[ISN] Police Nab Suspected Hacker of Korean Bank

From: InfoSec News (alerts@private)
Date: Fri May 16 2008 - 01:05:50 PDT


Digital Chosun Ilbo
May 16, 2008

Police on Thursday arrested an American who allegedly hacked the 
computer network of a Korean savings bank, disrupting its systems and 
attempting to blackmail it for money. It's the first time a domestic 
bank has been hacked, police said.

The Korean National Police Agency's Cyber Terror Response Center on 
Thursday requested an arrest warrant for a 24-year-old American 
identified only as "J" on charges of hacking the network of "M" Savings 
Bank and demanding a blackmail payout.

J allegedly hacked into bank's loan data administration system late last 
month and encrypted the customer database so the bank couldn't access 
it. The hacker left a message on the bank's internal bulletin board 
saying he would unlock the database if US$200,000 was wired to his 
account, otherwise the system would remain disabled.

The culprit is also believed to have sent the same message via cell 
phone text message to 160 bank employees. The bank has 30,000 customers 
and one trillion won in deposits.

A police officer said there have been cases of criminals stealing 
customers' online banking data and withdrawing their deposits but this 
is the first time a domestic bank's computer network has been hacked.

After graduating from a two-year college in the U.S., police said "J" 
came to Korea on a work visa in 2003 but it's unclear what he has been 
doing in the country.

On the same day, the police foreign affairs bureau arrested three 
people, including a 51-year-old identified as "Lee", for allegedly 
gathering wireless Internet access information on two banks for hacking 

The information they obtained is a code that is exchanged when customers 
access the bank network wirelessly. By decoding it, the hackers would 
have been able to figure out the web administrator's ID which allows 
access to the banking system.

Police said after hacking the ID, the hackers were planning to go to 
China from where they would steal the banks' customer information. Once 
they had access to account information, they could have withdrawn 

Attend Black Hat USA, August 2-7 in Las Vegas, 
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings 
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. http://www.blackhat.com

This archive was generated by hypermail 2.1.3 : Fri May 16 2008 - 01:24:14 PDT