Police Specify 3 Security Firms that Managed Wallpads Hacked with the Same Method Used to Hack Auction 13 Years Ago
이 글자크기로 변경됩니다.
(예시) 가장 빠른 뉴스가 있고 다양한 정보, 쌍방향 소통이 숨쉬는 다음뉴스를 만나보세요. 다음뉴스는 국내외 주요이슈와 실시간 속보, 문화생활 및 다양한 분야의 뉴스를 입체적으로 전달하고 있습니다.
[경향신문]
Wallpads, a smart device including cameras that capture the homes in apartment complexes, were penetrated using web shells, a beginner-level hacking method. The method was the same as the one used to hack into the information of 10 million clients at Auction, an e-commerce firm thirteen years ago. The police believe wallpads of 704 homes were hacked and are investigating three firms overseeing the security and management of the apartments.
According to the information that the office of Democratic Party of Korea lawmaker Jeon Yong-gi received from the Korea Internet & Security Agency (KISA) on December 5, the police cybercrime investigation unit and KISA conducted a site inspection of three apartment complexes, where the wallpads were hacked, and found traces of web shells in one apartment complex in Gangnam-gu and one urban residential housing in Jongno-gu, Seoul. The apartment complex and urban residential housing were luxury houses with the actual market price of a unit exceeding 4 billion won.
Using a web shell, the hacker can remotely inject malicious codes into a web server and acquire the authority of an operator or manager to access personal information. In 2008, the personal information of nearly 10 million Auction customers were leaked and in 2011, 1.5 million clients of Hyundai Capital also had their personal information leaked. Web shells were used in both cases. In the security industry, web shells are seen as the most basic hacking method, but an apartment security network was again infiltrated in this way.
The police are currently identifying the details with three security firms, whose wallpads were penetrated based on the initial investigation by KISA. So far, 704 apartments are believed to have fallen victim to the hacking. Among them 538 homes were managed by A security firm, 73 by B, and 56 by C. Authorities have yet to accurately identify the security management firm of 37 homes.
The police are also investigating one hacker who allegedly sold the images illegally captured in this way in exchange for bitcoins. Reportedly, he tried to sell a 24-hour video of one home for 0.1 bitcoin (approx. 8 million won). According to the site inspection by the police and KISA, the wallpad of one unit in the apartment complex in Gangnam-gu was first hacked on August 17, and the wallpad of one unit in the urban residential housing located in Jongno-gu was first hacked on November 10.
A regional analysis of wallpad hacking cases showed that they were most frequent in Gyeonggi with 219 homes, followed by 106 homes in Seoul, 78 in Gyeongsang-do (North and South), 58 in Chungcheong-do (North and South), and 57 in Jeolla-do (North and South).
Kim Hyoung-joong, a professor at the Korea University School of Cybersecurity, said, “The latest hacking attempt took advantage of the fact that apartment complexes had a weaker online security system than offices,” and added, “To prevent hacking attacks, we need to assign personnel to oversee the online security of apartment facilities and have him regularly inspect the security status.”
Copyright © 경향신문. 무단전재 및 재배포 금지.
- “50대는 1표, 20대는 1.33표…세대별 차등투표제 필요”
- 문재인 전 대통령 “이념 사로잡힌 편중외교 통탄할 일”…‘혼밥 논란’ 반박도
- [종합]“팬들에 돈달라 하겠냐” 길건·홍진경도 분노···끊이질 않는 사칭범죄
- ‘이별값’ 120만원 받고도 헤어진 여친 스토킹한 20대 남성 징역형
- 경찰, 김호중 방문 유흥주점 압수수색…‘사고 전 음주 판단’ 국과수 결과도 받아
- 사측이 “조수빈 앉혀라”…제작진 거부하자 KBS ‘역사저널 그날’도 폐지 위기
- 이원석 검찰총장 “인사는 인사, 수사는 수사”…사전 조율 여부엔 “말 않겠다”
- [우리는 서로의 증언자②] 이남순 “여자로서 끝났다” 몸도 마음도 깊숙히 꿰뚫은 그날의 상처
- 늙으면 왜, 다들 손만 잡고 잔다고 생각할까
- “태국 파타야 한인 살인사건 용의자, 캄보디아 도주”