Online construction bid system hackedA group of computer hackers and builders who broke into the government’s online bidding system to win major construction projects was busted, the prosecution said yesterday.
The high-tech and financial crimes investigation division of the Seoul Central District Prosecutors’ Office confirmed yesterday that 21 members of a crime ring were indicted following an investigation into the organization. There were 28 members in total.
The prosecution said the syndicate included hackers, brokers and construction company owners. They also assigned middlemen to each region to oversee the schemes.
Online constructions bids save construction companies from having to send large amounts of paperwork to potential clients; project information is sent through relevant software programs, where bids can be assessed.
According to the prosecution, the group planted hacking software in the computers of public servants to manipulate the bids for projects from the Gyeonggi, Incheon and Gangwon governments. They manipulated the bids, worth a total of 110 billion won ($103.7 million), from May 2011 to October 2012, the prosecution said.
Thirty-five construction firms were involved in the scheme to win projects commissioned in Gyeonggi, Incheon and Gangwon, it added. By manipulating the lowest bidding price, the companies won 77 construction bids, worth a total of 110 billion won. In return, the crime ring received up to 7 percent of the bidding price.
The prosecution said it confiscated 433 million won in profits that the group accumulated.
Four of the syndicate’s members, including the 37-year-old developer of the hacking software, were placed on a wanted list. They have reportedly fled the country. Meanwhile, prosecutions have been postponed for three construction company owners, whose charges were light.
The rigged bids include12 construction projects commissioned by Ongjin County of Incheon to fix damage caused by North Korea’s shelling of Yeonpyeong Island on Nov. 22, 2010. The hackers broke into the computer of a county public servant on April 16, 2011, rigging bidding processes in order to win 20.3 billion won-worth of projects.
Nara Jangteo, Korea’s online e-procurement system, is operated by the Public Procurement Service (PPS). Through this system, construction projects commissioned by local governments are awarded to construction companies that submit prices closest to the prearranged minimum budget.
In order to combat a long history of organized corruption in the bidding process, the PPS has made this system deliberately complex, with the lowest price for a project decided in advance.
The system then randomly generates 15 estimated prices 2 percent to 3 percent above or below that figure. Companies that participate in the bidding then blindly draw one of 15 estimated prices in a closed session.
The average of the four most selected prices is then calculated for a final minimum budget. Once the budget is finalized, construction companies submit an estimate, and the contractor with an offer closest to the average final cost wins the project.
According to the prosecution, the hacking syndicate manipulated the 15 randomly generated prices, thereby driving up the price of the final minimum budget. They also hacked into the computers of their competitors, rigging their blind selections.
By controlling the final minimum budget for each project and manipulating the figures of competing companies, the hackers were able to submit a final estimate that was only tens of won higher than the final budget.
According to the prosecution, a similar case took place in April in which a crime ring in North Gyeongsang also hacked into the e-procurement system. At the time, the hackers only obtained pricing information in advance to improve the accuracy of their bidding prices.
In the latest case, however, the hackers went one step further, manipulating the entire bidding process. But because the e-procurement server of the PPS has several layers of security, the hackers accessed the system through the computers of local government officials, the prosecution said.
They accessed the public servants’ computers by providing the electronic files of their construction plan to project managers. Once those files were opened on their computers, the malware infected the system.
The crime ring also hacked their competition by sending emails containing the malware. A total of 580 construction companies in Gyeonggi, Incheon and Gangwon were affected.
The prosecution added yesterday that it will also investigate the construction projects of other regional governments.
BY SER MYO-JA [firstname.lastname@example.org]