Korea’s Internet Explorer dependency blamed for hacking of over 100m user records since 2008

Korea’s reliance on Microsoft’s Internet Explorer browser and ActiveX software is being blamed for enabling a spate of hacks that have compromised more than 100 million user records from the country over the past five years.
Operator KT suffered a breach that endangered the records of nearly 9 million customers last year, while online games firm Nexon had more than 13 million user records compromised in 2011. The largest breach in recent times came from SK, the firm behind Facebook-forerunner Cyworld, which is estimated to have had 35 million records nabbed in 2011.
Experts are pointing the finger at the reliance on the Microsoft-made software for these attacks and others in recent years. An article from the Korea Herald explores the issue in detail, and include the graphic below to illustrate Korea’s security vulnerabilities.
20130719000922 0 Koreas Internet Explorer dependency blamed for hacking of over 100m user records since 2008
Korea may boast the world’s speediest mobile Internet — thanks to the planet’s first and second LTE-Advanced networks — but it is overly reliant on Internet Explorer and, in particular, ActiveX, which is used to power a key certificate system that verifies Internet users in the country for transactions.
Google Chrome is widely considered to the Web’s most popular browser — analytics site Statcounter pegs it at a dominant 40 percent market share — but many Korean websites run on Internet Explorer only. That’s because ActiveX, which is not supported by Chrome, Opera or other browsers, is used as the identification platform to enable transactions over 300,000 won ($268).
Korea’s use of ActiveX isn’t down to an infatuation with Microsoft, the software protects personal data and make it almost impossible for fraudulent transactions to take place.
The issue with ActiveX, however, aside from limiting the browser choice in Korea, is that it makes PCs and storage systems attractive and susceptible to hacking because it is storing valuable details. Each user’s online ‘key’ is typically filed on their PC, motivating hackers to get their hands on the information.
IE korea statcounter 730x467 Koreas Internet Explorer dependency blamed for hacking of over 100m user records since 2008
Statcounter data illustrates Korea’s reliance on Internet Explorer.
“By allowing only the public key certificate to be used, the entire nation suffers inconvenience,” Korea University Kim Kee-chang told the Herald. “On top of that, countless online service providers are stuck on a single platform, blocking the broader IT industry from moving forward.”
The widespread use of ActiveX provides a target for hackers by storing information on networks and PCs, but it seems that a lack of preventative measures from companies is an equally significant factor.
The Herald cites data from KISA (Korea Internet Security Center) which says that some 73 percent of domestic companies spend no money on data protection because “there’s no immediate return” on their investment.
Korea eased up on some of its online regulations last August when it ended a law that required websites to authenticate visitors by collecting their national ID numbers — something which provided even more ‘hackable’ data — while a law requiring the use of real names online was deemed unconstitutional just days later.
A new bill aims to end the use of online certifications for Web-based purchases, but it isn’t for certain that it will become law.
While the abundance of digital records and lack of investment in security attracts hackers, the Korean government is not likely to transform the system until it finds another that keeps transactions as safe. The Herald says several companies are using ActiveX-free payment systems already, suggesting that change is possible for the future.

By Jon Russell

0 yorum: