S. Korean KT hack highlights cybercriminals' growing sophistication
Hacking program that penetrated phone company's defenses was undetected for five months
By Antone Gonsalves
July 30, 2012 — CSO — Hackers evaded discovery for five months after breaking into the computer systems of a major South Korean phone company, a sign that cybercriminals' evasive techniques are growing more sophisticated, security experts say.
South Korean police on Sunday reported the arrest of two people suspected of hacking into the network of KT Corp., the country's second largest wireless operator. Seven others who allegedly bought stolen KT data were also charged, the Yonhap News Agency reported.
Hackers apparently broke into KT's computer systems in February and siphoned off the personal data of 8.7 million customers before the company reported the breach to police on July 13. Investigators have accused the suspects of earning at least $880,000 from selling the stolen data to telemarketing operators. Such information is used to try and convince people to switch phone providers as their contracts near expiration.
"Information is highly valuable, and these adversaries are mining for all they can get," James Walter, security researcher for Intel-owned McAfee, said in an email Monday about data-stealing hackers.
[See more CSO coverage of malware/cybercrime.]
The sophisticated hacking program used to penetrate KT's defenses took nearly seven months to develop, investigators told Yonhap. Such advanced tools are no longer unusual among hackers, who are becoming much better at hiding malware once it's installed in a system.
In its 2012 data breach report, Verizon Communications found that 85% of companies took weeks or more to discover their networks had been hacked, up 6% from last year. "This lack of awareness is not uncommon, and [it] would not surprise me to learn it was a factor in the KT breach," Scott Crawford, managing research director for Enterprise Management Associates, said in an interview via email.
Companies are becoming more aware of the possibility that malware may lie undetected in their networks. As a result, more than a third of enterprises surveyed by EMA planned to expand their use of malware-detection technology that gathers and analyzes log data taken from network hardware and software. More than 40% of the companies without such technology expect to deploy it in the next three years.
"The technologies and disciplines of data management and analytics have become one of the most significant trends in IT in the last few years," Crawford said.
KT is Korea's largest fixed-line telephone company. Its 17 million wireless customers represent almost half the mobile phone users in the country, according to Yonhap.
KT is not the only large Korean company to suffer a major attack. A year ago, hackers broke into web portal Nate.com, owned by SK Communications, and stole the personal data of more than 35 million users. In November, online gaming company Nexon Korea had the personal data of 13.2 million subscribers stolen by hackers.
Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.