4. KISA(www.kisa.or.kr)
• Korea Information & Security Agency
• History
– In 1996, Korea Information Security Center was
established.
– In 2001, KISC grew to the Korea Information Security
Agency.
– In 2009, 3 government bodies, KISA, NIDA and KIICA
were united into Korea Internet and Security Agency.
5. Major Duties of KISA
• Information Security, Broadcast and
Communication Improvement,
– ICT International Cooperation
• KISA is empowered by Ministry of Science, ICT
and Future Planning
– ‘Act on Promotion of Information & Communications
Network Utilization and Information Protection, etc.’
7. What is Phishing?
• Phishing is the attempt to acquire sensitive
information such as usernames, passwords,
and credit card details (and sometimes,
indirectly, money) by masquerading as a
trustworthy entity in an electronic
communication.
-http://en.wikipedia.org/wiki/Phishing-
8. Cyber-Fraud in S.Korea
• Voice Phishing
– The criminal practice of using social engineering over
the telephone system to gain access to private
personal and financial information from the public for
the purpose of financial reward.
• Smishing
– Use cell phone text messages to deliver the bait to
induce people to divulge their personal information.
In the text message may be a website URL.
http://www.wikipedia.org/
13. Forged caller’s phone number Block
Service - VOICE
No
Forgednumber
(02-1234-0112)
Yes
Exist?
Voice Phishing Forged caller’s phone number
Block Service
International
Call
Telecommunication
Company
Block
Public
Company
BANK
Law
Enforcement
Phone Numbers
Phone Numbers
Phone Numbers
International Call Block DB
[Company Name, Phone Number]
14. Block SMS text Server
Receiver
Try to find phone number
in Phone Number DB
3
4
Matching sender’s
[Company Name, Phone No.]
⇒ PASS
Bank A
(1599-9999)
Bank B
(1599-5000)
Company’s Data KISA
Company
[Name,
Phone Number]
:
Using Forged-Number
for hiding identification
( 02-1599-9999)
KB국민은행입
니다.
보이스피싱 주
의경보 발령(피
해신고는112)
KB국민은행입니
다.
고객님의개인정
보가 유출되었으
니보안승급바랍
니다.kbbenk.com
Normal SMS Text2
Mismatching sender’s
[Company Name, Phone No.]
⇒ Block
4
SMS Server
MMO’s
Message
Center
Sending SMS Text ReceiveSMS Sending company by Internet
Fake SMS Message
Using URL2
[Phone Number DB]1
Phone Record : about 0.6 M
[ Phone Number DB ]
[Phone Number DB]
Forged caller’s phone number Block Service - SMS
15. Statistics of forged caller’s phone
number Block Service
Voice : 2013.1~, SMS : 2013.9~
-
1,000,000
2,000,000
3,000,000
4,000,000
5,000,000
Voice SMS
2013 2014 from KISA
16. Smishing Response System(SRS)
[Mobile
Network
Operator]
Confirm
by Human
In KISA
Brief
Report KISC
Analyze
SMS Text
Message
118 Call Center
(24/7)
SMS text
Message
URL Block
Request
[ISP/MSO]
Confirm
By Human
Outside KISA
Result
Confirm
Request
[Law Enforcement]
Collect Suspicious URL Analyze Confirm Block
Download&
Analyze
Server
Suspicious
URL
KISC : Korea Internet Security Center
Suspicious
URL
22. Using CAPTCHA Code
• CAPTCHA (Completely Automated Public Turing
test to tell Computers and Humans Apart)
– Type of challenge-response test used in computing to
determine whether or not the user is human
<Example of CHPTCHA>
http://www.wikipedia.org/