×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

35 Million SK Telecom Accounts Stolen By Chinese Hackers

timothy posted more than 2 years ago | from the where's-that-great-firewall-when-needed? dept.

China 51

eldavojohn writes "South Korea's SK Telecom has revealed that earlier this week hackers stole 35 million account details from two sites. A portal called Nate Portal that provided e-mail services and a social networking site called CyWorld were the two targets by hackers who, SK Telecom claims, used IP addresses originating from China. From the article, 'The stolen data included user IDs, passwords, social security numbers, names, mobile phone numbers and email addresses. Nate said the social security numbers and passwords are encrypted so that they are not available for illegal use.'"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

51 comments

Squirrel Master (1)

bhcompy (1877290) | more than 2 years ago | (#36911686)

Nasty Nate needs to secure his portal, apparently.

Awwwww GRITS! (2)

Jeremiah Cornelius (137) | more than 2 years ago | (#36912234)

I must have scanned the summary too fast... I read the WHOLE ARTICLE, and nothing at all about NATALIE PORTMAN!

Re:Awwwww GRITS! (2)

m2vq (2417438) | more than 2 years ago | (#36912442)

What I found stupid, even about the title, was blaming Chinese for it. Gee, I'm pretty sure every hacker stealing 35 million peoples info will connect directly to the target server! I mean, no hacker would ever think of using a Chinese proxy because they're taking so much shit for all the other things too. But of course it's chinese hackers.

Re:Awwwww GRITS! (1)

Anonymous Coward | more than 2 years ago | (#36912934)

I don't know, how many open AND anonymous Chinese proxies does the Great Firewall allow? I mean if every ISP there must have a license from the government, and every subscriber must use his government issued id when opening an account, how many rogue servers can there be in China? And if there are, how long lived can they be?

Additionally, it wouldn't make sense for them to be on top of censoring the millions of Weibo feeds every minute (so as not to blemish the public image of China) yet not be able to filter these proxy servers (which as we see here, do blemish the public image of China). Why control one aspect, but not the other, unless there is an intent?

Re:Awwwww GRITS! (2)

m2vq (2417438) | more than 2 years ago | (#36913488)

They aren't some dedicated proxy servers, they're personal pc's which have been infected and open proxy server has been opened on them. It's easy to find those with google.

Riiiigggghhhht (1)

Anonymous Coward | more than 2 years ago | (#36911714)

Nate said the social security numbers and passwords are encrypted so that they are not available for illegal use

Encryption! Bwahahahahahahahahahahahaha!

*shits in pants with tears in eyes - breathes*

Ahahahahahahahahahahahahahahahaha!

Oh God! That was FUNNY!

Yeah, yeah, yeah, the check is in the mail; I'll call you in the Morning; I won't cum in your mouth, blah blah blah ......

Accounts being stolen left and right (1)

Compaqt (1758360) | more than 2 years ago | (#36911726)

Some questions:

1. Anybody still using the same username at multiple websites?

2. Anybody work at a place that has been affected? Citibank, whatever? Or their webdev firm? Are there wholesale firings? Of development, IT, or the business side?

3. Anybody work at a company that actually has some kind of decent security and cares about protecting customer data?

Re:Accounts being stolen left and right (0)

Anonymous Coward | more than 2 years ago | (#36911918)

1. Anybody still using the same username at multiple websites?

Nothing wrong with re-using usernames; on most sites, that's open information. It's the passphrases you should never, ever use twice.

Re:Accounts being stolen left and right (1, Offtopic)

pixelpusher220 (529617) | more than 2 years ago | (#36912082)

4. can we get an accurate summary?

*Nothing* was stolen. It was illegally obtained, but not stolen. The accounts still exist and are usable by the rightful owners baring any disabling by the telecom itself.

Re:Accounts being stolen left and right (4, Interesting)

flyingsquid (813711) | more than 2 years ago | (#36912520)

One thing the summary gets wrong: the original article, at NPR, does not say that these are "Chinese hackers". The article only says that the attack "originated in China". The reason you can't actually pin this on the Chinese is that there are are actually two countries that conduct offensive cyberwarfare operations out of China. One being China, obviously. The other is North Korea. Believe it or not, North Korea is thought to have one of the most advanced offensive cyberwarfare capabilities out there (apparently when North Korea puts its mind to something, like hacking or making nuclear bombs and ballistic missiles, they're actually not that bad at it, which makes you wonder why there still isn't enough rice to go around). Given the effectiveness with which China manages to police its internet, however, it's damn hard to believe that the North Koreans aren't operating without their approval, or even active assistance.

Re:Accounts being stolen left and right (0)

Anonymous Coward | more than 2 years ago | (#36915784)

“The other is North Korea. Believe it or not, North Korea is thought to have one of the most advanced offensive cyberwarfare capabilities out there (apparently when North Korea puts its mind to something, like hacking or making nuclear bombs and ballistic missiles, they're actually not that bad at it, which makes you wonder why there still isn't enough rice to go around).”

I'm sure North Korea do not have the "most avanced offensive cyberwarfare capabilites" as you said, especially campared to the United States, North Korea and Japan.

The abilities and technologies of securing internet and attacking other countries of both China and North Korea are way behind of other advanced countries. Although it is repored that China has initiated many attacks, the attacking is not sophisticated. According to the latest akamai 1st quarter, 2011 report "The state of internet", China takes up 6.4% of the attack traffic and is at the position 5 in the list of top 10 countries from which attack traffic originates. So the report given by google and the United States against China may be just political manipulations. Hanking activity with IP addresses originating from China does not means it is inititated by Chinese. You never know who inititated an internet attack or crime just by IP addresses.

Re:Accounts being stolen left and right (1)

tehcyder (746570) | more than 2 years ago | (#36919000)

4. can we get an accurate summary?

*Nothing* was stolen. It was illegally obtained, but not stolen. The accounts still exist and are usable by the rightful owners baring any disabling by the telecom itself.

You are doing the usual slashdot splitting of hairs. Yes, we all know that if you copy information the original is still there, and therefore it is not analogous to ptheft of physical property.
I suppose if I electronically transfer the contents of your savings account to mine (after I have illegally copied your bank details and passwords) then there is no therft involved, since I am merely electronically moving 1s and 0s around, and they cannot in themselves belong to anyone.

PII is bad, m'kay. (1)

poodlehat (919902) | more than 2 years ago | (#36911788)

From what I've heard about many websites based in S. Korea, you need to provide a resident registration number (like the US SSN) in order to register. This hack should be proof that websites shouldn't demand such personally identifing information.

Re:PII is bad, m'kay. (1)

mlts (1038732) | more than 2 years ago | (#36912186)

From what I know, it is the law in SK for sites to demand the registration number.

If a number is needed, perhaps the best idea would be for the SK government to have a website that citizens and residents can log into, and get a one time code that can be put in other places. This way, the law still works, but there is no way an attacker who does not attack the Korean government site could be able to figure that a number entered in actually belongs to which resident.

Personally, demanding a registration number is pointless and stupid. All it takes is someone snooping over the shoulder or sniffing an unencrypted password to get a valid number, and that is what an attacker needs.

"encrypted" my ass (5, Informative)

girlintraining (1395911) | more than 2 years ago | (#36911802)

Nate said the social security numbers and passwords are encrypted

And stored in a database, which for authentication purposes would need to be able to convert said "encrypted" data into plain text for any customer service representative, the billing systems, etc. The key has to be something that's widely accessible, or goes through a proxy. Either way, it's highly unlikely the "encryption" scheme is much more sophisticated than a single XOR operation. Decrypting that field for a substantial portion of the database SELECT statements would be a huge overhead.

No, I suspect they have the SSNs, it's just a matter of time before they get them back in plain text. Besides, the 'nice' thing about SSNs is... If you know where the person was born, and what year (not hard to find), you can predict 6 out of the 10 digits with a high degree of accuracy, thus aiding substantially in the cryptanalysis. This isn't random data being encrypted... it's highly structured, and most of the plain-text is already known.

They're screwed.

Re:"encrypted" my ass (0)

Anonymous Coward | more than 2 years ago | (#36911940)

Their encryption scheme was LOT-13.

Re:"encrypted" my ass (1)

Microlith (54737) | more than 2 years ago | (#36911954)

Besides, the 'nice' thing about SSNs is... If you know where the person was born, and what year (not hard to find), you can predict 6 out of the 10 digits with a high degree of accuracy, thus aiding substantially in the cryptanalysis.

That's assuming that South Korean SSNs are issued using similar procedures as US SSNs.

Re:"encrypted" my ass (0)

Anonymous Coward | more than 2 years ago | (#36912136)

Besides, the 'nice' thing about SSNs is... If you know where the person was born, and what year (not hard to find), you can predict 6 out of the 10 digits with a high degree of accuracy, thus aiding substantially in the cryptanalysis.

That's assuming that South Korean SSNs are issued using similar procedures as US SSNs.

True, but it's systematic nonetheless, and if the hackers are stealing it in the first place they'll almost undoubtedly be able to decrypt it.

Re:"encrypted" my ass (1)

OzPeter (195038) | more than 2 years ago | (#36912140)

Besides, the 'nice' thing about SSNs is... If you know where the person was born, and what year (not hard to find), you can predict 6 out of the 10 digits with a high degree of accuracy, thus aiding substantially in the cryptanalysis.

That's assuming that South Korean SSNs are issued using similar procedures as US SSNs.

Assuming that SK actually even has SSNs

Re:"encrypted" my ass (1)

Anonymous Coward | more than 2 years ago | (#36912376)

SSN is actually mandatory requirement for most online (and offline) registration in Korea.
Also, its in a format YYYYMMDD - XXXXXXXX so first part of it is easy to figure out if you have the information.

Re:"encrypted" my ass (1)

Firkragg14 (992271) | more than 2 years ago | (#36912242)

I was wondering about this. The fact that SSNs tend to follow a pattern would surely make them an easier target of cryptoanalysis. Even just knowing the format would cut down on the keyspace you had to search by a large margin wouldn't it?

Re:"encrypted" my ass (0)

Anonymous Coward | more than 2 years ago | (#36912102)

Korean SSNs aren't the same as American ones. Also, in Korea, you have to provide your SSN to sign up for any online service, including Nate and CyWorld.

Re:"encrypted" my ass (0)

Anonymous Coward | more than 2 years ago | (#36913598)

No wonder the US is having trouble funding social security. I had no idea it included the 35 million South Korean telephone subscribers!

Re:"encrypted" my ass (1)

nbetcher (973062) | more than 2 years ago | (#36916770)

Correction: SSN area prefixes aren't generated based on an applicant's place of birth. The area prefix is determined by the ZIP CODE that the applicant provides on his/her application to the SS office. The zip code provided does not even need to be the applicant's residence.

Re:"encrypted" my ass (1)

Mana Mana (16072) | more than 2 years ago | (#36918300)

> social security numbers

You know that they (SSN's) are American, right? Since we're talking about South Korea citizens and purportedly mainland China crackers WTF are we talking about?

Korean ID numbers? Well, alright then, let's say so.

Re:"encrypted" my ass (1)

AlphaGremlin (878335) | more than 2 years ago | (#36918998)

Either way, it's highly unlikely the "encryption" scheme is much more sophisticated than a single XOR operation. Decrypting that field for a substantial portion of the database SELECT statements would be a huge overhead.

Or you encrypt the value you want to look for before using it in your WHERE clause. Unless the key is individually salted for each person, you can do a much quicker binary comparison with encrypted value against encrypted value. If it IS individually salted, you could store a hash to compare with rather than the full value, decreasing the amount of work that needs to be done. As far as I'm aware, performing a hash operation + compare would be quicker than full decryption + compare. If you don't salt the hash, it's even faster, though an attacker would be able to use a rainbow table then.

Besides, CSRs and billing would only need the encrypted data occasionally anyway. It wouldn't be a huge overhead to decrypt if you only run billing once a month - let it go overnight. You could even split it across the month, running portions at a time depending on the billing date for each customer.

SSN's do "tell where you were born" (0)

Anonymous Coward | more than 2 years ago | (#36919742)

Going from east coast, to west coast, in the 1st 3 digits, iirc...

* Thus, you can get a pretty close geographical area on "birth origination point", right from the SSN itself...

(On that note? Well... "will wonders NEVER cease"!)

APK

P.S.=> There IS NO PRIVACY, get used to it (& I suspect it was actually INTENDED to be that way, & with a great many things - @ least, "by default")...

So, as much as I hate to admit or even state that, it does seem to be the case, unless you do something about it, & in an area you have direct control over (such as your PC, & perhaps not using things that "open you up" to attack, such as credit cards online etc. (but, a cashier in a store could do the same really as well, as long as you insist on being a member/part of such systems of commerce))

However: "The number of the beast", your SSN imo/in a way, or the precursor to such a thing?

Well, as it's said in Revelation:

"And that no man might buy or sell, save he that had the mark, or the name of the beast, or the number of his name. Here is wisdom. Let him that hath understanding count the number of the beast: for it is the number of a man; and his number is Six hundred threescore and six."

Thus, it seems there's NO avoiding it really, if you're in the USA @ least!

... apk

Re:"encrypted" my ass (0)

Anonymous Coward | more than 2 years ago | (#36919772)

Nate said the social security numbers and passwords are encrypted

The real question is, was the data hashed.

Re:"encrypted" my ass (1)

chaostaco (1233722) | more than 2 years ago | (#36924220)

I agree with your final conclusion that they're screwed, but your understanding of encryption and software is a little off.

And stored in a database, which for authentication purposes would need to be able to convert said "encrypted" data into plain text for any customer service representative, the billing systems, etc. The key has to be something that's widely accessible, or goes through a proxy.

Assuming that they are using widespread password encryption practices (i.e. only storing a salted, hashed version of the password) then they never convert the encrypted data back into plain text for authentication. Instead, they salt/hash the password that the user has entered using cryptographically strong but publicly known algorithms (no secret keys) and compare the result to what is in the database. Brute-force or dictionary attacks can be used against this, but there is no such thing as a decryption key that can reverse a hash operation.

Either way, it's highly unlikely the "encryption" scheme is much more sophisticated than a single XOR operation. Decrypting that field for a substantial portion of the database SELECT statements would be a huge overhead.

I disagree that their encryption scheme would be unsophisticated for the reasons you provide. Applications do not typically examine the password field on a substantial portion of database calls. Applications do typically use strong cryptography during authentication calls and the overhead is not prohibitive. If they are using XOR to encrypt passwords, it is not for technical reasons.

Resident Registration Number (1)

MischaNix (2163648) | more than 2 years ago | (#36911806)

Decrypting the resident registration numbers in this set would not be difficult, as the number follows a systematic pattern a la pre-obfuscated SSNs. See Wikipedia [wikipedia.org] for details.

The consequences of this for identity theft and how it is handled in Korea should be interesting.

Title Fail (4, Informative)

Anonymous Coward | more than 2 years ago | (#36911868)

IPs originating in chine does not automatically mean it was conducted by Chinese Hackers.

Re:Title Fail (1)

cyfer2000 (548592) | more than 2 years ago | (#36913514)

No to mention even the computer used to initialize the attack was located China does not mean the hacker is holding a Chinese passport. One little game I always play when I see news regarding Chinese is replacing word "Chinese" with the word "Jew" or "Jewish". If I can finish the title without feeling I am a Nazi, I proceed to read the article. Otherwise, I make myself a tinfoil hat.

Re:Title Fail (1)

Anonymous Coward | more than 2 years ago | (#36919532)

Whether or not it offends your delicate flowery view of the world, Its not racism to assume China is going to continue shitting all over the rest of the world. They've given us no indication of stopping anytime soon.

Re:Title Fail (2)

John Saffran (1763678) | more than 2 years ago | (#36914940)

Except for the fact that chinese hackers (some working for the chinese government) are known to be attacking the rest of the world. For example, http://en.wikipedia.org/wiki/GhostNet [wikipedia.org].

It's always possible that activity from a chinese IP may be non-chinese, but suffice to say that the chinese haven't done themselves any favours reputation-wise in the field of computer security.

35 million? (1)

Anonymous Coward | more than 2 years ago | (#36911960)

Given that South Korea has a population estimated around 49 million... That's usernames, passwords, KSSNs, phone numbers and email addresses for nearly 71% of the population at the most generous estimate of one account per user. That is absolutely ludicrous amounts of data to have on a country: nearly all of its online population's details?!

This is an unprecedented invasion of privacy. The South Korean government had better be all over this: someone out there now has all the information they need to impersonate every two out of three of its citizens. That's worth a lot of money to the right people.

Bad CC security Visa/MC/Discover/Amex's Fault (0)

Anonymous Coward | more than 2 years ago | (#36911978)

The fine for a single data breach is $50,000 x 4 (each cc org) = $200,000. Second time, it doubles.. only on the 4th time, you _might_ lose the ability to process cards.

So for a small company with a few thousand records, a single data breach, and you're out of business.

If you're Sony, and lose millions of records, you get a $200,000 fine.. less than it would have cost to secure all of their systems.

Nat(ali)e Port(m)a(n)l? (0)

Anonymous Coward | more than 2 years ago | (#36911994)

Useless post, but I can't have been the only one misreading that?

Re:Nat(ali)e Port(m)a(n)l? (0)

Anonymous Coward | more than 2 years ago | (#36912058)

Yeah, I read that as well. "A portal called Natalie Portman". WTF?

proof of idiocy (1)

frovingslosh (582462) | more than 2 years ago | (#36912164)

Just more proof that anyone who gives their S.S.# to a phone company or other business who doesn't pay into the S.S. account and isn't required by law to have it is an idiot. How much of this does it take before the sheep start refusing to use the S.S.# as some sort of public ID. Giving it to web portals? Insane!

Re:proof of idiocy (2, Informative)

Anonymous Coward | more than 2 years ago | (#36912334)

give S.S.# to portal to register is required by law in Korea

Re:proof of idiocy (1)

javelin682 (793007) | more than 2 years ago | (#36912396)

While I agree that these types of companies shouldn't necessarily have your SSN, in a lot of cases, they do a credit check to make sure you're the type to pay your bills. So, if you want their service, you kinda have to give them the SSN so they can do a check. Now, I'm not sure if they also report to the credit bureau(s) as well to let them know you do pay on time.

SS# is NOT for identification (1)

frovingslosh (582462) | more than 2 years ago | (#36913948)

Many years ago, long before the problems of identity theft well well publicized and even before many /.ers were born, I needed to rent a car and got myself to a local rental office. Showed them my ID, there was no question about payment, but there on the rental form they wanted my SS#. I filled in the form but left the SS# blank. The clerk insisted I needed to give my SS# or they would not rent to me. I talked to the manager. I explained the issue and that I simply was not going to give him my SS#. He restated that they would not rent to me without my SS#. I told him fine, I would leave peacefully, as long as he would put in writing that he refused to rent a car to me because I would not give him my SS#. He thought about that for a minute, then decided that they really didn't need my SS# after all.

I've had similar things happen many times since then. People will often try to bully you to get the number, but if you hold your ground and make it clear that you know they have no right to it, they will usually back down (have always backed down in my case). They particularly tend to back down after you say something like "you have a business license? Please put in writing that you refused to do business with me because I would not supply you with my SS#.".

Re:SS# is NOT for identification (0)

Anonymous Coward | more than 2 years ago | (#36917624)

What the article alludes to is not a "social security number" such as the US has, but is instead a national ID number (). Every Korean citizen has one and, unlike in the US and other countries, its use is mandatory for virtually EVERY on-line action, from ordering your new kimchi fridge from the manufacturer to posting a comment on an on-line forum such as this. By ROK law, every website with over 100,000 hits daily must require real name registration using national ID numbers in order to post on the site. Because of this, Koreans have no expectation of on-line privacy whatsoever.

Re:proof of idiocy (1)

shoehornjob (1632387) | more than 2 years ago | (#36913234)

FTF article "Nate said the social security numbers and passwords are encrypted so that they are not available for illegal use" That is until the attacker('s) find the key. One of these days someone is gonna really get pissed at these Chinese hackers and bad things will ensue.

Chinese IP (0)

Anonymous Coward | more than 2 years ago | (#36912490)

This obviously a CIA operation going through Chinese VPN.
Guess the American agents were getting denied trying to access their favorite K-pop from work.

Why is this news? (1)

Anonymous Coward | more than 2 years ago | (#36912984)

China is in a cold war with the west. We will see continuing on-line attacks until the war turns hot.

One or the other (1)

kakyoin01 (2040114) | more than 2 years ago | (#36916602)

Well nowadays, it's either hacking or selling children, it seems. All in a day's work for those Chinese.

Seriously though, they must have done SOMETHING right, seeing as China is slowly consuming the United States. Either that, or we (the US) is doing something very wrong. I have a feeling it's at least the latter.

Here we go again... (0)

Anonymous Coward | more than 2 years ago | (#36917890)

Out of the 40 or so babble heads posting responses equivalent to "that's not hard" or "even I knew NOT to do that", I find it amazing that approximately 100% have yet to post anything representative of truly demonstrating real proficiency and technical understanding of how an attack like the one noted in this entire thread is actually carried out.

If there's anything about the IT world I truly hate with the passion found only in Christ, it's all the fucking blowhard twats that saturate it.

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...