Hacking allegations drive regulators to conduct probe at KT, LG U+

The Ministry of Science and ICT launched on-site inspections at KT and LG U+ on Monday to verify whether the mobile carriers were hacked, following allegations of data breaches.

An LG U+ store in Seoul [YONHAP]

The Ministry of Science and ICT launched on-site inspections at KT and LG U+ on Monday to verify whether the mobile carriers were hacked, following allegations of data breaches. The companies denied the claims, stating their internal investigations found no evidence of an intrusion.

The ministry and the Korea Internet & Security Agency (KISA), which oversee investigations into data breaches at private companies, began inspections at the two carriers.

“We are conducting on-site inspections to confirm whether KT and LG U+ experienced a security incident,” the ministry said in a statement. “We have also received relevant materials and are carrying out forensic analysis.”

The move follows a report published in the 40th anniversary issue of Phrack Magazine, a hacking e-zine, titled "APT Down: The North Korea Files." Two anonymous white-hat hackers said they obtained 8 gigabytes of leaked data from an attacker identified as "KIM," which the authors believe to be a member of North Korea’s hacker group, Kimsuky.

The stolen materials allegedly included digital certificates from the Ministry of the Interior and Safety, source code from the Ministry of Foreign Affairs' internal mail server and authentication records from the Ministry of Unification and the Ministry of Oceans and Fisheries.

Data linked to LG U+ reportedly included source code and a database for its server account management system, information on 8,938 servers, and personal details for 42,526 accounts and 167 employees and contractors. Logs indicated unauthorized access continued until April of this year.

KT was reported to have suffered the theft of SSL certificates, which were valid at the time of the breach but have since expired.

Both carriers said they found no signs of hacking in their own reviews.

“Our internal investigation showed no trace of hacking,” said KT. “We will only know for certain once forensic analysis is complete.”

LG U+ said it was cooperating with the authorities but that "no preliminary conclusions have been made."

KT's headquarters in central Seoul [YONHAP]

The ministry and KISA have been aware of the matter since July and have carried out their own review. They reportedly reached a tentative conclusion that an incident had occurred, given that data meant to remain in internal systems had been leaked. However, the process has been slowed by the carriers’ refusal to recognize the allegations as a confirmed breach.

The companies concluded through "internal checks" that the incident “did not amount to a breach” and did not file reports, according to liberal Democratic Party Rep. Choi Min-hee, who sits on the National Assembly’s Science, ICT, Broadcasting and Communications Committee.

Under current law, regulators cannot carry out on-site inspections without a voluntary report from the affected companies, preventing the ministry from forming a public-private joint investigation team.

Choi criticized the system, warning that companies could conceal breaches to avoid reputational or financial damage. She said she was preparing a bill to revise the Act on Promotion of Information and Communications Network Utilization and Information Protection to give authorities the power to conduct on-site inspections in such cases.

“Before the law is revised, KT and LG U+ must fully cooperate so the truth about the alleged breaches can be revealed,” Choi said Monday.

The ministry said it would “disclose transparently if hacking incidents at the two carriers are confirmed.”

BY KIM MIN-YOUNG [kim.minyoung5@joongang.co.kr]