'Hacker extorted money from Daum, Mr. Pizza'

By Lee Hyo-sik

The court Monday convicted a hacker of extorting money from a web portal and other companies by threatening to expose their customer information.

The Seoul Central District Court said it sentenced a 40-year-old man, surnamed Shin, to one year in prison on charges of violating the Personal Information Protection Law and other laws governing individuals’ private data.

Shin, who is a well-known computer hacker here, breached into a Daum server storing the web portal’s customer data from a computer cafe in the Philippines in September 2007, and stole private information of 29,000 people. The stolen data included Daum customers’ ID numbers, passwords, resident identification numbers, addresses, and telephone numbers.

He then contacted the web portal and threatened to expose the information unless he was paid $150,000. A month later, Daum gave him 5 million won ($4,900), but the hacker sold the stolen private data, along with membership information he stole from 10 other websites, to a third party for 1 million won.

In May 2008, Shin also stole customer information from Mr. Pizza’s website and blackmailed the pizza franchise by threatening to leak the information unless he was paid 30 million won. The company paid him seven million won.

``Shin hacked into numerous websites to steal customer information and blackmail them for money. This is a serious offense,’’ a presiding judge Han Seong-soo said. ``He caused significant damage to people whose personal information was exposed. In addition, his misdeeds weakened public trust in the security of Internet websites, causing huge social costs.’’

Even though Shin had previously been convicted of similar offences, he again hacked into websites to steal their customer information for money, the judge said. ``But given the fact that he extorted a relatively small amount of money and reached an understanding with some of the victims, we decided to place him behind bars only for a year.’’