Print 10 comment(s) - last by Visual.. on Aug 3 at 3:58 AM

Pair is accused of terrorizing South Korea's second largest carrier

In February 2012 a pair of hackers allegedly developed a "sophisticated" software platform designed to hack the databases of KT Corp. (KSC:030200), the second largest mobile carrier in South Korea.

The hackers obtained details on over half the carrier's customers, gaining information on 8.7 million of approximately 16 million accounts on the carrier.  The hackers allegedly then sold their software and the records -- including customers' names, phone numbers, residential registration numbers, and contract details -- to several telemarketing firms for $878K USD  (1 billion Won).  The telemarketers used the information to solicit customers to switch to other carriers.

But the joy ride appears to be over as the pair who sold the information is allegedly in custody.  Seven other individuals who purchased the software and illegally copied data were also arrested.

KT Corp. emphasizes that the intrusion was very sophisticated, commenting, "It took nearly seven months to develop the hacking program and (the suspects) had very sophisticated hacking skills. In light of this incident, we will strengthen the internal security system and raise awareness of security among all employees to prevent causing inconvenience to customers."

KT Comms
KT Comms was victimized by hackers and now faces class action lawsuits.
[Image Source: Slashgear]

They add that they are sincerely sorry for the impact on customers, stating, "We deeply bow our head in apology for having your precious personal information leaked... we'll try our best to make such things never happen again."

The carrier is facing a class action lawsuit from customers for the hack, despite its openness about the breach and its apology.  The company first detected the breach on July 13 and alerted authorities immediately.

While the exact methodology of the attack has not been widely publicized, it's possible the South Korean hackers exploited weakness in the link to the SQL database -- a popular means of grabbing internet-accessible data.  

While many companies have tightened security on the databases themselves, the links remain vulnerable as many popular corporate software packages have certain well-known errors where they mishandle strings.  These errors allow hackers to execute disallowed commands, gaining the same access as company employees.  The method is known as SQL "injection" as it involves "injecting" the command into an otherwise harmless string of text.

Recent American companies to fall victim to that attack methodology include NVIDIA Corp. (NVDA) whose forums accounts were compromised, and Yahoo! Inc. (YHOO) whose news accounts were compromised.

Last year South Korea the nation's largest carrier, SK Comms (KOE:066720) recently announced that over 35 million records had been illegally copied from its database by hackers in China.  And in Nov. 2011 Nexon Korea Corp., one of the nation's top online gaming companies, had 13 million user records illegally copied.

Source: ZDNet

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

why is this sort of thing still happening?
By johnsonx on 7/30/2012 7:43:32 PM , Rating: 3
about 5 years ago, one of my customers had a website with a SQL database behind it (none of it was anything I did, I just supported their network and computers). They started having having weird code show up on their site, in fields populated from their database; sometimes the code would re-direct their browsers to scamming sites. As they had lost contat with their web developer they asked me to figure out what was going on. I knew essentially nothing about web programming, databases, etc., but after looking into it and researching it I figured out it was a SQL Injection attack. I first tried just removing the injected code from the database using Access, but of course within a few hours it would come back. With a little more research I found some code to sanitize the HTTP requests between pages, and prevent the attack altogether. I adjusted the code a little to fit the site's requirements, and added it to the pages vulnerable to attack. It worked perfectly.

If I could do that with almost no knowledge years ago, what stops major companies from doing the same today? It's not like SQL injection attacks are anything new.

RE: why is this sort of thing still happening?
By Visual on 7/31/2012 4:08:18 AM , Rating: 2
SQL injection is possible when data is not properly escaped when building SQL queries, typically when data is being written to a database or when filtering data to select for displaying.

What you describe is not really SQL injection but HTML code injection due to improper HTML output escaping during data display. In the cases where it is actually harmful, it can be called HTML script injection or cross-site-scripting. It is a very different thing.

Would not be surprised if that website was vulnerable to both kinds of attacks though. And yes, I agree with your main point - it doesn't take a rocket scientist to understand and fix or avoid either of these vulnerabilities.

RE: why is this sort of thing still happening?
By augiem on 7/31/2012 4:19:06 AM , Rating: 2
It's not as simple as either of you make it seem. New vulnerabilities are always popping up. Have you ever used any open source content management systems? You have to patch the core and every module on nearly a daily basis because of the constant flood of vulnerabilities being discovered all the time. The bad guys are working every bit as hard to get in as the good guys are trying to keep them out.

Security is a huge ball of wax and NEVER 100% no matter how much money or manpower you put into it.

By Visual on 8/3/2012 3:58:46 AM , Rating: 2
Been using Drupal for 5 years now, and there have not been any wide-open and obvious security holes in that time. No SQL injection vulnerabilities at all in Drupal 5, 6 and 7 core. And while there have been lots of cross-site scripting vulnerabilities found, most were limited to users with special permissions so were no issue. Sure there have been many other kinds of mistakes and vulnerabilities, many highly critical in the right circumstances, so yes, it is important to monitor their security advisory and keep your version updated.

But the point was about the most obvious and stupid vulnerability - SQL injection, and how widespread it is yet how easy it is to avoid if the coder cared to understand it.

By jimbojimbo on 8/2/2012 5:15:57 PM , Rating: 2
I was hoping these guys injected some code to pull $0.011 from every account or something ala Richard Pryor style. Just selling information is kind of lame.

I guess somebody...
By MrBlastman on 7/30/12, Rating: -1
RE: I guess somebody...
By ClownPuncher on 7/30/2012 2:09:47 PM , Rating: 2
You're dead to me.

RE: I guess somebody...
By MrBlastman on 7/30/2012 2:30:23 PM , Rating: 1
hahaha :)

*ducks all the flying tomatoes*

RE: I guess somebody...
By augiem on 7/30/2012 2:13:38 PM , Rating: 2
Or 100,000 antacid tablets and some vinegar.

RE: I guess somebody...
By StevoLincolnite on 7/30/2012 2:55:41 PM , Rating: 2
Force them to listen to Justin Beibers album on repeat for several decades.

“We do believe we have a moral responsibility to keep porn off the iPhone.” -- Steve Jobs

Latest Headlines
Inspiron Laptops & 2-in-1 PCs
September 25, 2016, 9:00 AM
The Samsung Galaxy S7
September 14, 2016, 6:00 AM
Apple Watch 2 – Coming September 7th
September 3, 2016, 6:30 AM
Apple says “See you on the 7th.”
September 1, 2016, 6:30 AM

Most Popular ArticlesAre you ready for this ? HyperDrive Aircraft
September 24, 2016, 9:29 AM
Leaked – Samsung S8 is a Dream and a Dream 2
September 25, 2016, 8:00 AM
Inspiron Laptops & 2-in-1 PCs
September 25, 2016, 9:00 AM
Snapchat’s New Sunglasses are a Spectacle – No Pun Intended
September 24, 2016, 9:02 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki