One Chinese national has been arrested and his South Korean accomplice is being sought on suspicion of carrying out a massive hack into a software company’s client details, and using the private data to extort clients, police said Wednesday.
The cybercrime unit of the National Police Agency said they apprehended a 27-year-old surnamed Cho late last year and have taken him into custody on charges of violating laws regarding telecommunications and protection of online information. The Korean accomplice, whose identity is being withheld, remains at large, they said.
Staff members at the Korea Internet and Security Agency in Seoul monitor the spread of ransomware cyberattacks earlier this year. (Yonhap)
The pair is suspected of stealing the IDs and passwords of some 166,000 ESTsoft clients, an IT firm that sells anti-virus vaccines and utility software, and threatening the company to pay them 500 million won ($467,500) worth of bitcoin from February-September last year.
They hacked ALPass, software created by ESTsoft, to obtain personal data from clients to gain leverage in the crime. ALPass is a storage tool that files account names and passwords for a user and automatically signs in to the website without him or her having to type them such details in.
Using the hacked information of two clients, they transferred 8 million won in the virtual currency to their digital wallets and bought a burner cellphone under a victim's ID, police said.
They were skilled enough to also disable identity authentication programs or block message transmissions in the websites they accessed with client data.
Police said they will continue efforts to locate the Korean suspect, while recommending the public not save any private information on an Internet portal. (Yonhap)