Online Thieves Are Stalking You

Last week the biggest bank robbery in Swedish history took place.

Nordea Bank AB, the largest bank in Sweden, said its 250 customers were robbed of eight million Swedish krona (about 1.66 billion won).

However, the perpetrators never brandished guns or knives nor did they break into the bank. In fact, it was online theft; they stole and withdrew money from the victims’ accounts. The Swedish police only found out what had been happening 15 months after the scheme was started, and the theft is still at large.

Hacking for money is on the rise.

Recently, online imposters targeted the U.K.’s Barclays Bank, American Express, and the largest Internet auction and shopping site eBay and attacked their customers’ personal computers to acquire information by conducting “pharming.”

Victims can lose massive amounts of money without their knowledge.

Hackers Conduct Bank Heist-

Many hackers just want to show off their technique by cracking the websites of major organizations and companies. Some of them, however, seek financial gain in a concerted and elaborate manner. And the cases of online fraud are increasing.

Korea is not immune to the “online bank robbery.”

In the middle of this month, 20 customers of Citibank Korea had their credit card information stolen and lost 50 million won from their accounts. Perpetrators hacked Citibank Korea’s electronic payment system for its credit cards.

Last month, hackers stole digital certificate for secure online transaction of 5,000 customers from Kookmin Bank and the National Agricultural Cooperatives Federation. They redirected users to a bogus website to obtain information and 30 customers gave hackers their personal identification number for a “secure card” used in secure online transaction.

“In recent cases, highly organized criminal groups with lots of money have hired hackers to engage in systematic attacks against financial institutions. Among them is the Russian Mafia,” said Microsoft Korea’s Chief Security Advisor Cho Won-young.

Send Money or We Will Lock Down your System-

Some hackers openly demand money or steal sophisticated technology. Those attacks are conducted against small and medium-sized companies (SMEs) whose security systems are weak.

At the end of last month, scores of online businesses and SMEs received threatening emails, saying, “Send X00 million won into account NO.XX by the day of XX. And we will restore your system.” Those victims’ systems were already paralyzed by hackers.

The perpetrators conducted Distributed Denial of Service (DDoS) attacks. This floods incoming data to the target system and eventually forces it to shut down. From February 7 to 9, 2001, hackers used DDos to attack the U.S. stock exchange, CNN, Yahoo, and eBay.

“Hackers switch their target from big companies and government organizations to SMEs. More manufactures of LCD and cell phone parts inquire our company about how to get protections against attacks from China,” Kim Hyun-seung, the head of KTVision, a Korean online security firm, said.

Vulnerable Individual Users-

Naturally, individual users who have insufficient knowledge about online security and little means to protect themselves become very vulnerable to cyber attacks.

According to a Ministry of Information and Communication’s report, a PC can be infected with computer viruses and spyware only 15 minutes after being connected to the Internet if the owner doesn’t install virus vaccine software and security patches.

There are increasing cases of stealing IDs and passwords from victims’ email accounts or Blog accounts for criminal purposes. One organizer of joint purchasing of a product got off with the money after collecting victims’ money using bogus accounts. Last November, hundreds of blogs of a major portal site were changed into illegal gambling promotion sites overnight.

“Hackings for financial gains will become more systemically sophisticated. Many innovative scams will appear to steal personal information by cracking email accounts, Internet messenger programs, and websites.” Kang Eun-seong, AhnLab’s senior staff for security department said.

Experts say Korea is one of the most wired countries and has the most sophisticated Internet banking system, but its security awareness is dismal.

“Over the half of PC users don’t install security patches. And businesses don`t seem to care much about online security,” said Microsoft Korea’s Chief Security Advisor Cho.

jaeyuna@donga.com mikemoon@donga.com