, instead of having to download them and
modify the image files using high-quality copiers or scanners. Out of
a total 2.57 million documents issued since the service started, only
0.5 percent, or 13,000, underwent the hacking-prevention process of
receiving security authorization, he said.





More information about the ISN mailing list