By Kim Tong-hyung
Staff Reporter

South Korea has so big a hole in its cyber security that another wave of online attacks will prove to be as devastating as those of last week.

First, virtually anybody can mount such attacks. Although government officials suspect North Korea may have been orchestrating these virtual attacks, a gang of teenagers could possibly organize and bring the same amount of damage as a nation can, and with a program purchased online for the same price as a song.

When the country was pummeled by a massive distributed denial of service (DDoS) attack over four days until last weekend, it was a handful of private firms that came to the rescue.

In addition, systemic flaws such as over-reliance on Microsoft's Active-X program need to be addressed. Without them, all Korea can do appears to be nothing but pray that no such attacks recur.

The Korea Communications Commission (KCC) admits that more DDoS attacks are a possibility, considering that the types of malicious software that infected scores of Korean computers at homes and offices are programmed to update automatically. Whether the country would be better prepared for another powerful Internet attack is a totally different matter.

``We have been analyzing the malicious codes, and found that the programs were designed to self-destruct after initiating three attacks. We have yet to find a mutated version of the codes,'' said Hwang Cheol-joong, a KCC official.

As of Saturday, more than 97 percent of 77,875 infected computers had been cleared of the malicious programs, the KCC said. The state-run Korea Information Security Agency (KISA) is currently analyzing 22 sample types of the malicious codes.

``It is encouraging that the number of infected computers was fewer than first thought, even when considering the devices that remain unreported. However, considering that these DDoS bots are not controlled by command and control (C&C) operational software, but programmed for automated updates and self-destruction, we need to stay alert. There also might be types of codes that we have yet to discover,'' Hwang said.

AhnLab in particular had a crucial role in containing the attacks, being the first to discover that the malicious codes were designed to overwrite and destroy data on hard drives. Despite the warning, the KCC, looking somewhat clueless, needed an extra day to issue a warning.

AhnLab was also the first to identify the timing of the third attack and that the malicious codes had changed their targets, while also listing the Internet protocol (IP) addresses of the programs' hosting sites around the world. The KCC failed to confirm the report until the third attack was carried out at 6 p.m. last Thursday, just as AhnLab predicted.

According to industry figures, the country's top five computer vaccine developers averaged less than 5 billion won (about $3.9 million) in operating profit last year. AhnLab, the top company, posted 9.7 billion, followed by Hauri's 2.7 billion won, but Inca Internet suffered 2.3 billion won in losses.

The companies combine to hire about 1,000 security personnel, with about 500 of them considered as ``experienced experts.'' They have little backing from government organizations when massive cyber attacks occur, as seen from the recent case, or the ``great disruption'' of 2003, when the country's computers were crippled by a DDoS attack initiated by SQL slammer worms. In contrast, 695 government organizations hired an average of 0.7 security experts, with nearly 68 percent of them employing none.

The National Intelligence Service (NIS), the country's spy agency, is responsible for protecting public Internet infrastructure from Internet attacks, while KCC and KISA handle the private side.

However, the Ministry of Public Administration and Security deals with breaches within government networks, while the National Police Agency combats ``cyber crimes.''

The complicated relations between these agencies make it difficult for the government to muster a quick and coordinated approach when crisis hits, according to critics, who call for the establishment of a ``control tower.''

``We agree that there should be a more simplified chain of command. The current system has problems,'' Choi See-joong, the KCC chairman, told reporters last week.

It could also be said that Korea was behind for its Microsoft monoculture for Web browsers. In Korea, all encrypted transactions on the Internet are required to be done through Microsoft's ``Active-X'' controls, which work only on Internet Explorer browsers. As a result, the market share of Internet Explorer remains in the high 90s.

However, Active-X is also linked with security concerns, as the controls require full access to the Windows operating system on computers. This means that malicious programs can direct the browser to download files that compromise the user's control of the computer.

``Active-X happens to be one of the ideal tools for malicious codes to be distributed. Even Microsoft is phasing Active-X out due to security worries, but Korea has been a step behind,'' said an official from KTB Solutions, a computer software company.

thkim@koreatimes.co.kr