SNS Launches 'Hacking Request' Channel... Gang Selling Information

[Asia Economy Reporter Kim Hyun-jung] A criminal organization that operated a social networking service (SNS) channel for 'hacking requests,' stole millions of pieces of personal information, and even carried out cyberattacks on behalf of clients has been arrested by the police.

According to Yonhap News on the 20th, the Cybercrime Investigation Unit of the Jeonnam Provincial Police Agency announced that they arrested seven people, including the hacking organization leader Mr. A (48) and hacker Mr. B (25), and booked five others without detention on charges including violation of the Act on Promotion of Information and Communications Network Utilization and Information Protection. Since August 2020, Mr. A and others operated a hacking request channel mainly on SNS, stealing about 7 million pieces of customer information from 385 websites including economic specialized media and marriage information companies. The affected companies were those that had not updated their security programs to the latest versions.

A portion of the customer information list stolen by the hacking group. [Image source=Yonhap News]

They committed hacking crimes charging between 1 million and 5 million KRW per case. The clients who requested hacking were mainly illegal gambling sites, marriage information companies, plastic surgery clinics, and stock investment consulting sites. These companies used the personal information obtained through hacking without authorization for business purposes or to harass competitors. Some clients, such as illegal gambling sites, even requested distributed denial-of-service (DDoS) attacks to paralyze competitor websites.

Mr. A and his group negotiated hacking fees based on the security level of the targeted company's website and the amount of customer information held. The website with the largest personal information leak was an economic specialized media site, from which about 300,000 pieces of information were stolen. The hacked information included login IDs and passwords for each website, as well as members' mobile phone numbers and email addresses. For marriage information companies, the data included subscribers' occupations, alma maters, and residences, while stock investment consulting sites had stock information and investment scale details.

Among the 385 websites that suffered hacking damage, none reported the incident to the police, mostly because they were unaware of the customer information leak. The police, in cooperation with the Korea Internet & Security Agency and others, notified the affected companies of the hacking incidents and also began investigating the clients who requested hacking from Mr. A's group.

On the 20th, Lee Yong-geon, head of the Cyber Crime Investigation Unit at the Jeonnam Provincial Police Agency, explained the investigation details of a gang that operated a 'hacking request' channel and stole about 7 million pieces of personal information from 385 websites.
[Photo by Yonhap News]

Mr. A's group divided roles among the leader, planning director, and hackers, starting their crimes by producing and managing illegal gambling sites on behalf of clients. They stole customer information from competing gambling sites and paralyzed operations through DDoS attacks, eventually expanding their criminal activities to hacking services. The hacker within the organization was a 25-year-old non-expert with no IT-related experience, who had a prior criminal record for similar offenses.

Mr. A's group also earned separate profits by reselling the stolen personal information in bulk. There is evidence that the resold personal information flowed into telephone financial fraud (voice phishing) organizations, but no secondary damage has been identified so far.

The police identified about 30 accounts used by Mr. A's group for their crimes and confiscated approximately 1 billion KRW in hacking crime proceeds. Additionally, the police believe that Mr. A's group earned separate criminal proceeds through operating illegal gambling sites. The illegal gambling funds they managed are estimated to total about 350 billion KRW. Furthermore, Mr. A's group established virtual servers overseas to secure a large number of so-called 'zombie PCs' necessary for DDoS attacks, and the police are also conducting investigations to apprehend the responsible members residing abroad.

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.