Attacks/Breaches
4/9/2013
12:06 PM
50%
50%

South Korea Charges Alleged Hackers

South Korean government accuses two men of working with North Korean hackers to steal personal data relating to 140 million South Koreans.

Anonymous: 10 Things We Have Learned In 2013
Anonymous: 10 Things We Have Learned In 2013
(click image for larger view and for slideshow)
The South Korean government Saturday charged two men with working with North Korean hackers -- operating from China -- and stealing personal data associated with 140 million South Korean residents.

"The data were obtained by hacking into the websites of department stores, gas stations and online shopping malls as well as from illegal dealers," a spokesman for the Seoul Central Prosecutors' Office told South Korean newspaper The Chosun Ilbo.

Prosecutors said that one of the defendants, whom they identified only by his surname, Choi, had in his possession email addresses and South Korean resident registration numbers, which are required by many websites in the country to create a new user account. Choi had allegedly categorized at least some of the stolen data based on its intended use.

"If this information was passed on to North Korea, the North has a significant amount of personal information about South Korean individuals," said the prosecutor, adding that it was likely that some of the information had also been sold to Chinese and Taiwanese fraudsters for conducting telephone scams.

[ Anonymous hits North Korean government sites. Read Anonymous Seizes North Korean Twitter, Flickr Feeds. ]

Prosecutors also accused Choi of working with a North Korean agent and known hacker since 2007, as well as working with hacking tools and spam email distribution software developed by North Korea. Prosecutors said at least 1,000 of the recovered records had been obtained in 2011 from a known North Korean agent.

According to prosecutors, Choi somehow enjoyed administrator-level access to about 68,000 different websites in South Korea. He allegedly used that access to post advertisements for adult-oriented websites. Choi is also accused of hacking into South Korean gambling websites and profiting from them.

The charges come amidst increasing tensions in the Korean peninsula, following North Korea this year testing nuclear weapons and threatening to restart its nuclear reactor at Yongbyon and conduct tests of missiles capable of striking South Korea, Japan and U.S. military bases in the Pacific. North Korea is also suspected of launching wiper malware attacks against South Korean banks and broadcasters that led to mass hard-drive deletions.

Meanwhile, about 10 days ago North Korea officially declared war on South Korea. North Korea's Asia-Pacific Peace Committee (KAPPC) upped the ante Tuesday with a statement warning all foreign nationals residing in South Korea to prepare to evacuate. "The committee informs all foreign institutions and enterprises and foreigners including tourists in Seoul and all other parts of South Korea that they are requested to take measures for shelter and evacuation in advance for their safety," read the KAPPC statement, reported South Korea's Yonhap News Agency. "We do not wish harm on foreigners in South Korea should there be a war."

North Korea's rulers, however, claim they didn't start the escalation. "The United States and the South Korean puppet warmongers are now watching for a chance to start war against the DPRK after massively introducing weapons of mass destruction, including nuclear war hardware into South Korea," they said. DPRK stands for the Democratic People's Republic of Korea, the official name for North Korea, which is ruled from Pyongyang by a totalitarian regime headed by 30-year old Kim Jong-un.

Pyongyang's warmongering ways led the Anonymous hacktivist collective, working with botmaster friends, to recently launch DDoS attacks against numerous official North Korean websites; leak what it claimed were 15,000 membership records stolen from North Korea's Kim Il Sung Open University website, run from China; and seize and deface North Korea's Twitter and Flickr accounts with images of an Anonymous couple dancing a tango.

Attend Interop Las Vegas May 6-10 and learn the emerging trends in information risk management and security. Use Priority Code MPIWK by March 22 to save an additional $200 off the early bird discount on All Access and Conference Passes. Join us in Las Vegas for access to 125+ workshops and conference classes, 300+ exhibiting companies, and the latest technology. Register today!

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
PJS880
50%
50%
PJS880,
User Rank: Ninja
4/23/2013 | 5:10:54 PM
re: South Korea Charges Alleged Hackers
There is a lot going on over there in the KoreaGÇÖs. If this guy has been working with foreign governments, then the amount of information should be nothing less than significant. The article did not say much about the other guy, what is he charged with releasing and what is his history? You would figure with al the drama that has been occurring over there that the security of these types of breeches would be in the highest priority.

Paul Sprague
InformationWeek Contributor
Andrew Hornback
50%
50%
Andrew Hornback,
User Rank: Apprentice
4/10/2013 | 3:45:23 AM
re: South Korea Charges Alleged Hackers
North Korea's got a lot of bluster for a country with an air force (if you can call it that) that still flies biplanes.

While I think it's important that all of the foreign nationals in South Korea be safe, this whole "conflict" seems to amount to a pair of Yorkshire Terriers with bad attitudes yapping at each other from across the street while their owners exchange friendly hellos. And, of course, those friendly folks from Anonymous have to capitalize on the spotlight being shone upon the Korean peninsula - starting to think that they're just out for the glory and headlines while the real folks that we need to be wary of are the ones that don't seek the headlines and attention.

There are a lot of ifs and whens that will shape this conflict... if China decides they've had enough of Kim Jong-un, expect North Korea to fall like a house of cards. If North Korea pulls the trigger first and goes after Seoul (which is their expected initial target due to proximity to the DMZ), they're not expected to be able to keep a barrage going for long and with a pair of US Air Force Bases in country as well as a carrier battle group based in Yokosuka, Japan, it wouldn't take long (if this administration is willing) to counterpunch.

Meanwhile, keep your popcorn handy as we watch the hacking back and forth between these two Yorkies. It won't get boring, that's for sure.

Andrew Hornback
InformationWeek Contributor
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, January 2015
To find and fix exploits aimed directly at your business, stop waiting for alerts and become a proactive hunter.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7402
Published: 2014-12-17
Multiple unspecified vulnerabilities in request.c in c-icap 0.2.x allow remote attackers to cause a denial of service (crash) via a crafted ICAP request.

CVE-2014-5437
Published: 2014-12-17
Multiple cross-site request forgery (CSRF) vulnerabilities in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) enable remote management via a request to remote_management.php,...

CVE-2014-5438
Published: 2014-12-17
Cross-site scripting (XSS) vulnerability in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allows remote authenticated users to inject arbitrary web script or HTML via the computer_name parameter to connected_devices_computers_edit.php.

CVE-2014-7170
Published: 2014-12-17
Race condition in Puppet Server 0.2.0 allows local users to obtain sensitive information by accessing it in between package installation or upgrade and the start of the service.

CVE-2014-7285
Published: 2014-12-17
The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP scripts.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.