It appears that North Korea may have hacked Seoul Metro’s servers for months without the subway authority being aware of the serious breach in security.
According to a National Intelligence Service report, two operating servers of Seoul Metro, which runs Subway Lines 1, 2, 3 and 4, were hacked for at least five months before the company became aware of the problem in July 2014. The hackers, presumed to be North Koreans, broke into 210 Seoul Metro computers and infected 58 with malicious code.
A major catastrophe on Seoul’s subways may have occurred if the security breach went on undetected and the hackers gained greater access and decided to manipulate the network system. Although Seoul Metro insists that the hacked network was separate from the network that controls the subway operations, it is plausible that the subway system was vulnerable to a terrorist attack.
The NIS said it received a report of the hacking in August and launched an investigation that showed North Korea as the likely culprit behind the attack. The intelligence agency said that the route and method of hacking bore great similarity to those that were used in the cyberattacks on several banks and television broadcasters here in March 2013.
Seoul Metro’s log records went back to March 2014 when the intelligence agency was called in and it is quite possible that the hacking attack started earlier than that, according to the NIS. Seoul Metro must explain how such a breach in security went undetected for so long and why it did not immediately inform the NIS. The company said that it formatted all 4,240 computers in September after the NIS investigation was completed and said it had reinforced its security system.
Cybersecurity experts point out that cyberattack methods constantly evolve, putting even what is thought to be a secure system at risk eventually. As for Seoul Metro’s insistence that the subway system was never under threat as the network controlling the subway operation is separate, it was only a matter of time before the hackers found a link to hack into that network, according to experts.
Indeed, it seems that a completely foolproof network system is an elusive one as hackers quickly find their way into the system. It then falls upon Seoul Metro, utilities companies and other entities that provide essential services to be ever vigilant against cyberattacks. The price to pay for being lax is too high.