12:06 PM

South Korea Charges Alleged Hackers

South Korean government accuses two men of working with North Korean hackers to steal personal data relating to 140 million South Koreans.

Anonymous: 10 Things We Have Learned In 2013
Anonymous: 10 Things We Have Learned In 2013
(click image for larger view and for slideshow)
The South Korean government Saturday charged two men with working with North Korean hackers -- operating from China -- and stealing personal data associated with 140 million South Korean residents.

"The data were obtained by hacking into the websites of department stores, gas stations and online shopping malls as well as from illegal dealers," a spokesman for the Seoul Central Prosecutors' Office told South Korean newspaper The Chosun Ilbo.

Prosecutors said that one of the defendants, whom they identified only by his surname, Choi, had in his possession email addresses and South Korean resident registration numbers, which are required by many websites in the country to create a new user account. Choi had allegedly categorized at least some of the stolen data based on its intended use.

"If this information was passed on to North Korea, the North has a significant amount of personal information about South Korean individuals," said the prosecutor, adding that it was likely that some of the information had also been sold to Chinese and Taiwanese fraudsters for conducting telephone scams.

[ Anonymous hits North Korean government sites. Read Anonymous Seizes North Korean Twitter, Flickr Feeds. ]

Prosecutors also accused Choi of working with a North Korean agent and known hacker since 2007, as well as working with hacking tools and spam email distribution software developed by North Korea. Prosecutors said at least 1,000 of the recovered records had been obtained in 2011 from a known North Korean agent.

According to prosecutors, Choi somehow enjoyed administrator-level access to about 68,000 different websites in South Korea. He allegedly used that access to post advertisements for adult-oriented websites. Choi is also accused of hacking into South Korean gambling websites and profiting from them.

The charges come amidst increasing tensions in the Korean peninsula, following North Korea this year testing nuclear weapons and threatening to restart its nuclear reactor at Yongbyon and conduct tests of missiles capable of striking South Korea, Japan and U.S. military bases in the Pacific. North Korea is also suspected of launching wiper malware attacks against South Korean banks and broadcasters that led to mass hard-drive deletions.

Meanwhile, about 10 days ago North Korea officially declared war on South Korea. North Korea's Asia-Pacific Peace Committee (KAPPC) upped the ante Tuesday with a statement warning all foreign nationals residing in South Korea to prepare to evacuate. "The committee informs all foreign institutions and enterprises and foreigners including tourists in Seoul and all other parts of South Korea that they are requested to take measures for shelter and evacuation in advance for their safety," read the KAPPC statement, reported South Korea's Yonhap News Agency. "We do not wish harm on foreigners in South Korea should there be a war."

North Korea's rulers, however, claim they didn't start the escalation. "The United States and the South Korean puppet warmongers are now watching for a chance to start war against the DPRK after massively introducing weapons of mass destruction, including nuclear war hardware into South Korea," they said. DPRK stands for the Democratic People's Republic of Korea, the official name for North Korea, which is ruled from Pyongyang by a totalitarian regime headed by 30-year old Kim Jong-un.

Pyongyang's warmongering ways led the Anonymous hacktivist collective, working with botmaster friends, to recently launch DDoS attacks against numerous official North Korean websites; leak what it claimed were 15,000 membership records stolen from North Korea's Kim Il Sung Open University website, run from China; and seize and deface North Korea's Twitter and Flickr accounts with images of an Anonymous couple dancing a tango.

Attend Interop Las Vegas May 6-10 and learn the emerging trends in information risk management and security. Use Priority Code MPIWK by March 22 to save an additional $200 off the early bird discount on All Access and Conference Passes. Join us in Las Vegas for access to 125+ workshops and conference classes, 300+ exhibiting companies, and the latest technology. Register today!

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
4/23/2013 | 5:10:54 PM
re: South Korea Charges Alleged Hackers
There is a lot going on over there in the KoreaGs. If this guy has been working with foreign governments, then the amount of information should be nothing less than significant. The article did not say much about the other guy, what is he charged with releasing and what is his history? You would figure with al the drama that has been occurring over there that the security of these types of breeches would be in the highest priority.

Paul Sprague
InformationWeek Contributor
Andrew Hornback
Andrew Hornback,
User Rank: Apprentice
4/10/2013 | 3:45:23 AM
re: South Korea Charges Alleged Hackers
North Korea's got a lot of bluster for a country with an air force (if you can call it that) that still flies biplanes.

While I think it's important that all of the foreign nationals in South Korea be safe, this whole "conflict" seems to amount to a pair of Yorkshire Terriers with bad attitudes yapping at each other from across the street while their owners exchange friendly hellos. And, of course, those friendly folks from Anonymous have to capitalize on the spotlight being shone upon the Korean peninsula - starting to think that they're just out for the glory and headlines while the real folks that we need to be wary of are the ones that don't seek the headlines and attention.

There are a lot of ifs and whens that will shape this conflict... if China decides they've had enough of Kim Jong-un, expect North Korea to fall like a house of cards. If North Korea pulls the trigger first and goes after Seoul (which is their expected initial target due to proximity to the DMZ), they're not expected to be able to keep a barrage going for long and with a pair of US Air Force Bases in country as well as a carrier battle group based in Yokosuka, Japan, it wouldn't take long (if this administration is willing) to counterpunch.

Meanwhile, keep your popcorn handy as we watch the hacking back and forth between these two Yorkies. It won't get boring, that's for sure.

Andrew Hornback
InformationWeek Contributor
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.