[정치][단독] If you like the website of the Supreme Court, the Ministry of Defense and the Ministry of Land, Infrastructure and Transport, hack … “I’ve seen it myself!”



[ad_1]

Hack login information on the Supreme Court Integrated Management System website
Break basic hacking programs that anyone can use
Public Internet access… Public home page is broken

[앵커]

The YTN report revealed that half of the home pages of public institutions such as the Supreme Court, the Ministry of Defense and the Ministry of Land, Infrastructure and Transportation can be hacked if you wish.

Our reporter himself tried to see how badly the personal information was managed, but it was never difficult.

Reporter Choi A-young covered it.

[기자]

This is the website of the Integrated Management System of the Supreme Court.

I entered the ID and password on the laptop, but the information is showing on the other laptop.

By no means, it is not advanced technology.

I just installed a hacking program that anyone can download, but the security was broken.

How vulnerable to information leakage, I’ll try it myself, even without hacking knowledge.

I will try to match your ID and password.

The ID is sm.yun and the password is test1q2w3e.

I also hacked the website to recruit military personnel from the Ministry of Defense, but it opens easily like the case of the Supreme Court.

When I looked at 1,211 home pages of public institutions run by the Ministry of Public Administration and Security, about half of them had little security.

This includes websites for hiring military officers from the Supreme Court and the Ministry of Defense, which we hacked before, and homepages that exchange personal information and public documents such as the Ministry of Lands, Infrastructure and Transportation.

The situation is much more serious if the login information of not only general users but also the administrators of the home pages of public institutions is exposed.

This is because personal information can be complicated.

[정경섭 / 정보 보호 전문업체 이사 : 사실상 개인이 홈페이지를 이용하면서 스스로 정보 보호를 적용하기는 어렵고요. 공공기관이나 홈페이지를 운영하는 쪽에서 기술적으로, 관리적으로 적절한 보호 조치를 적용하는 게….]

So what is the reason for this laxity?

When you access the home page, it is due to the Internet communication protocol, http, written in the front of the address bar.

The http method delivers information in a form that anyone can see.

Therefore, the https (secure) method was created, which improves security by encrypting information, but about half of the home pages of public institutions still use the http method.

Previously, the Ministry of Public Administrations and Security advised building a secure server with encryption applied until 2018, but stopped it because an error occurred when accessing via mobile.

[김영배 / 더불어민주당 의원 : 행정안전부는 우리 정부의 공식적인 문서 보안과 정보 보안의 주무부처입니다. 국제기준의 정보 보안체계를 갖추도록 명령하고 점검할 책임이 행안부에 있다고 볼 수 있습니다.]

Although the Ministry of Public Administration and Security has put its hands on security, the personal information of users remains unprotected.

As long as you don’t enforce your security, what you can do as an individual is change your passwords frequently.

YTN Choi Ayoung[[email protected]]is.

[저작권자(c) YTN & YTN plus 무단전재 및 재배포 금지]
[ad_2]