A hacking attack last week on SK Communications, which resulted in the country’s largest-ever theft of personal information of 35 million Korean internet users, originated from China, police here said Thursday.
The National Police Agency found that the unidentified hacker extracted the information from SK Communications’ user database to an internet protocol address registered in China.
“The user data has been directed to an IP (internet protocol) in China,” an official at the NPA’s cyber crime investigation unit said.
According to the official, the hacker used a Korean internet security provider, EST Soft, to break into computers at SK Communications and stole user data of the nation’s third-ranked portal Nate and popular social networking site Cyworld.
EST Soft is a provider of various software programs, including AlZip, a widely popular freeware for file compression and extraction.
The hacker implanted a malicious code in EST Soft’s update server for ALZip and paralyzed 62 PCs at SK Communications to use them to access the company’s user data base.
It seems that the malicious code only targeted SK Communications, not individual users of AlZip, the official said.
The NPS said it is cooperating with Chinese authorities to identify the hacker and retrieve the leaked data.
It also said that it plans to expand the investigation to determine whether other IT firms have been attacked and whether SK Communications and EST Soft had made sufficient efforts to stave off hacker attacks.
The leaked personal information includes user IDs, passwords, resident registration numbers, user names, dates of year and birth, gender, email addresses, telephone numbers and home addresses.
Passwords and personal ID numbers are encoded, but experts said, judging from the hacker’s level of skills, they may have been decoded already.
Affected internet users should change their passwords as soon as possible, they said.
“So far, it was not easy to win cooperation from Chinese authorities on hacking incidents,” an expert said.
In April, two hacking incidents targeting Hyundai Capital and Nonghyup Bank were turned out to have been originated from China, but there has been little progress since then, the expert said.
Late June, police officials from Korea and China held a meeting in Beijing and agreed to enhance cooperation on cyber crimes.