Alphabiz - ＂The password for the LGU+ system administrator account was written exactly the same as the system′s initial settings.＂

This article is translated by AI company Flitto and Alhpa Biz neural machine translation technology

LG유플러스 (사진=연합뉴스)

 

[Alpha Biz=(Chicago) Reporter Kim Jisun] "The password for the web administrator account of the customer authentication system was set as the system's initial password. It was easy to steal the product because it was delivered."

According to the Ministry of Science, Technology, Information and Communication on the 27th, failures caused by LG Uplus' massive personal information leakage and DDoS (DDoS) earlier this year were caused by the company's lack of equipment management and control policy, lack of detection systems and low security investment.

In particular, it was found that the administrator account password for the customer authentication DB (database) system, which caused the most information leakage, was not set, and the initial password was used as it was. From the hacker's point of view, the password of the warehouse where a large amount of personal information is stored was virtually only '1234'.

Hong Jin-bae, head of the network policy department at the Ministry of Science and ICT, made the announcement earlier in the day at the Seoul Government Complex in Jongno-gu, Seoul, announcing the "Analysis of the Causes of LGU+ Infringement Accidents and Measures to Take Action."

"We prepared and verified 16 infringement scenarios in which customer information could be leaked, and we were able to identify vulnerabilities in the customer authentication DB system," Hong said. "The administrator account password of the customer authentication system is usually set as 'admin'. It is the most likely (leakage) scenario."

In this way, the administrator account password is not a complex structure, but an initial basic setting that hackers can easily break through, enabling easy personal information leakage. Attackers have installed a 'webshell' malicious code that can execute commands remotely to the target web server through the administrator's account, and the file is believed to have been leaked. A separate authentication system was not applied when the stolen administrator account accessed the DB.

In addition, LG Uplus caused a massive cyber infringement due to lack of real-time detection system, external exposure to internal router equipment, lack of access control policy between routers, lack of installation of security equipment, and lack of information security personnel, organization and investment.

The government plans to continue monitoring and maintain a response system to prepare for possible additional (infringement accidents).

 

Alphabiz Reporter Kim Jisun(stockmk2020@alphabiz.co.kr)