Korea Institute of Science and Technology PC 35%... Unregistered 'Ghost PCs'

Overview of the Agency for Defense Development

View original image

[Asia Economy Yang Nak-gyu Reporter]It has been revealed that 35% of the research and testing PCs used by the Agency for Defense Development (ADD), which develops our military's weapon systems, are unregistered ghost PCs. In particular, 62% of all PCs do not have security programs (DLP) installed, exposing serious security vulnerabilities.

According to the audit results conducted by the Defense Acquisition Program Administration (DAPA) from May 4 to June 12, ADD's internal security system was lax in many areas. There was no security checkpoint at the building entrance, which is mandatory for public institution buildings, and no security personnel were stationed.

Even the Ministry of National Defense, the Joint Chiefs of Staff, and DAPA buildings, which handle military secrets, have security checkpoints at their entrances. When bags or other belongings are placed in these checkpoints, an alarm sounds if computers or storage devices are detected, and security personnel inspect each item individually. Despite these procedures, cases of confidential information leaks have been detected, yet ADD did not even have such basic security measures in place.

Moreover, there was no system to verify whether the photo on the access card matched the face of the person entering. This structural vulnerability allowed individuals to enter without any obstruction even if they intentionally duplicated or altered access cards.

No system was established to prevent the mass removal of classified materials via portable storage devices (USB or external hard drives). In secure agencies, when a portable storage device is connected to an internal computer, the security control center immediately detects it.

However, ADD did not implement such a security system. Due to these vulnerabilities, a recently retired researcher who moved to a university in Seoul is suspected of leaking approximately 680,000 cases of data. The electronic files are estimated to amount to about 260GB.

Triggered by this incident, the ongoing audit has conducted a comprehensive investigation of portable storage device usage records among 1,079 retired and current ADD personnel.

So far, the audit results have revealed circumstances indicating that some retirees transferred large amounts of data to portable storage devices before retirement, leading to data leaks, and two individuals who left the country have been referred to the police for investigation.

They left 350,000 and 80,000 access traces respectively on the ADD Data Loss Prevention (DLP) system. Among those who left the country, one person was employed at a university research institute in the United Arab Emirates (UAE), raising suspicions that the leaked classified data may have served as a "job guarantee."

In particular, many retirees suspected of illegally exporting data have shown signs of evading DAPA investigations, drawing criticism for moral insensitivity. Among current employees, numerous cases of unauthorized data copying, deletion of portable storage device usage traces, and illegal software use were also detected, with 23 individuals becoming subjects of investigation.

Additionally, ADD was found to be using as many as 2,416 research and testing PCs that are separated from the integrated computer network and not registered as information assets.

This accounts for 35% of all ADD PCs. Among these research and testing PCs, 4,278 units, or 62%, did not have security programs (DLP) installed.

DLP records user names or employee numbers whenever data is downloaded or copied on a PC. If work is done on PCs without such programs installed, it is impossible to identify the user.

Furthermore, 3,635 general-purpose storage devices without security features were left accessible to anyone. These storage devices can connect to external PCs outside the research institute, creating a structure where confidential data can be brought in and transferred to external PCs without restriction.

It was also revealed that the document encryption system (DRM) established by ADD in September 2006 to prevent unauthorized export of classified data failed to function properly.

DRM is a system that automatically encrypts electronic files to prevent unauthorized export of classified data, but it was found to apply only to Hangul Word Processor (HWP), PowerPoint (PPT), and Word (DOC) documents. Crucial files such as Excel, drawings, source code (core document access codes), and experimental data were not encrypted, leading to criticism that such files can be stolen without detection.

Hot Picks Today

"Now Our Salaries Are 10 Million Won a Month" Record High... Semiconductor Boom Drives Performance Bonuses at Major Electronic Component Firms

• Experts Already Watching Closely..."Target Price Set at 970,000 Won" Only Upward Momentum Remains [Weekend Money]
• "Heading for 2 Million Won": The Company the Securities Industry Says Not to Doubt [Weekend Money]
• Did Samsung and SK hynix Rise Too Much?... Foreign Assets Grow Despite Selling [Weekend Money]
• "Chanel Open Run? I Get a Free Pass"... The World of the Top 0.1% That Money Alone Can't Enter [Luxury World]

ADD was established in August 1970 under the banner of "the cornerstone of self-reliant defense." Due to the deviant actions of some retirees, this year marks the 50th anniversary of ADD’s founding, but it has also left a disgraceful record of the largest suspected classified information leak in its history.

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.