+ A

Pyongyang hackers break into 63 ATMs

One victim lost about 3 million won, old spy malware was used
May 10,2017
South Korean authorities found solid evidence that indicate North Korea hacked into 63 automated teller machines across the country here last February, stealing user information for nearly 2,500 payment cards and siphoning off cash from at least 28 people.

It is not known exactly how many South Koreans were victimized or how much the North stole in total.

One person lost 3 million won (about $2,600). South Korean officials detected the plot in March and have since been investigating the case.

Speaking on the condition of anonymity, a local government source exclusively told the JoongAng Ilbo on Monday that the malicious code found in the automated teller machines was “similar” to the one found late last year in the thousands of hacked computers in the National Defense Ministry.

The ministry concluded North Korea was behind the act at that time, given that the malware was “similar in form to the kinds made in the North,” according to an official.

Another government official who spoke with the JoongAng Ilbo said “North Korean-style language” was found in malicious code in both cases, a strong hint that Pyongyang was behind the scheme.

The second source, however, said it was impossible to conclude with certainty that North Korea hacked the ATMs because a virtual private network was involved in the process, making it difficult to track the original source.

Sixty-three ATMs across South Korea were affected. Roughly 2,500 payment cards had their card number, expiration date, password and transaction approval codes stolen, according to South Korean government officials.

Among the victims, 28 Citibank customers here lost money, though the amount taken is unknown.

South Korea has a long history with North Korean hackers. The National Defense Ministry was quick to point the finger at the North when its intranet was hacked for the first time last September, but it was only recently that the ministry admitted one of the leaked pieces of information was Operations Plan 5027, also known as the Oplan 5027, the main military plan by South Korea-U.S. allied forces to react to a possible North Korean invasion.

Oplan 5027 is the most recent such plan drawn up by Washington and Seoul. The concession came after South Korea’s state-run Korean Broadcasting Station (KBS) broke the news. The ministry refused to elaborate on what other top secret data were stolen by the North.

BY LEE CHUL-JAE, LEE SUNG-EUN [lee.sungeun@joongang.co.kr]