North Korea Is Blackmailing Top South Korean Online Retailer For $2.66 Million

An anonymous reader writes from a report via Softpedia: South Korea says that North Korea is behind a data breach that occurred last May, where hackers stole details about 10 million user accounts from Interpark.com, one of the country's biggest shopping portals. The hackers later tried to extort Interpark management by requesting for 3 billion won ($2.66 million / 2.39 million euros), otherwise they were going to release the data on the internet. [The hackers wanted the money transferred to their accounts as Bitcoin.] Authorities say they tracked the source of the hack to an IP in North Korea, previously used in other attacks on South Korean infrastructure. "Besides the evidence related to the IP addresses and the techniques used in the attacks, investigators also said that the emails Interpark management received, written in the Korean language, contained words and vocabulary expressions that are only used in the North," reports Softpedia.

Serves them right

[Dunbal]

I'm sorry but when you don't take your customers' security seriously, don't complain when someone walks through the front door and steals the stuff you left lying around. The hackers are wrong, but it's the store's own damned fault. They'd rather make more profit than pay for serious security. Shows what they think of their clients.

Re: Serves them right

Just kidding! I'm going to ram this tire iron up my ass now!

Re:Serves them right

The store isn't the victim, it's a(n incompetent/negligent) middle man. The customers of the store are the victims. GP is not blaming them, idiot.

Re:Serves them right

Victim shaming. Nice.

Nothing is unhackable.

Re:Serves them right

[Dunbal]

The VICTIMS are the customers who are about to have their private information plastered all over the internet. The store is not a victim. It's pretty obvious they don't give a shit.

Re:Serves them right

[Dunbal]

Nothing is unhackable.

In theory. In practice humans go for the low hanging fruit. This store was probably hacked because of ridiculous password security or SQL injection, or some other trivial technique. You don't need to build government-level security to convince a bad guy to move on to an easier target.

Also the store is not the victim. The customers who trusted the store are.

Re:Serves them right

Nothing is unhackable.

No, but if hacking doesn't at least require physical access or a stuxnet level of operation then you have done a poor job.

Re:Serves them right

[Salgak1]

. . .or, the most common source of breaches of them all: either an insider or a social engineering effort. Or at least as part of the effort. . .

Re:Serves them right

Stuxnet did require physical access. Someone had to walk into one of Iran's most secure facilities and insert a USB drive to kick things off. The Stuxnet artifacts discovered on the Internet were just parts of the delivery propagation mechanism without the actual payload that ultimately hit the centrifuge control systems.

Re: Serves them right

You don't think breaches of this kind would negatively affect the company?

If they were negligent, then certainly they should be held accountable. The reality is that no functioning customer database is 100% secure. All you can do is to reduce the risk of intrusion and minimize the damage that occurs when someone gets in.

Re: Serves them right

[Dunbal]

You don't think breaches of this kind would negatively affect the company?

Besides the point entirely. I was accused of victim blaming. Say you are a construction worker and you lend me your tools to look after until tomorrow. I don't give a damn and leave your tools lying around where anyone can steal them. Next day, the tools are gone and when you ask me for them I just shrug my shoulders. Who is the victim - me or you? Yeah ok, I have lost credibility. You will never lend me any tools again. But I wouldn't call me a VICTIM. If anything, I am an accomplice.

Lesson: Don't say "Comrade" next time.

Dammit. Someone let some North Korean lingo slip into their communications. // Remember kids: The Korean War never really ended. It's only a temporary cease-fire. The rest of the world has moved on but North Korea is still fighting the war.

so that's how much..

a failed missile launch costs these days. who knew?

Re:so that's how much..

[Dunbal]

We're going to launch a missile, and S. Korea is going to pay for it!

Re:so that's how much..

I tell you, it's going to be a beautiful missile. Really beautiful. I have a friend, a good friend, who just last week said to me, he said, Glorious Leader, this is without doubt the most amazing missile I have ever seen. And that's how we'll make North Korea even greater than it already is.

Re:so that's how much..

Except that it isn't actually so Funny:

http://thediplomat.com/tag/thaad-deployment-to-south-korea/
http://sputniknews.com/asia/20160728/1043695150/moscow-beijing-washington-seoul-putin.html
http://www.businessinsider.com/thaad-missile-defense-south-korea-north-2016/?r=AU&IR=T
http://www.breitbart.com/national-security/2016/07/28/28-jul-16-world-view-china-japan-vociferously-object-south-koreas-thaad-missile-system-deployment/

"We (US) are going to launch THAAD, and S. Korea is going to pay for it!"

Re:so that's how much..

"...The THAAD system intercepts incoming short, medium and intermediate range ballistic missiles above the atmosphere—exoatmospheric intercept..."

Sooo... if NK just shot the nuke horizontally (because they literally can) this THAAD thing wouldn't work, right? :v

Conclusive evidence

Conclusive evidence, as neither of these things can be faked.

it's getting less and less worthwhile

to appease these savages. can we please just nuke their ass and call it a day?

Re:it's getting less and less worthwhile

[Aighearach]

Yes. Go get to it.

Re:it's getting less and less worthwhile

[Megol]

Hey some of those "savages" are actually decent people! Besides nuking them will lead to contamination of Europe! ... we are talking about the UK, right?

This should have been caught right away

...they tracked the source of the hack to an IP in North Korea, previously used in other attacks on South Korean infrastructure.

...so why wasn't ALL traffic from that IP monitored at the boundary routers (or even: why isn't SK monitoring ALL traffic coming from ALL NK IP addresses?), and as soon is it was seen to be attacking somebody in SK, then the attack interfered with and the victim notified?

Re:This should have been caught right away

[behrooz0az]

Apparently it's hard to drop packets from a /22
complete range is 175.45.176.0 to 175.45.179.255

...and Kim is to blame

[hexonut]

It's funny how every time something happens when the culprit seems to originate from a country that the US doesn't like, it's always suggested that the government of that country is to blame. Case in point: the title reads "North Korea Is Blackmailing...", not "North Korean hackers are...". Same thing when something happens out of Russia: for sure Putin orchestrated it. If not Putin, who else could have? A cat?

I'm imagining a situation: what if every time something happens that looks like originating out of the US, every media outlet and their dog would point fingers at Obama personally?

Come on. North Korea is a 25 million country, it's not extraordinarily big, but, just think about it for a sec, there just might, just might be some people other than starving illiterate peasants and Party and military staff.

Re:...and Kim is to blame

Case in point: the title reads "North Korea Is Blackmailing...", not "North Korean hackers are..."

So, just how many people in NK do you suppose have unfettered internet access?

Re:...and Kim is to blame

[eht]

There are many people other than starving illiterate peasants and Party and military staff. None of those people have internet access except with permission of the Party and military staff, with tight monitoring of what is going on.

Re:...and Kim is to blame

Except the Russian hackers were traced back to Russian state security agency systems. So. You know. Evidence.

Re:...and Kim is to blame

... So. You know. Evidence.

Where? What evidence? I don't see any.
Lots of propaganda from sources sucking up to western elite, Yes. Is that evidence in your eyes?

Re:...and Kim is to blame

[walterbyrd]

Funny how some people are always grasping for straws to find some reason to smear the US.

Do you actually think some individual in NK, with no connection to the government, could do this? They don't even have open internet connections for individuals.

Re:...and Kim is to blame

given what we know of the conditions, state of technology and the internet in dprk. there is absolutely no fucking way that 'hackers' from dprk hacked anything, anywhere, without the the full backing and knowledge of their government; and more likely, was done only after the government 'requested' it.

and besides, it is not our fault that their supreme leader is the perfect setup, even better than his father was... the jokes literally write themselves.. carson would have loved him had he been born two generations earlier.

Re:...and Kim is to blame

But Saddam Hussein IS conspiring with Al Qaeda to hit the US, we KNOW they're in cahootz... at least since 9/11..

Re:...and Kim is to blame

You talking about the recent DNC hack? The so called evidence that proves this is a job by Putin to get Trump elected is the fact that a Russian VPN provider was used. By that "logic" even I have been a KGB operative in the past :o) (Fast and cheap VPN).
I would expect this level of bovine excrement on CNN, FOX or MSNBC, but not here on /. :(

Re:...and Kim is to blame

[hexonut]

I pretty much think they well could. I actually lived in a communist country for quite a long while and I personally, first-hand, know how things worked there. "Control by the government" is a grossly overstated illusion.

The fact of the matter is, the guards, especially the ones working "in the field" and whose tasks are to control the actual people rather then organize the whole process, are usually recruited from these proverbial illiterate peasants, so the educated city dwellers could very easily find the loopholes in the written and unwritten laws and customs to do whatever the hell they please, especially if they are criminally minded. There's always a way to conceal what you do on the internet from a low-ranked guard tasked in controlling you, because you know your computer system in and out and he doesn't. In order to get you scrutinized by the higher-level (and educated) officials this guard would need something more than just a suspicion of your wrong-doing. Provoke his suspicion three times in a row without actually doing anything "prohibited", watch his angry superiors investigate the empty suspicion and shut him up for good; after that you're free to do whatever. That's just one way of doing things, there are many others.

It only appears that totalitarian governments control the crime, the reality is rather far from that appearance.

My initial post was intended as a sarcasm regarding the well-ingrained mindset among the Westerners (not only Americans) that regards the people in the communist and ex-communist countries as some kind of untermenschen, a mere drones at the command of their Supreme Leaders. The replies I received here so far only underscores the assessment that this mindset is pretty much alive and unshaken.

Re:...and Kim is to blame

Ordinary people in North Korea don't have access to connect to external IPs - especially those in South Korea. Idiot. Maybe you should read up a bit on the current situation over there.

Re:...and Kim is to blame

[Megol]

An AC calling someone an idiot. What are the odds?

softpedia talking about "hackers"

How about a real news source that does actual reporting, like without the breathless bullshit scarewords?

Re:softpedia talking about "hackers"

oh yeah... let's have some more vice or the register articles talking about zero-days that aren't zero-days all the press is FUD... all of it... even reuters

Re:Lying imperialist propaganda alert!!!!!!

[Falconhell]

Who knew glorious leader posted on Slashdot? Is this APKs real login?

Drop their routing

Remind me again what exactly north korea has to offer to the rest of the entire world that we are not dropping the routing to all their ASNs and (if required) every upstream provider that gives them transit?

I mean, China is one thing: they hack the world just like the USA, but they give a *lot* back, it is quite easy to get a lot of chinese contributions in science and engineering and general content. They deserve to be in the internet.

But north korea?

Re:Lying imperialist propaganda alert!!!!!!

[Salgak1]

Well OF COURSE Lil' Kim is on Slashdot. Like his father before him, he so ronery. . . . ;)

Why haven't we just disconnected North Korea

Why haven't we just disconnected North Korea from the Internet all together? What do we gain by allowing them access to it?
All that we get out of there are cybercrime type activities, nothing positive.

Re:Lying imperialist propaganda alert!!!!!!

[lalleglad]

How can he be so ronery with all the girls he has to choose from?
He is so chou-beri-lucky :-)

"Take them out."

At this juncture you send in an individual, or small team to "take them out".