Hacked personal data originating from China

[security curmudgeon <jericho () attrition org>]

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://joongangdaily.joins.com/article/view.asp?aid=2918142

By Park Sung-woo
JoongAng Daily
March 22, 2010

Have you ever wondered why you get so many unwanted spam text messages and 
e-mails? The answer might be found in China.

A 22-year-old Korean man named Kim is under arrest for purchasing lists of 
Koreans' personal information, such as cell phone numbers and e-mail 
addresses, which had been hacked in China. After spending 1 million won 
($880) for 31 million items of data since July of last year, Kim posted an 
Internet ad and sold off 10 million such items.

A 27-year-old man Lee, who runs a branch for an Internet service provider, 
was one of the buyers. He spent 3 million won for 140,000 phone numbers 
for his branch's telemarketing scheme.

The Seoul Metropolitan Police Agency took in Kim and Lee without physical 
detention, and also detained the owners of the companies that failed to 
protect their customer information from computer hackers.

Last September, a used-car trading Web site and the Internet home page for 
a car navigation manufacturer were victims of Chinese hackers who stole 
names and residential registration numbers of 910,000 online members. 
Hackers can use the stolen registration numbers to become members of 
certain Web sites that send spam messages, or sell the numbers to other 
hackers.

Seoul police charged a 32-year-old named Kim, the owner of the used-car 
site, and a 45-year-old named Lee, who runs the navigation maker, for 
negligence in protecting their customers. information.

The law demands that companies protect their online customers. 
information, and violations are punishable by a maximum of two years in 
prison or a 10 million won fine.

"This is the first case in which we applied this particular clause since 
it became effective in September 2008," a police officer explained. 
"Protecting personal information is a legal obligation, not merely a 
recommendation. We will continue to charge companies that leave their 
customer information vulnerable to hacking."

According to police, Chinese hackers have been targeting Web sites of 
Korean department stores and other frequently visited sites. The hackers 
offer the Korean information for sale on the Internet.


_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php