Hackers arrested over data leakageAuthorities said yesterday that they have arrested three hackers suspected of leaking the personal data of 17 million people from 225 websites.
The Incheon Metropolitan Police Agency announced yesterday that it had arrested the trio, who stole personal data from Korean websites and sold it to loan lenders and chauffeur service companies in exchange for about 100 million won ($93,793).
According to the police, the websites’ security networks were not secure enough to prevent infiltration. The hackers uploaded malicious coding onto posts on online boards, gaining control over the domain once site administrators clicked on them.
The hackers told the police that they were easily able to steal the personal data since most of the websites didn’t encrypt the personal data of their members.
Two 21-year-old hackers responsible for spearheading the operation, surnamed Kim and Choi, met each other and another accomplice, Lee, 18, in early 2011 while playing an online game.
Kim is a well-known figure in online communities for his self-taught hacking abilities, which gained him a number of followers. Kim had a prior arrest in November 2012 for spreading malware on online community sites.
Choi, now a college student, who is also established among hackers, was also previously charged for spreading malicious content across different sites.
Lee, who had apparently dreamed of becoming a white-hat hacker, allegedly learned hacking techniques through chatting online with Kim and Choi. He eventually lost himself in hacking, going so far as to drop out of school.
According to the police, Lee even stayed with Kim and Choi in September in Iksan, North Jeolla.
The three hackers started stealing data in September from the websites of various organizations, including the Korean Medical Association, the Association of Korean Medicine and the Korean Dental Association, as well as from stocks and real estate service sites, the police said.
After that, the hackers turned to infiltrating online gambling websites. By manipulating data, they obtained about 180 million won from the site, and extorted another 80 million won by blackmailing the operators, claiming they would erase the site altogether if their demands weren’t met.
At first, Lee was only involved in the sale of illegally obtained data, authorities said. He connected Kim and Choi with buyers by posting advertisements online, receiving only a small amount of money in return.
But it didn’t take long for Lee to try hacking on his own, penetrating 14 websites and stealing personal data.
“I just gave it a try and it was very easy,” Lee told police.
The police said yesterday that they had arrested Kim and Choi for breaching laws related to information security. Lee and six others are being investigated for possible collusion.
Officials added that the managers of the hacked websites may also be held responsible for their lax security measures.
BY CHOI MO-RAN [email@example.com]