hankyoreh

By Lee Moon-young　
　　
Personal information belonging to some 35 million Cyworld and Nate users was received by a hacker using a Chinese IP address following its leak in a July hacking attack, the Korean National Police Agency (KNPA) announced Thursday. It also emerged that the malicious code used in the hacking was concealed in an update file for the well-known South Korean file compression program ALZip.
The KNPA’s cyber-terrorism response center announced these findings Thursday in its interim investigation report on the SK Communications hacking case.
“On July 18 and 19, a hacker hacked into the server for ESTSoft’s ‘open ALZip’ update and designated targets for infection, after which it switched the normal update file with a malicious code file, using this tactic to infect 63 PCs in the SK Communications intranet during the update process,” the police explained.
The police added that the hacker collected additional internal access information on database administrator IDs and passwords from the inflected computers between July 18 and 25 before carrying out the hacking of member information over July 26 and 27.
The police are presuming that the hacker singled out specifically the intranet computers at SK Communications out of all ALZip users.
The police said the personal information that was hacked was sent a Chinese IP address. It was also confirmed that the server for a company in Seoul‘s Nonhyeon neighborhood was used as a “passthru server.” The personal information included names, IDs, passwords, resident registration numbers, birth dates, sex information, home and e-mail addresses, and telephone numbers. The passwords and resident registration numbers were leaked in an encrypted form, but if the hacker can decrypt them, personal information for some 35 million people will be exposed. The police have determined that this was the work of an extremely sophisticated hacker, in light of the level of the malicious code and the method of hacking.
But the police have yet to ascertain the identity of the hacker. They are currently carrying out a coordinated investigation with China following the confirmation that the attack originated from a Chinese IP address. But they are not ruling out the possibility that the IP address could have been laundered in another country.
“We have nothing confirmed that would implicate North Korean,” the police said, adding that the possibility of North Korean involvement was “faint.”
　　
Please direct questions or comments to [englishhani@hani.co.kr]