As the investigation into the leak of college entrance exam results rolls on, prosecutors said yesterday that the computer server at the Korea Institute for Curriculum and Evaluation, which administers the exam, had been hacked over 200 times. Not only the test results but also the institute’s internal information was stolen.
According to prosecution and police sources, a manager at a public relations firm called Inuni Co. whose surname is Kim accessed the institute’s server over 200 times between August 2007 and December 2008.
A detention warrant was filed against Kim on charges of breaking information and network laws but it was rejected by the court.
Kim easily broke into the server. In August 2007, he accessed an employee’s e-mail account at the institute. Kim obtained the e-mail ID from a press release, and the password was the same as the ID.
Kim tried to log in to e-mail accounts of other institute employees over 50 times. One of his successes was with the account of someone in the institute’s administrative office. The employee used a password identical to the romanized spelling of his name.
One of the employee’s e-mails contained an attached file containing the passwords of five other employees at the institute. The employee temporarily managed the other employees’ e-mail access information because he dealt with changes in the institute’s server. Their passwords were identical to the last seven digits of their residential identification numbers.
In this way, Kim downloaded 16 types of internal information from the institute. Among the materials downloaded were plans to grade answer sheets from the 2009 College Scholastic Ability Test, scoring schedules and the number of students who missed the test.
“Kim could look at the Korea Institute for Curriculum and Evaluation’s internal information by accessing the e-mail of seven employees,” a prosecutor said.
Kim passed the information on to VisangEdu, a private education company. VisangEdu made the CSAT score analysis public on Dec. 9, a day before the CSAT results were announced.
Kim accessed the institute’s server four times on Dec. 10 after the institute requested a probe into this case.
As the investigation closed in on him, Kim destroyed a memo containing the IDs and passwords of the seven employees. Prosecutors plan to decide what kinds of charges they will file against Kim and a VisangEdu director whose surname is Jin this week.