The voting and ballot counting systems at the state-run election watchdog remain vulnerable to potential hacking attacks by North Korea, the intelligence agency said Tuesday.
Announcing the outcome of a joint cybersecurity checkup on the National Election Commission (NEC), the National Intelligence Service (NIS) said North Korea could penetrate into the election watchdog's network "at any time" due to its weak security system, though no such infiltration has been identified.
The NIS and the Korea Internet and Security Agency, the internet safety watchdog, jointly conducted the cybersecurity checkup on the NEC between July and September amid criticism that the watchdog did not do enough to secure its systems from hacking attempts.
The probe showed the NEC had multiple cybersecurity vulnerabilities to hacking attempts in terms of the management of its voter register, ballot counting and early voting systems.
Potential hackers could have penetrated the NEC's election-managing network so as to manipulate registered voter information and the outcome of an election, the NIS said.
In the case of a hacking attack, voters who cast their ballots in early voting could be marked as those who did not participate in the voting. It is also possible to manipulate voter registrations and ballot counts, as well as print ballots without authorization, the NIS said.
The NEC has also failed to take proper measures against North Korean hackers' attacks on emails and other information of its officials despite the intelligence agency's warnings, the probe showed.
Classified NEC documents were leaked in April 2021, as a North Korean hacking organization identified as "Kimsuky" used a malicious code to affect a PC at the election watchdog to steal information.
In June, South Korea imposed unilateral sanctions on Kimsuky, a unit within North Korea's intelligence agency, the Reconnaissance General Bureau, over the North's botched launch of a military spy satellite in May. Kimsuky is believed to be behind the 2014 hacking of the Korea Hydro & Nuclear Power Co., a South Korean power generation agency.
The NEC's vulnerable cybersecurity system spawns concerns about the possibility that North Korea may carry out illegal cyber activities targeting South Korea's parliamentary elections in April next year.
When asked about the possibility of North Korea having broken into the NEC network to manipulate the results of South Korea's previous elections, the spy agency refrained from confirming it, saying that the latest checkups did not cover all ballot-counting devices and other equipment at the NEC.
"The latest probe showed that the NEC's cybersecurity system remains vulnerable to hacking attempts. But even so, we should be careful about conclusively saying that (such hacking) occurred in the past," Baek Jong-wook, a deputy director at the NIS, told reporters in Pangyo, just south of Seoul.
In response to the spy agency's announcement, the election watchdog said that even if it is technically possible to hack into the election system, that does not necessarily lead to a rigged election, as it is almost impossible to manipulate the outcome of an election without organized assistance from insiders at the NEC.
The election watchdog initially rejected a recommendation by the NIS to receive online security checks, citing the need to maintain political neutrality. But it agreed in May to the checkups amid criticism about its lax attitude toward cybersecurity.
North Korean hackers are widely known for engaging in cryptocurrency thefts and other illicit cyber activities in a bid to help fund the country's nuclear and missile programs.
Source: Yonhap News Agency