Lawmakers from both parties spoke with one voice for the first time in a while. The Science. ICT. Broadcasting. and Communications Committee (Science and ICT Committee) of the National Assembly held a hearing on the 24th regarding the hacking incidents at telecom and financial companies and summoned officials from SK Telecom, KT, LG Uplus, and Lotte Card to ask about management responsibility and measures to prevent a recurrence. At the session, ruling and opposition members of the Science and ICT Committee in unison rebuked KT and Lotte Card, where the hacking incidents occurred.
KT was at the center. Even before the unauthorized small-amount payment incident occurred, questions were raised at home and abroad about the possibility of hacking at KT. However, KT responded as if there were "no anomalies," and the situation spiraled out of control. KT acknowledged poor management of the small-cell base station "femtocell" and the hacking indications raised by the overseas security outlet "Phrack Magazine."
Han Min-su of the Democratic Party of Korea said, "After the SKT hacking incident on Apr. 4, we held two hearings, and there were also task force discussions at the Science and ICT Committee level, but in less than three months there was another hacking breach," adding, "We confirmed KT's bare face as a national backbone communications network. It even feels futile."
Han said, "Seeing that in such a grave situation this is the only way they can handle things, I think all executives involved in the situation, including CEO Kim Young-seop, should resign."
Hwang Jeong-a of the Democratic Party also said, "The national backbone communications network was hacked. This is on a different level from a simple personal information leak," and asked, "At a minimum, shouldn't he say he will step down after taking responsibility for this situation, rather than clinging to another term as CEO?" KT CEO Kim Young-seop said, "First, I will do my best to resolve the situation," holding back on remarks about his position.
In response, Hwang said, "KT was deceiving people as if it had occurred in the southwestern area of Seoul such as Gwangmyeong and Geumcheon, but damage occurred in Seocho, Dongjak, and Ilsan," adding, "It is either a crime or incompetence. I suspect there may be more undisclosed damage that KT is hiding."
Park Jeong-hoon of the People Power Party also said, "This is a company created through the national backbone communications network and privatized, with many customers using it, but if it is a system that even ignores warnings that security is this vulnerable, what is the organizational culture like?" and added, "We should look into the system that ignored warnings and impose discipline where needed."
Lee Jeong-heon of the Democratic Party also criticized, saying, "KT knew about the hacking early on but downplayed the incident and delayed disclosure," adding, "This is not mere poor management but intentional concealment and an act that directly betrays public trust."
There were also calls for fundamental measures. Lee Jun-seok of the Reform Party proposed legislating the introduction of two-factor authentication for small-amount mobile payments. The alternative is to strengthen the payment authentication itself, since there is no fundamental way for private companies like KT to block hacking that exploits unlicensed femtocells.
Ryu Je-myeong, the second vice minister of the Ministry of Science and ICT, said, "Currently, small-amount payments are processed with only ARS or text message verification, so there are vulnerabilities," and added, "We will seek a two-step authentication method using biometric authentication or a payment PIN."