Saturday, February 14, 2009

Korean Bank Hacked

HACK : Korean Bank Hacked

Why Was Hana Vulnerable to Hacking?

By Kim Tong-hyung

Staff Reporter



Security loopholes at online banking sites are leaving customers' accounts vulnerable to electronic heists, experts said.

The criticism comes after a 38-year-old woman had 21 million won (about $15,000) stolen from her Hana Bank account by what the police believes was an international gang of hackers who breached her computer.

The incident serves as the most recent indication that assessing the safety of one's bank accounts online has become difficult, security officials say, with the advancement in spy software and other computer technology posing further threats.

Hackers in the most recent attack had no trouble in beating the dual protection system of public key cryptography and individual code numbering, which banks entirely rely on to protect transmissions on the Internet.

``Local banks spent heavily to increase the protection of their computer networks in the past, and the level of security for their servers and storage databases is actually impressive,'' said an official from AhnLab, a security software developer.

``The problem is that hackers usually target the computers of customers, not banks, and the level of awareness on the users' side is still quite low,'' he said.

According to investigators at Seoul's Gangnam Police Station, the hackers breached the online account of the victim, identified only as Seok, on Jan. 5, and moved money from the account three times, 7 million won at a time, despite Seok having been tipped off by Kookmin Bank earlier that day that her online bank account had been accessed by a user from a suspicious Internet protocol (IP) address based in China that had been used in another hacking attempt in August last year.

Seok immediately received a new public key and code card from the bank and changed her personal access code. However, her Hana Bank account, which used the same public key for verification, was invaded just three hours later.

``There has been no trace of the hackers attempt to use Seok's old public key to breach the Hana Bank account, and it is clear that the suspects had immediate access to her new public key, code card and personal access codes,'' said Ryu Gyeong-ha, an official from the police station's cyber crimes unit.

The police believe that the hackers installed spy software in Seok's computer, probably through e-mail, enabling them to record her personal information and passwords and capture her keystrokes through ``key-logger'' programs.

However, investigators have yet to confirm their suspicions, as Seok has thus far refused to have her computer seized and inspected, police officials said.

``The hackers didn't need to copy the new public key when they had Seok's personal information, which allowed them to log into the account legitimately. They had an eye on her every minute,'' Ryu said.

It's debatable how much of the blame should be placed on Hana Bank for its failure to protect Seok's account from hackers. The recent incident exposed the banks as being ill-prepared to protect online bank accounts, according to security consultants, and Hana Bank should be held accountable for its failure to provide better security solutions to individual users, such as improved programs to prevent key-logging.

Some question whether the hackers had successfully breached Hana Bank's security network, as the installation of spy software on Seok's computer doesn't clearly explain how the suspects got hold of the 100-plus individual code numbers on the code card issued by Kookmin Bank.

Seok claims she never saved the codes on her computer, and obtaining the vast amount of information just through key-logging programs would be difficult to pull off in such a short period of time, according to some security experts.

Hana Bank officials deny the possibility of a network breach.

``The process of the money transfer was legitimate and we have found no traces of breach attempts on our database,'' said an official from Hana Bank.

``There were no errors in typing in the IDs and passwords and there was no reason to believe that the transaction was conducted by a hacker. If banks had a system whereby they could share information regarding suspicious IP addresses, this wouldn't have happened,'' he said.

There was a similar incident in December when a hacker, also using a China-based IP address, attempted to steal 14 million won from a Citi Bank customer. However, the customer, identified as Yoo, saved his money by alerting the bank to suspend payment from his account.

The police gave up on the investigation, citing difficulties in tracking the China-based Internet user.

No comments:

This Day in History

Thanks for your Visit