Hackers target individuals via their email boxes

The major computer hackings of Nonghyup and Hyundai Capital last year make many people think that hackers are only interested in banks and big companies.

The reality is that hackers are interested in individuals too. And they are getting cleverer about how to make you open up your computer for their gain.

One common hacking technique is to hide malignant code within an email. If the email is not opened, the hacking attempt fails.

Thus hackers must trick people into opening a malicious email by arousing their curiosity with a well-chosen subject line, like “Salary negotiation” or “Selected in a car raffle.”

“Last year, most of the emails containing malignant code were disguised as news emails on topics such as the Japanese tsunami or the death of Kim Jong-il,” said Park Hae-ryong, infrastructure specialist at the Korea Internet Security Agency.

Last year, a local Internet company was hacked and lost important data, including reports on future business plans and strategies. A police investigation revealed that an employee at the company had unwittingly clicked on an email entitled “human resources new appointments” and downloaded an Excel file attachment out of curiosity. The file was blank, and the employee blithely deleted the email. Unbeknownst to him, malignant code had been downloaded onto his computer.

The hackers who sent the email had made the employee’s computer a “zombie” and used it to figure out the user IDs and passwords of his coworkers. Then they could easily access the company’s network and its secrets.

Hackers also spread their tentacles through Twitter and other social networking services.

Experts call this hacking the “social engineering method,” which manipulates people into divulging personal information. The term was coined by notorious American hacker Kevin Mitnick.

“Because you are tricking people,” said Lee Ho-eung, head of the security management at the Ahn Lab in Gyeonggi, “the social engineering method is a type of fraud.”

Last November, a hacker surnamed Cho, 44, obtained the membership list of a golf club in Gyeonggi and sent emails to its 1,000 members entitled, “Free golf club pass event.” The members unknowingly opened the emails and dozens of computers were contaminated.

After gaining access to the computers, Cho was able to extract private information such as bank account numbers and passwords from eight golf club members. Cho was eventually arrested for withdrawing 170 million won ($152,320) from members’ bank accounts.

“No matter how much security programs are improved,” a spokesman of the National Police Agency’s Cyber Terror Response Center said, “people are still getting hacked. It’s important for individuals to heighten their awareness of security.”

By Lee Seung-ho [sarahkim@joongang.co.kr]