• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.1
• /
• pp.107-122
• /
• 2015

Many defensive mechanisms have been evolved as new attack methods are developed. However, APT attacks using e-mail are still hard to detect and prevent. Recently, many organizations in the government sector or private sector have been hacked by malicious e-mail based APT attacks. In this paper, first, we built hacking e-mail database based on the real e-mail data which were used in attacks on the Korean government organizations in recent years. Then, we extracted features from the hacking e-mails for profiling them. We design a case vector that can describe the specific characteristics of hacking e-mails well. Finally, based on case based reasoning, we made an algorithm for retrieving the most similar case from the hacking e-mail database when a new hacking e-mail is found. As a result, hacking e-mails have common characteristics in several features such as geo-location information, and these features can be used for classifying benign e-mails and malicious e-mails. Furthermore, this proposed case based reasoning algorithm can be useful for making a decision to analyze suspicious e-mails.

• Convergence Security Journal
• /
• v.20 no.3
• /
• pp.21-28
• /
• 2020

In recent years, hacking and malware techniques have evolved and become sophisticated and complex, and numerous cyber-attacks are constantly occurring in various fields. Among them, the most widely used route for compromise incidents such as information leakage and system destruction was found to be E-Mails. In particular, it is still difficult to detect and identify E-Mail APT attacks that employ zero-day vulnerabilities and social engineering hacking techniques by detecting signatures and conducting dynamic analysis only. Thus, there has been an increased demand for indicators of compromise (IOC) to identify the causes of malicious activities and quickly respond to similar compromise incidents by sharing the information. In this study, we propose a method of extracting various forensic artifacts required for detecting and investigating Hacking E-Mails, which account for large portion of damages in security incidents. To achieve this, we employed a digital forensic indicator method that was previously utilized to collect information of client-side incidents.

• Journal of Internet Computing and Services
• /
• v.21 no.2
• /
• pp.91-97
• /
• 2020

Recently, phishing attacks targeting those involved in defense, security and unification have been on the rise. In particular, hacking attack organization Kimsuky has been engaged in activities to collect important information from public organizations through phishing attacks since 2013. In this paper, profiling analysis of phishing mail attack organization was performed. Through this process, we estimated the purpose of the attack group and suggested countermeasures.

• The Journal of the Convergence on Culture Technology
• /
• v.2 no.4
• /
• pp.65-70
• /
• 2016

As network communication increases by using public WiFi to check e-mail and handling Internet banking, the danger of hacking public routers continues to rise. While the national policy is to further propagate public routers, users are not eager to keep their information secure and there is a growing risk of personal information leakage. Because wireless routers implement high accessibility but are vulnerable to hacking, it is thus important to analyze hacking to tackle the attacks. In this study, an analysis is made of the encryption method used in WiFi and cases of hacking WiFi by security attacks on wireless routers, and a method for tackling the attacks is suggested.

• Convergence Security Journal
• /
• v.8 no.4
• /
• pp.183-189
• /
• 2008

E-mail's role has been increased due to its merit which is sending demanded information in real-time anywhere, anytime. However, Today's E-mail security threats have being changed intelligently to attack against the specific agency. The threat is a limit to respond. Therefore precise definition and development of security technology is needed to analyze changing environment and technologies of e-mail so that remove fundamental security threat. we proposed Next Generation E-mail System Security Structure and the Next Generation fusion System using authentication As a result, in this study, we development of Next Generation E-mail System Security Structure. This system can protect E-mail user from social engineering hacking technique, spam, virus, malicious code and fabrication.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2011.05a
• /
• pp.414-417
• /
• 2011

2011년 현재 유무선 인터넷을 이용해 VoIP, e-mail 통신을 하며, 금융거래인 은행거래, 주식거래, 안전결제 서비스를 이용하고 있다. 하지만 유무선 인터넷에서 침해사고가 발생하여 VoIP, e-mail이나 은행거래, 주식거래, 안전결제에 취약점 가능성이 있다. 2011년 3월 개인정보보호법 국회통과로 금융거래에서 개인정보를 보호해야 한다. 본 논문에서는 WiBro 인터넷 금융거래에서 VoIP, e-mail이나 은행거래, 주식거래, 안전결제를 할 때, SecuiScan을 이용하여 취약점을 분석한다. 취약점을 분석한 결과, 발견된 취약점을 이용하여 실험실 환경에서 해킹공격을 실시한다. 해킹결과 분석과 침해사고 유형에 따른 보안성 강화를 위한 보안 대책을 제시한다. 본 논문의 연구는 WiBro 인터넷 금융거래 보안성 강화에 기여할 것이다.

• Proceedings of the Korea Contents Association Conference
• /
• 2006.05a
• /
• pp.337-341
• /
• 2006

Spam email is an electronic mail sent to a large number of netizen who do not want it. Criminals have been to take an advantage of this tool easily through harmful activities such as phishing. Recently the spam mail containing commercial information is broadly accepted as an illegal commitment to endangering the network. According some report, it could cause real damages. For the better policy on controlling spam mail we need new Efficient Countermeasure. Several laws have been enacted in Korea for controlling spam mail. The most important acts is the Using and Protecting Communication Act. Main targets of this law is virus spreading, computer hacking, cyber pornography, intellectual property breaching, private or public information abusing and cyber terrorism. But the Using and Protecting Communication Act is insufficient to control spam mail. For the better policy on controlling spam mail we need new Efficient Countermeasure. Therefore, this research wishes to present way to control for efficient spam mail through enactment of conversion, induction of clash action system degree, special law of national regulation form for spam mail.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.1
• /
• pp.93-101
• /
• 2009

This paper proposes the detection method of spreading mails which hacker injects malicious codes to steal the information. And I developed the 'Analysis model' which is decoding traffics when hacker's encoding them to steal the information. I researched 'Methodology of intrusion detection techniques' in the computer network monitoring. As a result of this simulation, I developed more efficient rules to detect the PCs which are infected malicious codes in the hacking mail. By proposing this security policy which can be applicable in the computer network environment including every government or company, I want to be helpful to minimize the damage by hacking mail with malicious codes.

• International Journal of Computer Science & Network Security
• /
• v.21 no.8
• /
• pp.360-368
• /
• 2021

This study aims at knowing both the level of information security awareness in the use of social media among female secondary school students in Makkah Al-Mukarramah, and the procedures that students follow when exposed to hacking or other security problems. The study relied on the descriptive survey approach. The results showed a high percentage of social media use among the study sample, and the most used applications by the students are snapchat and Instagram applications successively. In fact, 48% of the study sample have awareness of information security, the majority of the students memorize the password in the devices, most of them do not change them, and they have knowledge of fake gates and social engineering. However, their knowledge of electronic hacking is weak, and students do not share passwords with anyone at a rate of 67%. At the same time, they do not update passwords. Moreover, most of the procedures followed by students when exposed to theft and hacking is to change the e-mail data and the password, and the results varied apart from that, which reflects the weak awareness of the students and the weakness of procedures related to information security. The study recommends the necessity to raise awareness and education of the importance of information security and safety, especially in light of what the world faces from data electronic attacks and hackings of electronic applications.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2020.05a
• /
• pp.235-237
• /
• 2020

해킹메일로 인한 피해는 꾸준히 발생하고 있으며, 최근에는 정부나 공공기관을 사칭하는 메일로 인한 피해 사례가 증가하고 있어 정부에서는 사칭메일을 대응하기 위한 기술을 적용하도록 요구하고 있다. 2017년부터 한국인터넷진흥원에서는 이메일 주소를 사칭하는 메일을 차단하기 위해서는 SPF(Sender Policy Framework) 기술을 적용해야 한다고 밝혔으며, 2019년에 정부에서는 SPF 뿐만 아니라 DKIM(Domain Keys Identified Mail)과 DMARC(Domain-based Message Authentication, Reporting, and Conformance)까지 적용을 확대할 것을 요구하고 있다. 이에, 본 논문에서는 해킹메일 대응을 위해 적용하고 있는 세 가지 기술의 기술 표준을 분석함으로써 해당 기술을 적용하여 나가기 위한 발판을 마련하고자 한다.