S. Korea bank probed over 'cyber-attack' shutdown

April 18th, 2011 by Jung Ha-Won in Technology / Internet
Regulators launched an inquiry on Monday into South Korea's largest banking network after a suspected cyber-attack left many customers unable to access their money for three days.


Regulators launched an inquiry on Monday into South Korea's largest banking network after a suspected cyber-attack left many customers unable to access their money for three days.

Regulators launched an inquiry on Monday into South Korea's largest banking network after a suspected cyber-attack left many customers unable to access their money for three days.

A system crash that started on April 12 left customers of the National Agricultural Cooperative Federation, or Nonghyup, unable to withdraw or transfer money, use credit cards or take out loans.

Nonghyup, which has about 5,000 branches, said it suspected the problem was caused by cyber-attackers, who entered commands to destroy computer servers and wipe out some transaction histories.

"The latest incident was conducted internally... the meticulously designed commands entered through a laptop computer owned by a subcontractor company were carried out to simultaneously destroy the entire server system," Nonghyup official Kim You-Kyung said.

He said the suspected attack might have been staged by an "experienced" expert to cripple the entire network at the bank, which is the country's largest in terms of branches.

The bank's services were partially restored after three days, but some -- including an advance cash service -- were still unavailable on Monday.

Around 310,000 customers have filed complaints and nearly 1,000 called for compensation.

The major technical glitch also temporarily deleted records of some of Nonghyup's 5.4 million credit card customers, leaving the firm unable to bill customers or settle payments to retailers.

State prosecutors have launched a probe to see whether hackers attacked the the bank's system.

The Financial Supervisory Service and central bank officials visited Nonghyup's Seoul headquarters on Monday to investigate whether it had followed computer security rules.

Nonghyup pledged full compensation for any damages to customers and stressed there was no leak of personal data.

It was the second major glitch at a financial firm this month, after Hyundai Capital, a financial arm of South Korea's top automaker Hyundai Motor, said a hacker broke into its computer system and stole customer data.

Hyundai Capital, which has about 1.8 million customers, said it lost data on 420,000 customers such as names, residential registration numbers and mobile phone numbers.

About 13,000 passwords also appeared to have been hacked from customers' loan accounts, said Hyundai Capital which is also under investigation by regulators.

Consumer rights groups said they may file class action suits against the two firms.

"We have already enough people to qualify to file suits, but laws are not favourable to consumers in a case like this," Cho Nam-Hee, chief of the Korea Finance Consumer Federation, told AFP.

Cho said the level of protection that financial firms must by law maintain on its online systems is relatively low, and courts usually impose fairly light punishments.

Police have arrested a 40-year-old man identified only as Hur on charges of masterminding the attack on Hyundai Capital.

Hur was one of three South Korean men who allegedly recruited a hacker to make money by breaking into the computer system of Hyundai Capital.

(c) 2011 AFP

"S. Korea bank probed over 'cyber-attack' shutdown." April 18th, 2011. http://phys.org/news/2011-04-korea-bank-probed-cyber-attack-shutdown.html