Hackers breach financial system

The Korea Financial Telecommunications and Clearings Institute said yesterday it has scrapped 461 digital certificates frequently used for online financial transactions after it learned they were leaked by hackers through malware, revealing the vulnerability of the world’s most wired country’s financial security system.

The Financial Supervisory Service confirmed it has no reports of damages because of the leaked information.

According to the service, the institute, which manages interbank payment systems, discovered the leak through malware earlier this month when it was conducting regular checks on pharming Web sites.

It said its action was aimed at avoiding a mass security breach where hackers withdraw hundreds of millions of won.

Pharming is emerging as a trend among hackers where they redirect the traffic of Web site, for example of a bank, to a bogus site in order to collect personal financial information, like IDs and passwords to access the Web site as well as credit card and national identification numbers.

The institute notified IT divisions of banks on Jan. 4. Banks said they have notified customers who are affected by phone and directed them to come in if they want to reissue their digital certificate. As an emergency measure, banks said they have restricted reissuance of digital certificates without visiting offices.

The institute said digital certificates issued by the nation’s major banks - Shinhan, Kookmin, Woori, Hana, Korea Exchange Bank, Standard Chartered, Citi and Nonghyup - were leaked.

Industry insiders said this is the first time that such a large number of digital certificates have been invalidated by the institute. The institute had scrapped digital certificates at the request of police in 2010, but only 36 were affected.

“Some news reports said the digital certificates were leaked through pharming, but we’re weighing the possibility that they were leaked after Internet users accessed and downloaded files through servers where hackers implanted malware,” said Kim Yoon-jin, an official at the FSS’s IT supervision division. “It seems this malware then gained access to Internet users’ personal computers and copied their digital certificates.”

Kim said this case is different from a pharming tactic where a hacker gets reissuance of a digital certificate belonging to an Internet user after the user types an ID and password to access an Internet Web site run by a local bank without knowing that it is a bogus Web site redirected by hackers.

“To avoid becoming victims of data leaks of critical, personal information, Internet users should run an antivirus program on a regular basis,” Kim said. “They also should refrain from visiting certain Web sites, such as those where they can download movies as these sites are particularly vulnerable to hacking.”

By Kim Mi-ju [mijukim@joongang.co.kr]