2 suspects in Hyundai Capital hacking caught
By Kim Tae-jong
Police arrested two suspects Monday on charges of hacking Hyundai Capital’s database and blackmailing the company by threatening to release confidential customer financial information.
A 40-year-old man, surnamed Huh, is thought to be the key figure who facilitated the hacking of Hyundai Capital along with Korean accomplices living in the Philippines, according to the cyber crime investigation unit of the Seoul Metropolitan Police Agency.
The other suspect, Yoo, is charged with withdrawing the money that Hyundai transferred to comply with demands made by Huh and the hackers, the unit said.
“Huh met a hacker surnamed Shin in the Philippines in December and plotted the hacking,” a police officer said. “They met through another hacker who proposed they could earn a lot of money by hacking the databases of large companies and blackmailing them. Huh raised the funds for the plot and sent it to the hackers in the Philippines.”
Shin is also involved in other similar cases including the hacking of major portals and telecommunication sites. He fled to the Philippines in 2007 to avoid the authorities, the police officer said.
The police are now questioning the two suspects while looking for their accomplices in cooperation with Interpol.
The leak of client information took place between February and April via servers in the Philippines and Brazil. Hackers stole personal data and key financial data such as passwords little by little in order to avoid detection.
On April 7, they demanded 500 million won ($460,500) in return for not releasing the confidential financial information.
Later that day Hyundai reported the case to the police, and the following day the firm transferred 100 million won to the accounts specified by the hackers to aid police investigations. The police put surveillance on an automatic teller machine (ATM) but failed to catch the culprit.
Hyundai Capital, an affiliate of the automotive giant Hyundai Motor and the largest lender in the country’s secondary financial sector, said the internal investigation found that the account numbers and passwords of 13,000 prime loan clients had been stolen by the hackers as well as personal data such as names, residential registration numbers, mobile phone numbers and e-mail addresses.
The police are also investigating former and current employees of Hyundai Capital for their possible involvement.
A former employee, surnamed Kim, was found to have accessed the server of Hyundai Capital several times as an administrator even after he quit and started working for another company back in December.