Arrested South Korean Hackers Made Nearly $1M Off 8.7M Accounts
July 30, 2012 12:23 PM
comment(s) - last by
Pair is accused of terrorizing South Korea's second largest carrier
In February 2012 a pair of hackers allegedly developed a "sophisticated" software platform designed to hack the databases of KT Corp. (
), the second largest mobile carrier in South Korea.
The hackers obtained details on over half the carrier's customers, gaining information on 8.7 million of approximately 16 million accounts on the carrier. The hackers allegedly then sold their software and the records -- including customers' names, phone numbers, residential registration numbers, and contract details -- to several telemarketing firms for $878K USD (1 billion Won). The telemarketers used the information to solicit customers to switch to other carriers.
But the joy ride appears to be over as the pair who sold the information is allegedly in custody. Seven other individuals who purchased the software and illegally copied data were also arrested.
KT Corp. emphasizes that the intrusion was very sophisticated,
, "It took nearly seven months to develop the hacking program and (the suspects) had very sophisticated hacking skills. In light of this incident, we will strengthen the internal security system and raise awareness of security among all employees to prevent causing inconvenience to customers."
KT Comms was victimized by hackers and now faces class action lawsuits.
[Image Source: Slashgear]
They add that they are sincerely sorry for the impact on customers, stating, "We deeply bow our head in apology for having your precious personal information leaked... we'll try our best to make such things never happen again."
The carrier is facing a class action lawsuit from customers for the hack, despite its openness about the breach and its apology. The company first detected the breach on July 13 and alerted authorities immediately.
While the exact methodology of the attack has not been widely publicized, it's possible the South Korean hackers exploited weakness in the link to the SQL database -- a popular means of grabbing internet-accessible data.
While many companies have tightened security on the databases themselves, the links remain vulnerable as many popular corporate software packages have certain well-known errors where they mishandle strings. These errors allow hackers to execute disallowed commands, gaining the same access as company employees. The method is known as
as it involves "injecting" the command into an otherwise harmless string of text.
Recent American companies to fall victim to that attack methodology include NVIDIA Corp. (
forums accounts were compromised
, and Yahoo! Inc. (
news accounts were compromised
Last year South Korea the nation's largest carrier, SK Comms (
) recently announced that over
35 million records had been illegally copied
from its database by hackers in China. And in Nov. 2011 Nexon Korea Corp., one of the nation's top online gaming companies, had 13 million user records illegally copied.
This article is over a month old, voting and posting comments is disabled
RE: why is this sort of thing still happening?
7/31/2012 4:19:06 AM
It's not as simple as either of you make it seem. New vulnerabilities are always popping up. Have you ever used any open source content management systems? You have to patch the core and every module on nearly a daily basis because of the constant flood of vulnerabilities being discovered all the time. The bad guys are working every bit as hard to get in as the good guys are trying to keep them out.
Security is a huge ball of wax and NEVER 100% no matter how much money or manpower you put into it.
RE: why is this sort of thing still happening?
8/3/2012 3:58:46 AM
Been using Drupal for 5 years now, and there have not been any wide-open and obvious security holes in that time. No SQL injection vulnerabilities at all in Drupal 5, 6 and 7 core. And while there have been lots of cross-site scripting vulnerabilities found, most were limited to users with special permissions so were no issue. Sure there have been many other kinds of mistakes and vulnerabilities, many highly critical in the right circumstances, so yes, it is important to monitor their security advisory and keep your version updated.
But the point was about the most obvious and stupid vulnerability - SQL injection, and how widespread it is yet how easy it is to avoid if the coder cared to understand it.
"People Don't Respect Confidentiality in This Industry" -- Sony Computer Entertainment of America President and CEO Jack Tretton
NVIDIA: We've Been Hacked, User Records Lost
July 13, 2012, 6:00 PM
Yahoo Loses 453,000 User Passwords to Hackers
July 12, 2012, 4:45 PM
Nokia is the Victim of SQL Injection, Loses Developer Records
August 29, 2011, 8:37 AM
Chinese Hackers Score Heist of 35 Million South Koreans' Personal Info
July 28, 2011, 9:43 AM
Update: Samsung Responds to Reports of Screen Gaps on Galaxy Note 4
September 30, 2014, 11:02 AM
Apple to Begin iPhone 6, iPhone 6 Plus Sales in China October 17
September 30, 2014, 9:55 AM
eBay to Spin Off PayPal Business Next Year
September 30, 2014, 7:28 AM
HP Adds $99 Windows Tablet, $199 Windows Notebook to Stream Family
September 29, 2014, 7:17 PM
Following Quirky Passport, BlackBerry Aims to Release One Unconventional Device Per Year
September 29, 2014, 6:45 PM
New Optical Cloak is so Beautifully Simple You Can Build Them at Home
September 29, 2014, 5:10 PM
Most Popular Articles
Appalling Negligence: Decade-Old Windows XPe Holes Led to Home Depot Hack
September 8, 2014, 8:58 PM
iBend: Reports Grow of Razor-Thin iPhone 6+ Folding Like Origami in Your Pocket
September 23, 2014, 6:08 PM
New AT&T Mobile Share Value "Double Data" Promotion Lasts Through October
September 28, 2014, 8:32 AM
Update: Apple Releases iOS 8.0.2 Update to Make Up for Botched 8.0.1 Release
September 25, 2014, 8:19 PM
FBI Outraged That Apple, Google are Adopting Digital "Locks" to Protect Users
September 26, 2014, 1:00 PM
Latest Blog Posts
The Surface Mini That Was Never Released Gets "Hands On" Treatment
Sep 26, 2014, 8:22 AM
ISIS Imposes Ban on Teaching Evolution in Iraq
Sep 17, 2014, 5:22 PM
Space Terrorism is a Looming Threat For the United States
Apr 23, 2014, 7:47 PM
Facebook Aims to Provide Internet to "Every Person in the World" with Drones, Satellites
Apr 1, 2014, 10:20 AM
Retail Mobile Sites Experience Outages in Light of Simplexity's Bankruptcy
Mar 14, 2014, 8:48 AM
More Blog Posts
Copyright 2014 DailyTech LLC. -
Terms, Conditions & Privacy Information