Programmers accused of hacking 2.3 million IDs
Korea JoongAng Daily

Home > National > Social Affairs

print dictionary print
Published: 16 Apr. 2009, 02:27

Programmers accused of hacking 2.3 million IDs

Two computer programmers were indicted yesterday on charges of hacking into Web sites and obtaining personal data of 2.3 million persons and using part of that information to post spam advertisements on Naver and other Web sites.

According to investigators at the Seoul Central District Prosecutors’ Office, the pair allegedly hacked into more than 100 Web sites from January 2008 until February of this year.

They targeted Web sites for games, florists, real estate agencies and used car dealerships that have vulnerable security systems.

“They developed their own computer program to sort out whether some of the users’ stolen IDs and passwords collected from various Web sites were identical to Naver IDs and passwords,” said Roh Seung-kwon, the prosecutor in charge of the case.

The suspects took advantage of the practice by some Internet users of using the same ID and password to access different Web sites, he added.

Of the 2.3 million people whose personal information was hacked, some 150,000 had used the same ID and passwords on Naver, prosecutors said.

Investigators said the suspects used 90,000 of those accounts to post gambling Web site advertisements at Naver’s Jisik-in. Jisik-in, Korean for “knowledge person,” is a knowledge pool created by all Naver users where one user asks any question and whoever knows the answer responds.

This kind of data has been gathered for several years and the database is full of answers, attracting many Koreans.

The hackers then used some 3,400 local computers to post mass questions, answers and advertisements regarding a baccarat game on Jisik-in and other sites.

They disguised malicious code as a movie or music player program and posted it on the Internet. The code would secretly install itself on a computer once it was clicked.

The “botnet” hacking tactic (a combination of “robot” and “network”), also known as a “zombie army,” allowed the suspects to remotely control 3,400 computers, prosecutors said.

In return, the suspects received 130 million won ($97,232) from the gambling site owner as a commission.

Prosecutors say they also sold information on 60,000 Naver users to a personal information broker based in China for 10 million won.

“The prosecution notified Naver to send a notice to 90,000 users to change their IDs and passwords that had been leaked,” Roh said.

“Internet users should use different passwords on Web sites. They also need to change their passwords on a regular basis.”


By Park Yu-mi, Kim Mi-ju [mijukim@joongang.co.kr]
tags

More in Social Affairs

Supreme Court finalizes 13-year sentence for teacher who made sexually exploitative videos of 120 students

As platforms raise membership fees, addicted consumers face heavy burden

Seoul gov't finds carcinogens in children's products from Temu, AliExpress

Nine-year-old among suspects busted in youth gambling crackdown

Doctor convicted for illegally giving propofol to actor Yoo Ah-in

Related Stories

How Korean startup Craver hopes to become the 'HYBE of the beauty industry'

Out with the old and in with the new: Rondinone’s 'BURN TO SHINE' opens at Museum SAN

Fuel tax cut extended by 2 months amid Middle East tensions

[Student Voices] The Road Ahead

Le Sserafim debuts at Coachella to mixed reviews
Log in to Twitter or Facebook account to connect
with the Korea JoongAng Daily
help-image Social comment?
s
lock icon

To write comments, please log in to one of the accounts.

Standards Board Policy (0/250자)