Sophos Cloud Optix
The South Korean government is considering reissuing national identity card ID numbers for every citizen over the age of 17, at the cost of billions of US dollars.
The extreme step, reported by Associated Press, comes after a series of attacks that have left around 80% of its population at the mercy of hackers.
The ID numbers and other personal data of an estimated 40 million of the country’s 50 million citizens have been stolen from credit card companies, social networks and online gamers since 2004.
The country’s ID system, implemented in 1968, is a staple of South Korean life. The cards are required to register online accounts, take advantage of government services, get a job and even buy cigarettes.
Unfortunately, the way in which the 13 digit ID numbers are formulated make them easy to steal as they are all constructed in the same way, using numbers based upon the citizen’s date of birth, sex, place of birth and a sequential number used to identify those of the same sex who were born on the same day in the same location, as well as a check digit.
Speaking at the state-run Korea Research Institute for Local Administration, researcher Geum Chang-ho said:
Resident registration numbers' usage across different sectors made them 'master keys' for hackers to open every door and steal whole packages of personal information from unassuming victims.
Even if their numbers are leaked, people are unable to change them, so hackers are constantly trying to obtain these numbers and are managing it easily.
The country’s president Park Geun-hye, who herself has fallen victim to data theft, called for a change in the current ID system in January and ordered a study of the available options which should be concluded before the end of the year.
According to Kim Ki-su, a director at Seoul’s Ministry of Security and Public Administration, the introduction of a new ID system, including the reissue of cards and new government systems, would cost a minimum of 700 billion won ($6.57 billion/£4.13 billion).
He estimated that the cost to businesses, who may need to adjust their systems, could run into the trillions of won.
ID number theft has become so prevalent in the country, in fact, that six men recently arrested for trading details told police they received only 1 won (less than one tenth of a cent) for each record they sold.
I’m sure the people of South Korea, where over 85% of the population have internet access, will welcome any moves that see security catch up with technology.
Image of South Korean flag courtesy of Shutterstock.
If all they do is change everybody’s number, then it’s a waste. They need a system that doesn’t rely on, “If I know this number, then I am this person, even though lots of organizations know this number.”
“ID number theft has become so prevalent in the country, in fact, that six men recently arrested for trading details told police they received only 1 won (less than one tenth of a cent) for each record they sold.”
That doesn’t show how prevalent ID theft is. Part of the explanation for the low price may be that there’s not much you can do to make money with a copy of someone else’s record without a high risk of being caught. I think dodgy bank account and payment card records can also be bought for very low prices, because they’re not actually all that useful.
This makes about as much sense as replacing the living room rug because it’s being damaged from the ongoing house fire. You should probably figure out a way to secure the system first before replacing records for all.
Will Estonia’s attempt at a national ID have more success?
And, how well designed and implemented is the crypto/math behind it?