Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

ISPs Eyed in ID Theft

Two Korean ISPs alleged to have signed more than 7M customers up for new services without their permission

5:40 PM -- A truly disturbing report came out of Korea earlier today. Here's how it was reported by the trade pub IT Week:

Police are investigating South Korea's two biggest ISPs on suspicion that they broke identity theft laws on more than 7 million occasions. The two companies, KT and Hanaro Telecom Inc., are suspected of signing up more than 7 million customers for services without their permission, according to police sources cited by local media today.

Many of the company's Internet service customers were apparently illegally signed up for additional services by telephone sales agents, who did not obtain the written consent required under law, police say. Reports say the two ISPs may have illegally signed up 7.3 million of the 10 million households and businesses in the country that rely on them for Internet service.

More than 60 employees and agents working for the two firms are now being questioned by police. KT has announced that it is cooperating with authorities and that it will improve internal data security procedures. Hanaro Telecom CEO Park Byung-Moo made an apparent apology at a press conference today, saying "he feels sorry to customers for causing such trouble," according to the Korea Herald.

The two companies provide a wide variety of services through their Web portals, including email, auctions, and games. Many of these services are free or advertising funded, although some require payment. It is not yet clear if any customers were illegally signed up for paid services.

"Even though subscribers are not aware they are internet site members and do not visit them, the high number of members itself can give website operators sales and marketing power in pushing for contracts with other businesses, for example, in advertising," detective Jeong Hyung-Won of Seoul's cybercrime investigation team told the Korea Herald.

Hanaro Telecom has also been accused of illegally sharing subscriber contact information with outside firms, which then contacted the customers in an attempt to sell products to them.

Why is this story so disturbing? Because we all have such trusted relationships with our ISPs. They not only hold our personal data, but they know where we Web surf, and when. Because in some cases, they have access to home and banking information.

If the allegations turn out to be true, I hope it will lead to a closer investigation of ISP practices worldwide. This is a category of companies that we can't afford not to trust.

— Tim Wilson, Site Editor, Dark Reading

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
What the FedEx Logo Taught Me About Cybersecurity
Matt Shea, Head of Federal @ MixMode,  6/4/2021
Edge-DRsplash-10-edge-articles
A View From Inside a Deception
Sara Peters, Senior Editor at Dark Reading,  6/2/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-34682
PUBLISHED: 2021-06-12
Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature.
CVE-2021-31811
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-31812
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-32552
PUBLISHED: 2021-06-12
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users.
CVE-2021-32553
PUBLISHED: 2021-06-12
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-17 package apport hooks, it could expose private data to other local users.