LG Uplus, under pressure from the National Assembly, belatedly filed an incident report with the Korea Internet & Security Agency (KISA) on the 23rd regarding server hacking damage, but a mishap occurred when it had to refile due to poor content. The filing came only about three months after an outside subcontractor that manages the company's servers reported a security incident. However, LG Uplus wrote in the report that "neither anomalies nor an incident have been confirmed." It was a contradiction to write "there is no abnormality" while filing a hacking incident report.
◇ LG Uplus says "no incident has been confirmed"
According to the telecommunications industry on the 27th, at about 10:30 a.m. on the 23rd, LG Uplus submitted an incident report to KISA related to server hacking. However, at about 5:50 p.m. the same day, it revised and refiled the report. LG Uplus said, "Some parts needed supplementation, so we supplemented and submitted it."
Inside and outside the telecommunications industry, many say LG Uplus rushed to file due to pressure from the National Assembly and ended up filling it out poorly. A telecommunications industry official said, "LG Uplus, under pressure at the National Assembly's audit, submitted the report as a formality," adding, "The first report lacked specific explanations on the timing of response measures to the incident and the cause of the incident, so I understand it was revised because the content was insufficient."
According to the incident report by LG Uplus obtained by ChosunBiz, unlike the first report, the revised second report specifies that the timing of response measures was after July 19 this year. July 19 is when the Ministry of Science and ICT shared information with LG Uplus indicating signs of hacking. In the second report, LG Uplus wrote, "After receiving shared indications of an incident from KISA on July 19, we completed disposal and changes of encrypted passwords included in publicly disclosed materials, checked vulnerabilities in related solutions, and conducted malware checks."
LG Uplus also wrote in the report, "In relation to the fact that the cause of the incident has not been confirmed, we filed the report to resolve public concern and misunderstanding and to respond more proactively in line with the National Assembly's views." It also stated, "Neither anomalies nor the occurrence of an incident have been confirmed." A telecommunications industry official pointed out, "It is a contradiction to file saying no incident has been confirmed while also stating the cause of the incident has not been identified."
◇ If corporations do not report, the government cannot launch an ex officio investigation
Earlier, on July 31, SecureKey, the security company managing LG Uplus's servers, reported to KISA that it had suffered a system hacking. On July 19, the Ministry of Science and ICT shared information with LG Uplus indicating suspected hacking, but LG Uplus claimed "no signs of external intrusion according to our own analysis" and did not file an incident report until Oct. 22.
Why did LG Uplus hold out without filing an incident report until now? Some say LG Uplus exploited the fact that under the current law (Act on Promotion of Information and Communications Network Utilization and Information Protection), if corporations do not file an incident report, the government cannot initiate an ex officio investigation. In particular, LG Uplus faces suspicions that about 10 days after being notified by the government on July 19 of suspected cyber intrusion, it disposed of some server equipment on July 31.
In August, the U.S. hacking magazine Prag reported that a hacker infiltrated LG Uplus's internal network using account information obtained by hacking SecureKey, resulting in the leakage of information on 8,938 servers, 42,526 accounts, and 167 employees. Hong Bum-Shik, president of LG Uplus, appeared before the National Assembly's Science. ICT. Broadcasting. and Communications Committee audit on the 21st of this month and, when asked about the veracity of Prag's report, repeatedly answered, "There are no traces of an incident." However, as criticism mounted over the failure to file an incident report, he promised to do so. This is the context behind LG Uplus hastily submitting an incident report to KISA on the 23rd.
As a result, an ex officio investigation by the Ministry of Science and ICT became possible. A security industry official said, "It is true that LG Uplus cooperated with the government's investigation after Aug. 25, but there was an aspect where the investigation was only possible within the scope the company allowed to be disclosed," adding, "Hackers usually erase traces of intrusion, and if a hacked company does not voluntarily report, it is difficult for the government to conduct an ex officio investigation, so there is no easy solution in reality."