2017-03-27 17:45
Chinese hackers suspected of targeting individual Koreans in THAAD retaliation
With Innovation draws fire for lacking security readiness

By Yoon Sung-won

Chinese hackers are suspected of targeting Korean mobile app users as part of the country’s retaliatory steps against Korea’s deployment of a U.S. anti-missile system, industry officials said Monday.

Some 4,000 users of mobile accommodation reservation app Yeogi-Eoddae received text messages last week that included detailed information on their lodgings such as date and location. Some of them included obscene expressions that mocked the users’ private lives.

The messages were sent after the servers of With Innovation, provider of the reservation app service, were compromised. The app has more than 3 million users. But the company has not been able to confirm how much information was leaked.

With Innovation has pointed its finger at Chinese hackers.

“More than 90 percent of the IPs that have attacked our database originated from China,” a company official said. “We are weighing the possibility that it’s a retaliatory act by Chinese hackers who oppose the deployment of a THAAD battery here.”

Another factor linking the attack with China is that it used a type of structured query language (SQL) injection attack also used by the Honker Union, an infamous Chinese hacker group, in a recent cyberattack on Korean websites to protest the THAAD deployment.

The SQL injection allows hackers to infiltrate servers and databases by inserting certain statements into entry fields for IDs and passwords.

The latest assault on the mobile service differs from previous political cyberattacks from China in terms of the techniques used. For instance, a recent attack on the Lotte Duty Free Shop website, which has been the target of Chinese retaliation, paralyzed the site using a distributed denial of service (DDoS) attack.

But not all security experts said the data leak has something to do with Chinese retaliatory steps against THAAD.
Some experts said the Honker Union is unlikely to use the SQL injection technique. They also pointed out it may not be a political cyber threat as the perpetrators demanded bitcoins after the attack.

According to Korea University Graduate School of Information Security professor Kim Seung-joo, it may be rash to conclude Chinese hackers carried out the cyberattack because there are so many hackers worldwide who use China-based IP addresses to avoid backtracking.

Poor security readiness

Regardless of the origin of the trouble, With Innovation has come under fire for failing to protect the private data of its users from SQL injection, which is considered one of the simplest and most common hacking methods.

With Innovation promoted that the “Yeogi-Eoddae” app had received security certification from the Korea Online Privacy Association. But it did not have the information security management system approval used by the Korean government.

Among Korean online-to-offline service providers, another mobile accommodation reservation service “Yanolja” and food delivery service “Baedal Minjok” have the approval.

With Innovation has fueled users’ anger as it has expanded its advertising and marketing drives without taking steps to protect users’ personal data.

“The company would have been able to prevent the data leak if it had a simple defense system like a firewall,” said a 29-year-old officer worker who uses the app at issue. “This means the company did not even have the common sense to keep the fundamentals.”

On its website, With Innovation said it is working with the Korea Communications Commission and the National Police Agency to investigate the cyberattack.

“We have put forth much effort for security and to protect private information,” the official claimed. “We deeply apologize for causing such a problem and pledge to strengthen security measures to prevent future recurrences.”


yoonsw@ktimes.com