Election watchdog faces calls to apologize after failing security test
By Kim ArinPublished : Oct. 13, 2023 - 20:36
Calls are mounting for the South Korean election watchdog to apologize after it failed to fend off mock cyberattacks in a security evaluation by the country’s top spy agency.
During a National Assembly audit of the National Election Commission held Friday, ruling People Power Party lawmakers demanded that the election service apologize for its allegedly lax cyber security and for not heeding the National Intelligence Service's warnings.
Rep. Lee Man-hee of the ruling party accused the election service of neglecting basic cyber security practices, such as changing prefigured passwords for its devices. Some of the username and password combinations used by the election service reportedly included “admin” and “12345,” according to the lawmaker.
The Assembly deputy speaker Rep. Chung Woo-taik said the recent revelations about the election commission security standards were “unacceptable,” with the general election just six months away. “Fair and free elections are the heartbeat of our democracy, and the election service is threatening the security and integrity of our elections with its negligent practices,” he said.
The Democratic Party of Korea argued that the ruling party should not use the opportunity to undermine the independence of the central election service. “It is not yet clear whether these vulnerabilities had actually been exploited by hackers in past elections,” said Rep. Kang Byung-won of the main opposition party.
The 12-week evaluation conducted by the NIS found that the election service’s servers were vulnerable to penetration, including several successful breaches by the North Korean foreign intelligence agency over the past two years.
The election service agreed to the evaluation after a report obtained by the Assembly in May showed that it had refused to implement cyber security measures recommended by the NIS following both attempted and successful attacks by North Korean hackers.
The election commission has so far rejected the NIS findings, saying that such cyber attack scenarios were “implausible.”
An official with the election commission told The Korea Herald that the NIS was able to intrude into its systems because the spy agency had prior knowledge of the target environment that hackers of hostile countries wouldn’t have under normal circumstances.