The Ministry of Science and ICT said on the 13th that it asked for a police investigation on the 2nd, judging that KT acted with intent to obstruct the government's probe into unauthorized small-amount payments and the hacking incident.
The Ministry of Science and ICT said this through a work report during the National Assembly audit held at the Government Sejong Complex that day.
The Ministry of Science and ICT said KT stated the server disposal date as Aug. 1, but in reality carried out disposal work through the 13th of the same month and submitted false answers. It also said there were backup logs for the disposed servers, but they were not disclosed to the joint public-private investigation team until the 18th of last month.
The Ministry of Science and ICT believes the initial response to the unauthorized small-amount payment case was inadequate and that KT's management was lax, as illegal femtocell equipment connected to the official network. The Ministry of Science and ICT, along with the police and the Personal Information Protection Commission, is investigating KT's initial response, the source of the equipment used in the crime, and the route by which small-amount payment authentication information was stolen.
The Ministry of Science and ICT also said it is strengthening its authority to respond to cyber intrusion incidents. When there are indications of an intrusion, it introduced a bill last month to allow a government ex officio investigation even without reports from corporations and to establish an intrusion incident investigation and review committee that can enter and inspect business sites.
In addition, it will move to bolster the system by strengthening on-site inspections in Information Security Management System (ISMS) audits, which have faced criticism for ineffectiveness following the telecom hacking incident.
The Ministry of Science and ICT said it will introduce strong sanctions for violations of security obligations, and in particular will prepare a legal framework to impose security management duties on large telecom companies with high potential spillover damage in the event of an intrusion and to check compliance.
It is also reviewing raising fines imposed for failing to report intrusions, submit materials, or comply with corrective orders from the current 30 million won to 50 million won, and introducing a new system of noncompliance penalties.
It is also considering mandating regular board reports by the chief information security officer (CISO) and expanding the corporations subject to information security disclosures.
In addition, to prevent burner phones used for voice phishing from being issued indiscriminately without identity verification, it will introduce a facial recognition system in December this year.
It will also push to introduce a "one-strike-out" system that terminates a telecom company's consignment contract with retail shops that condone illegal mobile phone activations.
The Ministry of Science and ICT added that, within the second half of this year, it will work with mobile phone manufacturers to introduce a feature that automatically blocks the installation of malicious apps on mobile phones.