{"id":2204324,"date":"2024-03-18T16:00:03","date_gmt":"2024-03-18T07:00:03","guid":{"rendered":"https:\/\/koreapro.org\/?p=2204324"},"modified":"2024-03-19T16:31:50","modified_gmt":"2024-03-19T07:31:50","slug":"korean-governments-widespread-use-of-personal-emails-poses-security-risks","status":"publish","type":"post","link":"https:\/\/koreapro.org\/2024\/03\/korean-governments-widespread-use-of-personal-emails-poses-security-risks\/","title":{"rendered":"Korean government\u2019s widespread use of personal emails poses security risks"},"content":{"rendered":"

South Korean government officials often use personal email accounts for official business, a widespread practice that raises the risk of security breaches, data leaks and reputational damage.\u00a0<\/span><\/p>\n

Despite long-standing fears of hacks and phishing from North Korea-related actors, multiple current and former officials told <\/span>Korea Pro<\/span><\/i> that using personal email accounts for official purposes is common across the government.<\/span><\/p>\n

Evidence of this practice is readily available. Official government business cards often display personal Gmail and other such addresses, and when they do not, staffers commonly scribble personal email addresses onto the cards.<\/span><\/p>\n

This correspondent\u2019s collection includes over a dozen such business cards from elected lawmakers, national intelligence officers, department directors from the foreign and unification ministries and even police officers.<\/span><\/p>\n

Further, multiple lawmakers list their <\/span>commercial email addresses<\/span><\/a> on the National Assembly website.<\/span><\/p>\n

This blase approach has already had potentially dire consequences. North Korea-linked hackers allegedly obtained details of President Yoon Suk-yeol\u2019s travel schedule and some messages the president sent <\/span>through an aide<\/span><\/a> who had stored that information on a non-secure commercial email server.<\/span><\/p>\n

A South Korean government source told the press they were \u201cbeyond shocked and appalled\u201d about the incident. However, former and current government officials told <\/span>Korea Pro<\/span><\/i> that the issue is commonplace, citing a range of technical and cultural reasons.<\/span><\/p>\n

\u201cAs far as I am aware, pretty much everyone uses personal emails for work purposes,\u201d a researcher at a government think tank told <\/span>Korea Pro<\/span><\/i> on condition of anonymity.<\/span><\/p>\n

\u201cWe are strongly advised not to use personal emails for work purposes and the admin team repeatedly warns that the audit bodies may do something about it when they find out, the researcher explained.<\/span><\/p>\n

\u201cBut everyone knows that it is difficult not to use personal emails considering the hassle that the current professional online system is causing.\u201d<\/span><\/p>\n

South Korea\u2019s presidential office declined to comment on <\/span>Korea Pro\u2019s<\/span><\/i> findings, while the National Intelligence Service referred <\/span>Korea Pro<\/span><\/i> to a document from the National Cyber Security Center titled \u201cBasic Guidelines to National Information Security\u201d without further elaboration.<\/span><\/p>\n

\"\"

This correspondent\u2019s collection of business cards from ROK government officials and politicians featuring personal emails | Image: Korea Pro<\/p><\/div>\n

SECURITY STUMBLING BLOCK<\/b><\/p>\n

High-security protocols on the official government email system create a stumbling block for efficient communication, according to those familiar with the system. These protocols make the system too cumbersome for many day-to-day purposes, they said.<\/span><\/p>\n

\u201cGovernment officials are not allowed to use personal emails for official purposes\u201d and instead rely on a specific intranet setup for communication, a recently retired official explained.\u00a0<\/span><\/p>\n

For communication between individuals in a specific ministry or across separate Korean government ministries, the government provides an encrypted email system that is \u201cphysically separated from the commercial internet,\u201d the retired official explained.<\/span><\/p>\n

A current military official told <\/span>Korea Pro<\/span><\/i> that the intranet system has \u201chigh security\u201d and effectively facilitates internal communications within the ROK government. However, multiple problems persist.<\/span><\/p>\n

\u201cThe official email address is subject to so many security concerns and protocols that officials feel very uncomfortable with it, so they use these commercial email accounts,\u201d a former ROK foreign ministry official explained on condition of anonymity.<\/span><\/p>\n

For example, logging in when out of the office can be difficult.<\/span><\/p>\n

\u201cThe cyber protection standard of the Korean government intranet system is very high,\u201d the researcher at a government think tank said. \u201cFor me to access the professional work system (emails and others) from my home computer, I have to go through four stages with each stage requiring login information.\u201d<\/span><\/p>\n

Another issue arises when logged in, as messages to and from non-government recipients often encounter problems.<\/span><\/p>\n

\u201cThis secure net oftentimes blocks civilian accounts, so an email from the real world might never get to its intended (recipient),\u201d Chun In-bum, a former three-star South Korean general, told <\/span>Korea Pro<\/span><\/i>. \u201cThe government system is a hassle.\u201d<\/span><\/p>\n

A former spokesperson from the Park Geun-hye era told <\/span>Korea Pro<\/span><\/i> that email deliverability had been so bad during their time in government that their ministry created a commercial email address on Naver \u2014 the country\u2019s largest online platform \u2014 to ensure regular communications with media.<\/span><\/p>\n

Without the commercial email account, the former spokesperson explained, correspondence to journalists often bounced and neither the ministry nor the journalists received important emails.<\/span><\/p>\n

POOR FUNCTIONALITY<\/b><\/p>\n

In addition to the problems stemming from security protocols, others cited poor functionality as a reason official email systems are burdensome to use.<\/span><\/p>\n

\u201cI use my personal email sometimes because our mail provider is shit,\u201d a staffer at a government media organization bluntly stated, speaking also on condition of anonymity.<\/span><\/p>\n

\u201cThe storage is insufficient and the system itself looks like it was programmed in the early 2000s \u2026 no useful functions like auto-save, logs out randomly and is in general counterintuitive,\u201d they continued.<\/span><\/p>\n

A serving ROK civil servant noted that hyperlinks don\u2019t work in the official government email system and that the mobile version lacks an attachment download function, further discouraging the use of the official secure system.<\/span><\/p>\n

The former spokesperson said that due to problems relating to the firewall, the official government email system was often very slow. \u201cSo for there to be simultaneous, instantaneous communication, the government account sometimes is not convenient at all.\u201d<\/span><\/p>\n

These combined issues encourage those in government to regularly resort to commercial email systems.<\/span><\/p>\n

\u201cWhat (people) do is they forward important emails to their personal email account to re-read and send their own files at work to their personal email account so they can work on them in the evening\/during weekends,\u201d the researcher at the government think tank explained.<\/span><\/p>\n

\"\"

A police officer\u2019s business card with their Naver email address | Image: Korea Pro<\/em><\/p><\/div>\n

CULTURAL PROBLEMS<\/b><\/p>\n

The ubiquity of personal accounts to work on even classified or secret information across the South Korean government reflects a culture of wilful ignorance about internet security.\u00a0<\/span><\/p>\n

This correspondent has collected business cards from ROK government officials since 2016, revealing that more than a dozen included personal emails printed on the cards or had staffers scribble their personal email onto the cards.<\/span><\/p>\n

The former spokesperson attributed this practice to a lack of awareness. They said they \u201cdidn\u2019t really think much of it\u201d in Korea but only realized \u201cwhat the implications may be\u201d by mixing personal and work accounts after working overseas.<\/span><\/p>\n

Many ROK civil servants simply don\u2019t know \u201chow dangerous it is\u201d to use email services from \u201cfor-profit companies for official government use,\u201d the former spokesperson concluded. Only when \u201cproblems arise\u201d is there more alertness.\u00a0<\/span><\/p>\n

However, the recently retired official said that \u201cofficials are frequently reminded of the danger of possible information leak through the commercial internet or social network services.\u201d<\/span><\/p>\n

For example, the foreign ministry understands that \u201csecurity concerns are very important\u201d due to regular \u201cinteractions with the intelligence services,\u201d resulting in annual cyber security seminars for staff, said the former foreign ministry employee.<\/span><\/p>\n

Despite this, the practice continues. The serving military official believes that a lack of serious auditing and the absence of a major Hillary Clinton-style controversy is partially to blame.<\/span><\/p>\n

The retired official agreed, suggesting that the absence of serious punishment, despite the potential for grave consequences, could be partly responsible for the ongoing issue.<\/span><\/p>\n

Those consequences, one expert pointed out, could be significant.<\/span><\/p>\n

\u201c(This practice) increases the risk of phishing attacks both as recipients and as imposter senders,\u201d said Daniel Pinkston, a lecturer in international relations at Troy University, said mixing and matching personal and work emails broadens one\u2019s exposure to phishing attacks. \u201cGiven the lax attitudes, even one recipient who believes it\u2019s an authentic email can comprise the whole network.\u201d<\/span><\/p>\n

The risks extend beyond the recent problems experienced by the presidential office. Last year, the National Assembly\u2019s foreign affairs committee <\/span>revealed<\/span><\/a> that nearly half of South Korea\u2019s overseas embassies had not conducted communication-related training in the past three years, which is designed to strengthen security-related practices and prevent leaks, malware infections and hacks.<\/span><\/p>\n

North Korea-related hacking groups allegedly targeted over 90 officials from diplomatic and security departments in Aug. 2016, <\/span>attempting to hack<\/span><\/a> into email accounts by impersonating security personnel from government and private firms like Google, Daum and Naver.<\/span><\/p>\n

Despite these incidents, the former ROK foreign ministry official believes \u201cthings are improving.\u201d\u00a0<\/span><\/p>\n

South Korea\u2019s cyber security technology is \u201cthe best in the world,\u201d they claimed, and said from their experience the current administration is less likely to publish their personal email publicly.<\/span><\/p>\n

Jeongmin Kim and Lina Park contributed to this report. Edited by John Lee.<\/span><\/i><\/p>\n

Culture & Society<\/span><\/a>Domestic Politics<\/span><\/a>Technology & Cyber<\/span><\/a><\/div>","protected":false},"excerpt":{"rendered":"

South Korean government officials often use personal email accounts for official business, a widespread practice that raises the risk of security breaches, data leaks and reputational damage.\u00a0 Despite long-standing fears of hacks and phishing from North Korea-related actors, multiple current and former officials told Korea Pro that using personal email accounts for official purposes is […]<\/p>\n","protected":false},"author":10407,"featured_media":2204325,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[21],"tags":[25,27,29],"yoast_head":"\nKorean government\u2019s widespread use of personal emails poses security risks - KOREA PRO<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/koreapro.org\/2024\/03\/korean-governments-widespread-use-of-personal-emails-poses-security-risks\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Korean government\u2019s widespread use of personal emails poses security risks - KOREA PRO\" \/>\n<meta property=\"og:description\" content=\"South Korean government officials often use personal email accounts for official business, a widespread practice that raises the risk of security breaches, data leaks and reputational damage.\u00a0 Despite long-standing fears of hacks and phishing from North Korea-related actors, multiple current and former officials told Korea Pro that using personal email accounts for official purposes is […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/koreapro.org\/2024\/03\/korean-governments-widespread-use-of-personal-emails-poses-security-risks\/\" \/>\n<meta property=\"og:site_name\" content=\"KOREA PRO\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/nknewsorg\/\" \/>\n<meta property=\"article:published_time\" content=\"2024-03-18T07:00:03+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-03-19T07:31:50+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/koreapro.org\/wp-content\/uploads\/sites\/6\/2024\/03\/feature-6.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1870\" \/>\n\t<meta property=\"og:image:height\" content=\"1000\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"johnleenknews\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@southkoreapro\" \/>\n<meta name=\"twitter:site\" content=\"@southkoreapro\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Chad O'Carroll\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/koreapro.org\/2024\/03\/korean-governments-widespread-use-of-personal-emails-poses-security-risks\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/koreapro.org\/2024\/03\/korean-governments-widespread-use-of-personal-emails-poses-security-risks\/\"},\"author\":{\"name\":\"johnleenknews\",\"@id\":\"https:\/\/koreapro.org\/#\/schema\/person\/b9766dba611638edc06a6e0b7078714d\"},\"headline\":\"Korean government\u2019s widespread use of personal emails poses security risks\",\"datePublished\":\"2024-03-18T07:00:03+00:00\",\"dateModified\":\"2024-03-19T07:31:50+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/koreapro.org\/2024\/03\/korean-governments-widespread-use-of-personal-emails-poses-security-risks\/\"},\"wordCount\":1432,\"publisher\":{\"@id\":\"https:\/\/koreapro.org\/#organization\"},\"keywords\":[\"Culture & Society\",\"Domestic Politics\",\"Technology & Cyber\"],\"articleSection\":[\"Analysis\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/koreapro.org\/2024\/03\/korean-governments-widespread-use-of-personal-emails-poses-security-risks\/\",\"url\":\"https:\/\/koreapro.org\/2024\/03\/korean-governments-widespread-use-of-personal-emails-poses-security-risks\/\",\"name\":\"Korean government\u2019s widespread use of personal emails poses security risks - KOREA PRO\",\"isPartOf\":{\"@id\":\"https:\/\/koreapro.org\/#website\"},\"datePublished\":\"2024-03-18T07:00:03+00:00\",\"dateModified\":\"2024-03-19T07:31:50+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/koreapro.org\/2024\/03\/korean-governments-widespread-use-of-personal-emails-poses-security-risks\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/koreapro.org\/2024\/03\/korean-governments-widespread-use-of-personal-emails-poses-security-risks\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/koreapro.org\/2024\/03\/korean-governments-widespread-use-of-personal-emails-poses-security-risks\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/koreapro.org\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Korean government\u2019s widespread use of personal emails poses security risks\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/koreapro.org\/#website\",\"url\":\"https:\/\/koreapro.org\/\",\"name\":\"KOREA PRO\",\"description\":\"Be smart about South Korea. Up-to-date analysis on foreign relations, politics, society and economy. Made by the producers of NK PRO and NK News.\",\"publisher\":{\"@id\":\"https:\/\/koreapro.org\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/koreapro.org\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/koreapro.org\/#organization\",\"name\":\"KOREA PRO\",\"url\":\"https:\/\/koreapro.org\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/koreapro.org\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/koreapro.org\/wp-content\/uploads\/sites\/6\/2022\/11\/logo.png\",\"contentUrl\":\"https:\/\/koreapro.org\/wp-content\/uploads\/sites\/6\/2022\/11\/logo.png\",\"width\":360,\"height\":50,\"caption\":\"KOREA PRO\"},\"image\":{\"@id\":\"https:\/\/koreapro.org\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/nknewsorg\/\",\"https:\/\/twitter.com\/southkoreapro\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Korean government\u2019s widespread use of personal emails poses security risks - KOREA PRO","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/koreapro.org\/2024\/03\/korean-governments-widespread-use-of-personal-emails-poses-security-risks\/","og_locale":"en_US","og_type":"article","og_title":"Korean government\u2019s widespread use of personal emails poses security risks - KOREA PRO","og_description":"South Korean government officials often use personal email accounts for official business, a widespread practice that raises the risk of security breaches, data leaks and reputational damage.\u00a0 Despite long-standing fears of hacks and phishing from North Korea-related actors, multiple current and former officials told Korea Pro that using personal email accounts for official purposes is […]","og_url":"https:\/\/koreapro.org\/2024\/03\/korean-governments-widespread-use-of-personal-emails-poses-security-risks\/","og_site_name":"KOREA PRO","article_publisher":"https:\/\/www.facebook.com\/nknewsorg\/","article_published_time":"2024-03-18T07:00:03+00:00","article_modified_time":"2024-03-19T07:31:50+00:00","og_image":[{"width":1870,"height":1000,"url":"https:\/\/koreapro.org\/wp-content\/uploads\/sites\/6\/2024\/03\/feature-6.png","type":"image\/png"}],"author":"johnleenknews","twitter_card":"summary_large_image","twitter_creator":"@southkoreapro","twitter_site":"@southkoreapro","twitter_misc":{"Written by":"Chad O'Carroll","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/koreapro.org\/2024\/03\/korean-governments-widespread-use-of-personal-emails-poses-security-risks\/#article","isPartOf":{"@id":"https:\/\/koreapro.org\/2024\/03\/korean-governments-widespread-use-of-personal-emails-poses-security-risks\/"},"author":{"name":"johnleenknews","@id":"https:\/\/koreapro.org\/#\/schema\/person\/b9766dba611638edc06a6e0b7078714d"},"headline":"Korean government\u2019s widespread use of personal emails poses security risks","datePublished":"2024-03-18T07:00:03+00:00","dateModified":"2024-03-19T07:31:50+00:00","mainEntityOfPage":{"@id":"https:\/\/koreapro.org\/2024\/03\/korean-governments-widespread-use-of-personal-emails-poses-security-risks\/"},"wordCount":1432,"publisher":{"@id":"https:\/\/koreapro.org\/#organization"},"keywords":["Culture & Society","Domestic Politics","Technology & Cyber"],"articleSection":["Analysis"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/koreapro.org\/2024\/03\/korean-governments-widespread-use-of-personal-emails-poses-security-risks\/","url":"https:\/\/koreapro.org\/2024\/03\/korean-governments-widespread-use-of-personal-emails-poses-security-risks\/","name":"Korean government\u2019s widespread use of personal emails poses security risks - KOREA PRO","isPartOf":{"@id":"https:\/\/koreapro.org\/#website"},"datePublished":"2024-03-18T07:00:03+00:00","dateModified":"2024-03-19T07:31:50+00:00","breadcrumb":{"@id":"https:\/\/koreapro.org\/2024\/03\/korean-governments-widespread-use-of-personal-emails-poses-security-risks\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/koreapro.org\/2024\/03\/korean-governments-widespread-use-of-personal-emails-poses-security-risks\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/koreapro.org\/2024\/03\/korean-governments-widespread-use-of-personal-emails-poses-security-risks\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/koreapro.org\/"},{"@type":"ListItem","position":2,"name":"Korean government\u2019s widespread use of personal emails poses security risks"}]},{"@type":"WebSite","@id":"https:\/\/koreapro.org\/#website","url":"https:\/\/koreapro.org\/","name":"KOREA PRO","description":"Be smart about South Korea. Up-to-date analysis on foreign relations, politics, society and economy. Made by the producers of NK PRO and NK News.","publisher":{"@id":"https:\/\/koreapro.org\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/koreapro.org\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/koreapro.org\/#organization","name":"KOREA PRO","url":"https:\/\/koreapro.org\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/koreapro.org\/#\/schema\/logo\/image\/","url":"https:\/\/koreapro.org\/wp-content\/uploads\/sites\/6\/2022\/11\/logo.png","contentUrl":"https:\/\/koreapro.org\/wp-content\/uploads\/sites\/6\/2022\/11\/logo.png","width":360,"height":50,"caption":"KOREA PRO"},"image":{"@id":"https:\/\/koreapro.org\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/nknewsorg\/","https:\/\/twitter.com\/southkoreapro"]}]}},"_links":{"self":[{"href":"https:\/\/koreapro.org\/wp-json\/wp\/v2\/posts\/2204324"}],"collection":[{"href":"https:\/\/koreapro.org\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/koreapro.org\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/koreapro.org\/wp-json\/wp\/v2\/users\/10407"}],"replies":[{"embeddable":true,"href":"https:\/\/koreapro.org\/wp-json\/wp\/v2\/comments?post=2204324"}],"version-history":[{"count":7,"href":"https:\/\/koreapro.org\/wp-json\/wp\/v2\/posts\/2204324\/revisions"}],"predecessor-version":[{"id":2204337,"href":"https:\/\/koreapro.org\/wp-json\/wp\/v2\/posts\/2204324\/revisions\/2204337"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/koreapro.org\/wp-json\/wp\/v2\/media\/2204325"}],"wp:attachment":[{"href":"https:\/\/koreapro.org\/wp-json\/wp\/v2\/media?parent=2204324"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/koreapro.org\/wp-json\/wp\/v2\/categories?post=2204324"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/koreapro.org\/wp-json\/wp\/v2\/tags?post=2204324"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}