THE CURRENT STATE OF CYBER-CRIME AND ITS LEGAL ENVIRONMENT IN KOREAHyun-Wook CHUNPh.D., Researcher (sinawe@gmail.com)

CURRENT ISSUES: MOBILE CYBER-CRIME• SMARTPHONES

– Potentially malicious files in Android, 5.6M– Attractive target for cybercriminals– Carry out similar functions as ordinary PC but more vulnerable to security risks

• CYBERCRIME TARGETING SMARTPHONES– Malicious mobile codes– “Smishing” (SMS Phising): Type of phishing scam using social engineering techniques

CYBERCRIME RISKS IN YOUR OWN POCKET

“POCKET BOTNETS”

MALICIOUS MOBILE CODES2011 2012 2013JAN 5 2,112 43,109FEB 9 4,578 83,868MAR 21 5,233 79,651APR 4 2,053MAY 12 4,871JUN 59 3,848JUL 107 22,189AUG 21 29,591SEP 158 38,427OCT 710 76,789NOV 6,089 48,261DEC 1,095 24,747

2011 2012 20130

50000

100000

150000

200000

250000

Reported Number of Malicious Mobile Codes(Jan-Mar, 2011-2013)

SMISHING• HIGHER VULNERABILITY IN KOREA

– Easily avoidable for pre-paid phones– Subscription to long-term plans based on deferred payment systemmakes Korean smartphone usersmore vulnerable to smishing

• INCREASED AWARENESS– Customer requests to block mobilepayment services:40,000 (Dec 2012) → 160,000 (Jan 2013)

• RESPONSE OF TELECOM COMPANIES– Passive response to protect – Profits derived from SMS & mobile payment fees

CRIMINAL JUSTICE RESPONSE TO MO-BILE CYBERCRIME

• REMAINING ISSUES– Investigation and arrest for smishing cases are difficult because servers and hackers used are mostly located overseas– Current laws do not distinguish between smartphones and ordinary PCs

Act on the Promotion of Information and Telecommunications Network Uti-lizationArticle 71 Item 9 (Penal Provisions)Criminal ActArticle 347-2 (Fraud by Use of Computer)A person who conveys or circulates a malicious program shall be punished by im-prisonment with prison labor for not more than five years or by fine not exceeding 50 million won. Any person who acquires any benefits to property […] by making any data pro-cessed after inputting a false information or improper order, or inputting or alter-ing the data without any authority into the data processor, such as computer, etc., shall be punished by imprisonment for not more than ten years or a fine not ex-ceeding 20 million won.

• ISSUES WITH CYBER-CRIME– Mostly hidden crime (statisti-cally undetectable)– Statistically aggregated with other criminal acts– Criminal act using same tech-nique categorized as different types of crime

• CONVENTION ON CYBER-CRIME– No definition of “cybercrime”– Cybercrime is conceptualized through defining peripheral and related terms

• DOMESTIC LAW OF KO-REA– Criminal law and many special laws governing cybercrime

CYBERCRIME AND CRIMINAL LAW

Penalty Provisions for Cybercrime under Korean LawCriminal Act

Special Laws

• Article 141-1 Invalidity of Public Documents and Destruction of Public Goods• Article 227-2 False Preparation or Alteration of Public Electromagnetic Records• Article 229 Uttering of Falsified Public Document• Article 232-2 Falsification or Alteration of Private Electromagnetic Records• Article 234 Uttering of Falsified Private Document• Article 316-2 Violation of Secrecy of Private Electromagnetic Records• Article 347-2 Fraud by Use of Computer• Act on the Protection of Information and Communications Infrastructure• Act on Promotion of Information and Communications Network Utilization• Framework Act on Telecommunications• Protection of Communications Secrecy Act• Personal Information Protection Act• Act on the Protection of Location Information• Use and Protection of Credit Information Act• Digital Signature Act• Copyright Act• Act on Special Cases Concerning Punishment of Sexual Crimes• Act on Special Cases Concerning Speculative Acts

• CYBER TERROR RESPONSE CENTER (KOREAN NATIONAL PO-LICE AGENCY)– Releases official statistics on cybercrime– Categorizes cybercrime into:(a) Cyber terrorism: Includes hacking, virus distribution(b) General cybercrime: Includes privacy infringement, fraud, violence, cyber stalking, transmission of illegal content, copyright infringement

CYBERCRIME AND STATISTICS

Re-portedArrested

Number of Reported Cases and Arrests by Types of Cybercrime

Number of Arrests by Types of Cybercrime

Total HackingVirus Internet Fraud Cyber Violence Illegal Websites Piracy Others2007 78,890 14,037 28,081 12,905 5,505 8,167 10,1952008 122,227 16,953 29,290 13,819 8,056 32,084 22,0252009 147,069 13,152 31,814 10,936 31,101 34,575 25,4912010 103,809 14,874 35,104 8,638 8,611 17,885 18,6972011 91,496 10,299 32,803 10,354 6,678 15,087 16,2752012 84,932 6,371 33,093 15,111 3,551 9,055 17,751

Number of Arrests by Age GroupTeens 20s 30s 40s Others

2007 15.1% 39.2% 26.3% 17.7% 1.7%2008 26.6% 39.0% 21.8% 11.8% 0.8%2009 19.4% 34% 29.6% 16.5% 0.5%2010 19.5% 39.5% 25.4% 14.4% 1.2%2011 17.6% 40.2% 27.2% 14.7% 0.3% 2012 19.92% 40.92% 24.48% 12.91% 1.75%

Number of Hacking Incidents Handled by KrCERT (By Year)2007 2008 2009 2010 2011 2012No. of Reported Cases 21,732 15,940 21,230 16,295 11,690 19,570

2012 2013Apr May Jun Jul Aug Sep Oct Nov Dec Jan Feb MarNo. of Reported Cases 1,419 1,534 2,174 1,937 2,173 1,273 1,608 1,568 1,444 1,258 992 991

Number of Hacking Incidents Handled by KrCERT (By Month)

2007 2008 2009 2010 2011 2012No. of Reported Cases 5,996 8,469 10,395 17,930 21,751 21,399

Number of Malicious Code Cases Reported to KrCERT

• DISTRIBUTED DENIAL OF SERVICE (DDOS)(1)7.7 DDoS Attack & 3.3 DDoS Attack

• July 7, 2009 Disruptions to government agency websites• March 3, 2011 Similar attack on government agency websites• Offender Korean National Intelligence Service accuses North Korea for orchestrating both attacks

(2)DDoS Attack on National Election Commission• October 26, 2011National Election Commission website is hacked onSeoul’s mayoral election day• Offender Found to be ruling party lawmaker’s assistant• Verdict Supreme Court sentences 4-year prison term

CASES

Attacker in North Korea(At least 6 computers)

PCs and servers in South Korea

S/W Distribution Server(Infected PCs)

Distribution of Ma-licious Code andDestruction of Data Processing Devices(March 20, 2013)Financial institutionsMedia outletsDomestic serversATMs

48,000 Computers Compromised

(1) April 12, 2011• Major South Korean bank server is hacked• Laptop of subcontractor’s employee used to spread malicious code• Prosecution concludes the attack was launched by North Ko-rea

(2) March 20, 2013• Computer networks of major media outlets and financial insti-tutions paralyzed• Believed to be an advanced persistent threat (APT)• Attack was allegedly launched by North Korea (See diagram)

• HACKING

• PERSONAL INFORMATION LEAK(1)February 2008

• Personal information of over 18 million people leaked through online shopping mall(2)March 2010

• Personal information of over 20 million peopled leaked through 25 web-sites(3)July 2011

• Personal information of over 35 million people leaked after SNS com-pany is attacked• Police was unable to locate the suspect• SNS company found not guilty for having complied with relevant secu-rity regulations

THANK YOUFor any questions or further information, please contact sinawe@gmail.com