Attacks/Breaches
4/9/2013
12:06 PM
50%
50%

South Korea Charges Alleged Hackers

South Korean government accuses two men of working with North Korean hackers to steal personal data relating to 140 million South Koreans.

Anonymous: 10 Things We Have Learned In 2013
Anonymous: 10 Things We Have Learned In 2013
(click image for larger view and for slideshow)
The South Korean government Saturday charged two men with working with North Korean hackers -- operating from China -- and stealing personal data associated with 140 million South Korean residents.

"The data were obtained by hacking into the websites of department stores, gas stations and online shopping malls as well as from illegal dealers," a spokesman for the Seoul Central Prosecutors' Office told South Korean newspaper The Chosun Ilbo.

Prosecutors said that one of the defendants, whom they identified only by his surname, Choi, had in his possession email addresses and South Korean resident registration numbers, which are required by many websites in the country to create a new user account. Choi had allegedly categorized at least some of the stolen data based on its intended use.

"If this information was passed on to North Korea, the North has a significant amount of personal information about South Korean individuals," said the prosecutor, adding that it was likely that some of the information had also been sold to Chinese and Taiwanese fraudsters for conducting telephone scams.

[ Anonymous hits North Korean government sites. Read Anonymous Seizes North Korean Twitter, Flickr Feeds. ]

Prosecutors also accused Choi of working with a North Korean agent and known hacker since 2007, as well as working with hacking tools and spam email distribution software developed by North Korea. Prosecutors said at least 1,000 of the recovered records had been obtained in 2011 from a known North Korean agent.

According to prosecutors, Choi somehow enjoyed administrator-level access to about 68,000 different websites in South Korea. He allegedly used that access to post advertisements for adult-oriented websites. Choi is also accused of hacking into South Korean gambling websites and profiting from them.

The charges come amidst increasing tensions in the Korean peninsula, following North Korea this year testing nuclear weapons and threatening to restart its nuclear reactor at Yongbyon and conduct tests of missiles capable of striking South Korea, Japan and U.S. military bases in the Pacific. North Korea is also suspected of launching wiper malware attacks against South Korean banks and broadcasters that led to mass hard-drive deletions.

Meanwhile, about 10 days ago North Korea officially declared war on South Korea. North Korea's Asia-Pacific Peace Committee (KAPPC) upped the ante Tuesday with a statement warning all foreign nationals residing in South Korea to prepare to evacuate. "The committee informs all foreign institutions and enterprises and foreigners including tourists in Seoul and all other parts of South Korea that they are requested to take measures for shelter and evacuation in advance for their safety," read the KAPPC statement, reported South Korea's Yonhap News Agency. "We do not wish harm on foreigners in South Korea should there be a war."

North Korea's rulers, however, claim they didn't start the escalation. "The United States and the South Korean puppet warmongers are now watching for a chance to start war against the DPRK after massively introducing weapons of mass destruction, including nuclear war hardware into South Korea," they said. DPRK stands for the Democratic People's Republic of Korea, the official name for North Korea, which is ruled from Pyongyang by a totalitarian regime headed by 30-year old Kim Jong-un.

Pyongyang's warmongering ways led the Anonymous hacktivist collective, working with botmaster friends, to recently launch DDoS attacks against numerous official North Korean websites; leak what it claimed were 15,000 membership records stolen from North Korea's Kim Il Sung Open University website, run from China; and seize and deface North Korea's Twitter and Flickr accounts with images of an Anonymous couple dancing a tango.

Attend Interop Las Vegas May 6-10 and learn the emerging trends in information risk management and security. Use Priority Code MPIWK by March 22 to save an additional $200 off the early bird discount on All Access and Conference Passes. Join us in Las Vegas for access to 125+ workshops and conference classes, 300+ exhibiting companies, and the latest technology. Register today!

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
PJS880
50%
50%
PJS880,
User Rank: Ninja
4/23/2013 | 5:10:54 PM
re: South Korea Charges Alleged Hackers
There is a lot going on over there in the KoreaGs. If this guy has been working with foreign governments, then the amount of information should be nothing less than significant. The article did not say much about the other guy, what is he charged with releasing and what is his history? You would figure with al the drama that has been occurring over there that the security of these types of breeches would be in the highest priority.

Paul Sprague
InformationWeek Contributor
Andrew Hornback
50%
50%
Andrew Hornback,
User Rank: Apprentice
4/10/2013 | 3:45:23 AM
re: South Korea Charges Alleged Hackers
North Korea's got a lot of bluster for a country with an air force (if you can call it that) that still flies biplanes.

While I think it's important that all of the foreign nationals in South Korea be safe, this whole "conflict" seems to amount to a pair of Yorkshire Terriers with bad attitudes yapping at each other from across the street while their owners exchange friendly hellos. And, of course, those friendly folks from Anonymous have to capitalize on the spotlight being shone upon the Korean peninsula - starting to think that they're just out for the glory and headlines while the real folks that we need to be wary of are the ones that don't seek the headlines and attention.

There are a lot of ifs and whens that will shape this conflict... if China decides they've had enough of Kim Jong-un, expect North Korea to fall like a house of cards. If North Korea pulls the trigger first and goes after Seoul (which is their expected initial target due to proximity to the DMZ), they're not expected to be able to keep a barrage going for long and with a pair of US Air Force Bases in country as well as a carrier battle group based in Yokosuka, Japan, it wouldn't take long (if this administration is willing) to counterpunch.

Meanwhile, keep your popcorn handy as we watch the hacking back and forth between these two Yorkies. It won't get boring, that's for sure.

Andrew Hornback
InformationWeek Contributor
Register for Dark Reading Newsletters
Dark Reading Live EVENTS
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While red team conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the blue team will be the focus.
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] Assessing Cybersecurity Risk
[Strategic Security Report] Assessing Cybersecurity Risk
As cyber attackers become more sophisticated and enterprise defenses become more complex, many enterprises are faced with a complicated question: what is the risk of an IT security breach? This report delivers insight on how today's enterprises evaluate the risks they face. This report also offers a look at security professionals' concerns about a wide variety of threats, including cloud security, mobile security, and the Internet of Things.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.