Phishing scams erase users’ precious memories

A 34-year-old company worker surnamed Shin was having a pleasant afternoon on May 5. Her day at work was going smoothly until she picked up a phone call from her younger sister, who sounded anxious.

“You really need to see your Cyworld [account] RIGHT NOW!” Shin’s sister said with a trembling voice over the phone. “Someone is deleting your photos.”

Shin’s sister was surfing the Web at home in Bundang. She became suspicious when someone who thought she was her big sister logged in on the NateOn Messenger with her ID and asked her to transfer 5 million won ($4,600) in poorly written Korean.

“It didn’t sound like my sister,” Shin’s sister said. “I heard about rampant cases of messenger phishing from my friends so I tried to cut off the conversation by asking her to talk about it later at home instead. Then she acted weird and I was peppered with curse words on the messenger.”

Shin’s sister checked her big sister’s Cyworld page, which is integrated with the NateOn Messenger. She discovered someone, presumably a hacker, was deleting the photos and bulletin boards. It took less than five minutes to delete everything.

Presumably, an outraged hacker who failed to deceive Shin’s sister deleted her big sister’s sweet memories in revenge. The Shin sisters said they didn’t report the matter to police because they didn’t lose money.

SK Communications, the operator of NateOn Messenger and social networking site Cyworld, said there were complaints from users whose contents of Cyworld home pages have been completely deleted by hackers who failed to get what they want.

The operator said this new type of messenger phishing emerged about a month ago.

Usually, the most rampant online messenger phishing is done by a hacker who use a hacked ID and asks for money from the victim’s friends. If the hacker fails, he usually leaves the messenger quickly.

Kim Ji-hoon, a 23-year-old college student, was also a victim of the new type of messenger phishing. His photos of high school and college life were deleted by a hacker. “I was really angry and didn’t know what to do after I learned that the memories I’ve been keeping for several years were gone,” Kim said.

“The hacker who failed to get money from my friends instead stole my entire school memories. The pain of losing 10 years of memories is much the same as if I lost money.” Kim also said he didn’t report the case to police because he didn’t lose money.

An official at SK Communications said there was no way to restore the deleted data.

The company said there’s nothing much it can do if pictures and other postings on a cyworld page are deleted because technically they were deleted by someone who properly logged in with a user’s ID and password.

Victims like Shin and Kim said the company must restore lost data if they were deleted by hackers. “I could’ve got over this if Cyworld had a backup function,” Kim said.

The Cyber Terrorism Response Center under the National Police Agency said 185 messenger phishing cases were solved from last November to this April.

Police, however, warned that the number could be double or even triple if unreported cases are included. Police said the messenger phishing scam is becoming increasingly more complicated and asked victims to report the matter to police.

“Even if a person didn’t lose money, a hacker can be charged with an attempted scam or violating the cyber information protection law.”

By Shin Sae-rom [mijukim@joongang.co.kr]

한글 관련 기사 [중앙일보]
"나 몰래 왔다 간 옛 애인 … 언제 어디서 접속했는지 다 나와"
싸이월드 ‘방문자 추적 프로그램’ 기자가 써 보니 …

추적기에 남겨진 방문자들의 접속 기록. 자신의 미니홈피를 찾은 방문자의 이름과 접속 시각은 물론 IP 주소를 통해 접속 지역도 추정이 가능하다. 추가비용을 내면 성별·나이도 알 수 있다.
“예전에 사귀던 사람이 다녀갔는지 궁금하지 않으세요?”

　포털사이트 게시판에서 흔히 볼 수 있는 싸이월드 ‘방문자 추적기’에 대한 광고문구다. 방문자 추적기는 누가, 언제, 어디서 내 홈피에 접속했는지 알려주는 불법 프로그램이다. 별 생각 없이 들른 옛 애인이나 친구의 미니홈피 방문 기록 등이 그대로 노출될 수 있다는 것이다. 미니홈피에 도사린 위험은 피싱뿐만이 아니라는 얘기다.

　지난 12~18일 일주일간 기자가 직접 방문자 추적기를 사용해 봤다. 추적기 설치 사이트에 들어가 1만6000원을 결제하고 ‘프리미엄 회원’이 됐다. 프리미엄 회원에겐 두 달 동안 방문자의 이름과 IP(인터넷 프로토콜)주소·접속 경로까지 알려준다고 했다. 추적기를 설치하는 데는 5분도 채 안 걸렸다. 미니홈피의 다이어리 메뉴에는 영화 평점을 매기고 감상평을 올리는 ‘리뷰’ 기능이 있다. 이 리뷰 글 속에 추적 프로그램을 숨겨 홈피 대문에 걸어두면 방문자의 접속 정보가 추적기를 구매·결제했던 사이트로 자동 전송된다. 미니홈피 주인은 실시간으로 이를 볼 수 있다. 기자의 미니홈피에 새 글이 올라왔다는 소식이 전해지자 다른 언론사 동료 기자들과 대학 선후배들이 속속 찾아들었다. 이들의 이름과 IP·접속 시간 기록은 고스란히 남겨졌다. 추적 사흘째, 방문자를 확인하던 기자의 눈이 커졌다. 입대 전 만났던 여자친구의 이름이 찍혀 있었다. 그녀의 미니홈피에는 “곧 결혼한다”는 글이 올라와 있었다. 일주일간 기자의 미니홈피를 다녀간 사람은 모두 53명. 추적기는 그중 절반인 27명의 ‘신원’을 확인해줬다. 아직 사용 기간이 두 달이나 남은 추적기를 19일 제거하며 떠오른 건 “세상엔 모르고 살아야 더 좋은 것도 있는 법”이라는 말이었다.　

한편 싸이월드 측은 "2008년부터 꾸준히 불법 추적기를 차단하고 있다"며 "추적기는 일종의 악성 프로그램으로 해킹 등 사용자의 주의도 필요하다"고 밝혔다.