35 Million SK Telecom Accounts Stolen By Chinese Hackers

eldavojohn writes "South Korea's SK Telecom has revealed that earlier this week hackers stole 35 million account details from two sites. A portal called Nate Portal that provided e-mail services and a social networking site called CyWorld were the two targets by hackers who, SK Telecom claims, used IP addresses originating from China. From the article, 'The stolen data included user IDs, passwords, social security numbers, names, mobile phone numbers and email addresses. Nate said the social security numbers and passwords are encrypted so that they are not available for illegal use.'"

"encrypted" my ass

[girlintraining]

Nate said the social security numbers and passwords are encrypted

And stored in a database, which for authentication purposes would need to be able to convert said "encrypted" data into plain text for any customer service representative, the billing systems, etc. The key has to be something that's widely accessible, or goes through a proxy. Either way, it's highly unlikely the "encryption" scheme is much more sophisticated than a single XOR operation. Decrypting that field for a substantial portion of the database SELECT statements would be a huge overhead.

No, I suspect they have the SSNs, it's just a matter of time before they get them back in plain text. Besides, the 'nice' thing about SSNs is... If you know where the person was born, and what year (not hard to find), you can predict 6 out of the 10 digits with a high degree of accuracy, thus aiding substantially in the cryptanalysis. This isn't random data being encrypted... it's highly structured, and most of the plain-text is already known.

They're screwed.

Title Fail

IPs originating in chine does not automatically mean it was conducted by Chinese Hackers.

Re:Title Fail

[John+Saffran]

Except for the fact that chinese hackers (some working for the chinese government) are known to be attacking the rest of the world. For example, http://en.wikipedia.org/wiki/GhostNet.

It's always possible that activity from a chinese IP may be non-chinese, but suffice to say that the chinese haven't done themselves any favours reputation-wise in the field of computer security.

Awwwww GRITS!

[Jeremiah+Cornelius]

I must have scanned the summary too fast... I read the WHOLE ARTICLE, and nothing at all about NATALIE PORTMAN!

Re:Awwwww GRITS!

[m2vq]

What I found stupid, even about the title, was blaming Chinese for it. Gee, I'm pretty sure every hacker stealing 35 million peoples info will connect directly to the target server! I mean, no hacker would ever think of using a Chinese proxy because they're taking so much shit for all the other things too. But of course it's chinese hackers.

Re:Awwwww GRITS!

[m2vq]

They aren't some dedicated proxy servers, they're personal pc's which have been infected and open proxy server has been opened on them. It's easy to find those with google.

Re:proof of idiocy

give S.S.# to portal to register is required by law in Korea

Re:Accounts being stolen left and right

[flyingsquid]

One thing the summary gets wrong: the original article, at NPR, does not say that these are "Chinese hackers". The article only says that the attack "originated in China". The reason you can't actually pin this on the Chinese is that there are are actually two countries that conduct offensive cyberwarfare operations out of China. One being China, obviously. The other is North Korea. Believe it or not, North Korea is thought to have one of the most advanced offensive cyberwarfare capabilities out there (apparently when North Korea puts its mind to something, like hacking or making nuclear bombs and ballistic missiles, they're actually not that bad at it, which makes you wonder why there still isn't enough rice to go around). Given the effectiveness with which China manages to police its internet, however, it's damn hard to believe that the North Koreans aren't operating without their approval, or even active assistance.