South Korea identity thefts force ID overhaul

October 15, 2014
President Park Geun-hye was one of the 20 million victims of identity theft in South Korea. (AP / Yonhap)

President Park Geun-hye was one of the 20 million victims of identity theft in South Korea. (AP / Yonhap)

By Kim Tong-hyung

(AP) – After an avalanche of data breaches, South Korea’s national identity card system has been raided so thoroughly by thieves that the government says it might have to issue new ID numbers to every citizen over 17 at a possible cost of billions of dollars.

The admission is an embarrassment for a society that prides itself on its high-tech skills and has some of the fastest Internet access.

The issue came to a head after 20 million people including the president, Park Geun-hye, were victims of a data theft at three credit card companies. Park acknowledged in January change was needed and ordered a study of possible options. A decision is due later this year.

Rebuilding the system and tightening security could take up to a decade, according to Kilnam Chon, a researcher known as the “Father of the Korean Internet” for his pioneering work in online technology in the 1980s.

“The problems have grown to a point where finding a way to completely solve them looks unlikely,” said Chon.

Ahn Seong-jin, a Seoul office worker, lost $4,700 in a high-tech crime wave after hackers posing as a friend asked for a loan in a computer message.

Details that included a national ID number stolen from the friend’s social media account made the plea look plausible. Five minutes after Ahn sent the money by smartphone, the real friend sent a message warning him someone might be using his name. Ahn called his bank but the money was gone.

“One of my colleagues came to me and said, ‘Hey, I got robbed too, and so did Mr. Lee,” said Ahn, 37.

ID numbers and personal details of an estimated 80 percent of South Korea’s 50 million people have been stolen from banks and other targets since 2004, according to experts.

Those numbers stay with South Koreans for life and, instead of being picked randomly, are based on their age, sex and other details. They are used to confirm identity, get a job or government services and even to buy cigarettes. A thief who gets a number and a name to match can set up phone, email or bank accounts.

The problems stem from South Korea’s enthusiasm for the Internet and information technology, which grew faster than security measures.

Hoping to spur technology development, the government rolled out fast Internet access to nearly every home and business. About 85 percent of South Korea’s people are online and the country has 40 million smartphones.

But critics say that instead of protecting users, the online identity system mandated by Seoul makes them more vulnerable to theft.

Everyone is tied to identity numbers created by a dictatorship in the 1960s to control the public, with no thought to privacy. The first few digits are the user’s birth date, followed by a “1” for male or “2” for female and then other details.

“Resident registration numbers’ usage across different sectors made them ‘master keys’ for hackers to open every door and steal whole packages of personal information from unassuming victims,” said researcher Geum Chang-ho at the state-run Korea Research Institute for Local Administration. The agency carried out the study of possible new models for personal codes.

“Even if their numbers are leaked, people are unable to change them, so hackers are constantly trying to obtain these numbers and are managing it easily,” said Geum.

The government required Web surfers who wanted to deal with banks or shop online to use ActiveX, a Microsoft Corp. product that provides a digital signature.