Hacker purloins real estate contracts

Fear of personal data hacking is spreading after the JoongAng Ilbo found that information about property buyers and sellers involved in over 5.9 million transactions was stolen by a hacker who penetrated the database of the Korea Association of Realtors (KAR) last November.

The Korean National Policy Agency’s Cyber Terror Response Center confirmed yesterday that there was a hacking incident on Nov. 8. It has started an investigation that is expected to take two to three months and it will investigate whether individuals’ personal data was distributed illegally.

In response to worries about possible harm caused by the hacking, the Ministry of Land, Infrastructure and Transport said yesterday it would also launch an investigation into all associations under the ministry. An official at the Land Ministry said it was unaware earlier that the KAR was operating such a database.

The JoongAng Ilbo discovered the leaks in a report written by a consultant subsidiary of SK C&C at the request of the association, which has a membership of around 81,000 realtors across the country.

According to the report, housing, land and commercial building transaction contracts made over the past 10 years, which add up to as many as 5.95 million cases, were hacked on Nov. 8.

The hacker accessed the website of the association through a Chinese Internet Protocol address and loaded Webshell, a hacking program, on a public board of its homepage. A remote control program that allowed the hacker to control the database was also detected.

Since property contracts include the personal data of buyers and sellers and transaction prices, they could be used to cause a lot of trouble, analysts say. Identity theft is a major possibility because so much information has been leaked.

It’s even possible for someone’s property to be sold without them knowing.

“A number of Webshell and remote controlling programs were detected and removed on Jan. 20,” the report said.

The hacker was in full control of the website’s server between Nov. 8 and Jan. 20. The server was linked to the database storing the 5.95 million contracts.

The association is currently conducting an internal investigation to find out whether the report is true.

An executive of the association told the JoongAng Ilbo that he knew about the incident earlier but didn’t consider it serious or take any action.

“Since most Koreans’ biggest asset is real estate, this can be really serious as a person’s most valuable asset is exposed to risks,” said Shim Kyo-un, a real estate professor at Konkuk University.

KAR started running the database in 2004. To digitize real estate information, the association offered its realtor members an electronic contract program called Tank 21 for free. About 76 percent of the 81,000 association members, or 62,000 realtors, use the program, the report said. Every year, about 560,000 property contracts are registered electronically.

If the information from the 5.95 million contracts is leaked, the damage could be serious. It includes personal information like residential registration numbers, home addresses, phone numbers and also locations of properties, prices and loan issuances.

“In the second-tier financial industry, where qualifications for loans are not as strict as first-tier banks, anyone can get loans with a fabricated identity card, stamp and the information from these contracts,” said Lee Nam-soo, a head of private banking at Shinhan PB’s Seocho Center.

Some politicians are already worrying about use of such information for negative political campaigns. Specifically, politicians’ real estate purchases can be exposed, which is always a sensitive issue in Korea.

“There will be huge impact if the information is used for political purposes,” said a lawmaker’s aide.

Although KAR had possession of extremely important information on individuals, its security was very lax, the JoongAng Ilbo found.

There was only one person in charge of managing the database, and the association’s annual budget for information security was 8.64 million won ($8,148).

In August 2010, a post was loaded on the site’s homepage saying some files that look like property contract-related documents had been exposed, but the association ignored it.

“Real estate transactions can be related to collection of national taxes,” said Kwon Dae-jung, a real estate professor at Myongji University.

“It is absurd to hear that such important information is in control of a private association without the government’s monitoring.”

BY HWANG JEONG-IL, SONG SU-HYUN [ssh@joongang.co.kr]