This is the third in a series of articles highlighting the recent massive cyber security breaches in the country. ― ED.
By Yoon Ja-young
After Microsoft (MS) officially ended its technical support for Windows XP on April 8, cyber security concerns have been growing in Korea, which is still hugely dependent on the 12-year-old operating system.
Without such support, the government, which holds crucial personal information of its citizens, as well as small and medium-sized enterprises (SMEs), will become vulnerable to cyber security threats, according to experts.
"The government and SMEs are the most vulnerable as many of them still rely significantly on Windows XP," an official at MS Korea said.
She said the company provided the last update for Windows XP on April 8. Thereafter, computers running Windows XP will be vulnerable to new viruses, spyware, malicious codes or hacking as there will be no further security patches or technical support.
"It doesn't mean that you can't use the computer anymore. However, MS will no longer provide solutions for new viruses or malicious codes," she said.
She stressed that Windows XP was originally guaranteed to provide only 10 years of service, and MS had already extended the service by two years to prepare consumers for the end of the support.
Despite the sufficient notice the company has given, however, 14.97 percent of computers in Korea still run the Windows XP operating system as of the end of March.
Alarmingly, this ratio is higher in governments and financial companies, which hold a significant amount of people's personal information, making them more vulnerable than other organizations.
According to the Ministry of Security and Public Administration (MOSPA), 16 percent of central government computers run on Windows XP, and as high as 37 percent of provincial government computers do.
Meanwhile, data by the Financial Supervisory Service (FSS) last month showed 23.6 percent of computers in financial companies operate on Windows XP. Most ATMs and point-of-sale (POS) terminals in stores also use Windows XP.
Hackers are likely to target these organizations as they contain critical personal information, as seen in the recent hacking of a POS system that leaked the private information of 200,000 credit card holders.
Professor Kim Huy-kang at Korea University said any system, whether governmental or non-governmental, is vulnerable to personal information leak and data deletion when hacked.
"To sum up, the risk of getting hacked increases enormously if you continue using Windows XP. Security software companies may stop supporting Windows XP users, but there is no guarantee that you will be safe even with the anti-virus programs in case of new attacks targeting Windows XP," he said.
"As Windows XP is installed in not only desktops but also POS terminals and ATMs, which are common in our daily lives and used for financial transaction and settlements, those running on Windows XP need immediate upgrading," the professor said.
While some claim that ATMs are safe because they operate in closed networks, he said that it is nonsense. "Malicious codes can spread in closed networks through USBs, and a manager with evil intentions can install the virus in ATMs. There is also the possibility of unexpected social engineering attack."
Professor Kim said if the budget is limited, they should give priority to the ones dealing with personal information and financial information.
Government slow in upgrading
The MOSPA launched a task force to handle the Windows XP problem and announced a plan to release a free vaccine for malicious codes, but it expects it will take some time before the country completes upgrading to a higher version of Windows.
"So far, there has been no new malicious code detected," Ha Seung-chul, the official in charge of the task force said. He said the ministry has been pushing government organizations to upgrade their operating systems.
"Over 84 percent of the central government has completed upgrading, and we expect the ratio will reach 100 percent by the end of this year. Only 63 percent of local governments have completed upgrading as they have poor budgets." He added that it will take them a year to finish upgrading.
Shift to open source
Some experts point out that the country has been too stingy when it comes to software. "Basically, you need to pay money to upgrade software," said Professor Kim In-sung at the department of computer science and engineering at Hanyang University.
"It is unreasonable to expect eternal service for software after paying for it only once." He said such reluctance to invest in software harms the country's software industry.
"Software companies should be able to expand with the money they earn from the government, but in fact, they receive only compensation for survival."
He advised that the government should shift to open source operating systems like Linux to achieve security at little additional cost. "The cost to update Linux is small, and problems can be solved even in old versions as it is open source."
He pointed out that many devices, including smartphones and smart TVs, now use the Android operating system, which is another sign that it is time to change. "The dominance of Windows is over. Shifting to open source is the new trend."
The government is also aware of the problem caused by the heavy dependence on MS. Ha at the MOSPA said there has been much discussion about open source operating systems, "but right now, we have to deal with what's on our plate. Upgrading is the best solution for now."
He said the overdependence on MS is not limited to Korea and some countries have shifted to Linux. "We too are continuing efforts, but there is much to consider. As most government programs are based on Windows, we have to make sure all programs run smoothly on Linux."