Forgot your password?
typodupeerror
Crime News Your Rights Online

Two Arrested For Hacking Personal Data of 8.7 Million Phone Users 43

Posted by samzenpus
from the all-your-info-are-belong-to-us dept.
An anonymous reader writes "South Korea's second largest wireless service provider has apologized after personal data of 8.7 millions of its mobile phone subscribers was stolen by hackers. The details are suspected to have been sold to marketing firms, netting the hackers close to $1 million. From the article: 'South Korean police have arrested two men who allegedly stole the personal information of about 8.7 million cellphone customers from KT Corp., the second biggest mobile carrier in South Korea. The company alerted police on July 13 after detecting traces of hacking attacks. The data was collected for the last five months, starting in February 2012.'"
This discussion has been archived. No new comments can be posted.

Two Arrested For Hacking Personal Data of 8.7 Million Phone Users

Comments Filter:
  • by popo (107611) on Monday July 30, 2012 @06:06AM (#40815893) Homepage

    I don't know anything about Korean law, but aren't they liable as well if they purchase goods that are stolen, or have a reasonable likelihood of being stolen?

    • Re: (Score:2, Funny)

      by Anonymous Coward

      They start marketing security tools would be my bet...

    • by seven of five (578993) on Monday July 30, 2012 @06:47AM (#40816029) Homepage
      Since the phone numbers have proven to be illegal and illegitimate, the marketing co's will do the right thing and not use them, right? Right?
    • by wvmarle (1070040)

      I have no idea whether such laws apply to, as I would rather call it, inappropriately aquired data. After all, theft, stolen goods and handling stolen goods normally refer to physical goods. This is data we are talking about: the victims have not physically lost anything. They had data copied from their devices - which as I understand is illegal in Korea - but the device itself was not stolen.

      It's an interesting point anyway; anyone has any idea how this works in other jurisdictions? Any real-world examples

      • Not sure about this particular case, but not too long ago a Dutch judge ruled that Internal Revenue was allowed to use stolen data to go after people who had unreported savings in Swiss bank accounts. The data was stolen, and known to be stolen, but the judge reasoned that there was no problem since our IRS weren't buying the data from the thief directly, but from the German IRS who had obtained it from a Swiss whistleblower.

        But that's the IRS we're talking about, and if you dig a little deeper, it is qu
        • But that's the IRS we're talking about, and if you dig a little deeper, it is quite scary what powers they have in various countries. But for normal companies, using this data would be a big no-no under the kind of data protection and privacy acts we have around here.

          Since you are talking about German IRS, they have the duty and huge powers to find out what your income is. They don't have any right to use this information except to get the right amount of tax from you, and possibly fine you or prosecute you for cheating on your taxes. I don't quite know what you would find scary about that.

          • It's scary because there's a lack of due process. All gov't bodies should be subject to this, and that is mostly the case. The police cannot enter your house without a warrant (b.t.w. in NL that sadly is no longer the case), and obtaining evidence, statements and confessions is all subject to certain rules (no torture or duress, lawyer must be present, etc) or the evidence will not be admissible in court. You are presumed innocent until proven guilty.

            But the IRS play by different rules. I doubt very m
      • by Viol8 (599362)

        "fter all, theft, stolen goods and handling stolen goods normally refer to physical goods"

        Have you just stepped through a timewarp from the 1980s? In almost all western countries (and probably korea) theft now includes data including personal details.

        "This is data we are talking about: the victims have not physically lost anything"

        Christ, this argument was old in the 80s. If someone steals your personal data you have potentially lost something FAR more valuable than the physical machine they retrieved them

        • Re:Wtf? (Score:5, Funny)

          by will_die (586523) on Monday July 30, 2012 @07:22AM (#40816165) Homepage
          Yea but this is slashdot so it is not stealing it is piracy and the "victims" have not lost anything. The copiers have not done anything wrong by taking these bits and distributing it how the "owners" did not originally agree to.

          After all if the owners had made the product available in a format and manner the would be buyers had wanted it they would not had to resort to this method to get the info.
        • by Anonymous Coward

          No it doesn't.

          Just because the popular media use terms like "stealing information", it doesn't mean that the law thinks of it that way.

          English law has lots of stuff about unauthorised access to a computer system (Computer Misuse) and unauthorised processing of data (Data Protection), but nothing about "stealing" data. To "steal" is defined in the Theft Act as to commit theft, and committing theft is the dishonest appropriation of property belonging to another with intent to permanently deprive the other of

      • Didn't they loose their privacy?

    • by Ogive17 (691899)
      That's the first thought I had as well after reading the summary. First of all, I'm sure the marketing firm will claim they thought the information was legit. Secondly, businesses in S. Korea practically run the gov't... someone probably has enough connections to keep the marketing firm out of trouble.
    • I don't know anything about Korean law, but aren't they liable as well if they purchase goods that are stolen, or have a reasonable likelihood of being stolen?

      My experience here in the UK is:

      I used a popular car insurance comparison website when I was shopping around for cheaper car insurance. On this website I had to enter various personal details such as name, address, date of birth, claim history, etc. Soon afterwards I started receiving cold-calls in connection with the accidents in my claim history. These calls usually started by claiming to be from "the insurance company" and implying they were my insurer, without actually providing the name of the insur

      • Unfortunately they have so far declined to provide any evidence to support their position, I have no evidence to support mine, so it's my word against theirs.

        No, it's not. If they have no proof you agreed, they are clearly in violation of your rights. On this respect, the burden of proof is on them, as long as you have proof that it was they who disclosed your data to third parties.

        Then again, I don't really know how the enforcement of this works in the UK.

        • No, it's not. If they have no proof you agreed, they are clearly in violation of your rights.

          I didn't say "they have no proof", I said "they haven't provided any proof". In any case, it hardly matters - the ICO has no interest in prosecuting.

  • by Teun (17872) on Monday July 30, 2012 @06:22AM (#40815933) Homepage
    I thought Korea had the fastest internet, couldn't they have done this in just a few minutes?
  • In America (Score:1, Interesting)

    by Anonymous Coward

    They have entire companies who do exactly this, thousands of some of the brightest minds dedicated to extracting as much data about you as possible through any measure.
    they give them names like
    Google
    Facebook
    Apple
    Adobe Omniture
    Comscore
    Neilson

    even re-defining a word for this covert spying called "analytics"

    See if 1 or 2 people get your info, we call them hackers, if a gang of people under a collective name with TM symbol , then this its called a "business" in America and its actions are to be applauded.

    • by gl4ss (559668)

      we're quite far ways from facebook going and hacking my phone records -from my telephone operator- to match phonenumbers to all my contacts.

      though that might be handy actually.

  • Making completely secure programs and services is possible, but it's far too expensive for today's short sighted folks.

    Most say I'm a nutter for building my own OS from scratch, but I just can't find ANYONE who develops operating systems or applications with security as the highest priority. I try to exploit every line of code I write, and use a variety of unit tests involving input fuzzing, memchecks, etc to keep me honest. Sure development is slower (esp. refactoring), but I can sleep at night knowin

  • Now spamming you in badly written Korean.

What is wanted is not the will to believe, but the will to find out, which is the exact opposite. -- Bertrand Russell, "Skeptical Essays", 1928

Working...