S. Korea bank probed over 'cyber-attack' shutdown

Apr 18, 2011 |

SEOUL

Tags:

Regulators launched an inquiry on Monday into South Korea's largest banking network after a suspected cyber-attack left many customers unable to access their money for three days.

A system crash that started on April 12 left customers of the National Agricultural Cooperative Federation, or Nonghyup, unable to withdraw or transfer money, use credit cards or take out loans.

Nonghyup, which has about 5,000 branches, said it suspected the problem was caused by cyber-attackers, who entered commands to destroy computer servers and wipe out some transaction histories.

"The latest incident was conducted internally. The meticulously designed commands entered through a laptop computer owned by a subcontractor company were carried out to simultaneously destroy the entire server system," Nonghyup official Kim You-Kyung said.

He said the suspected attack might have been staged by an "experienced" expert to cripple the entire network at the bank, which is the country's largest in terms of branches.

The bank's services were partially restored after three days, but some — including an advance cash service — were still unavailable on Monday.

Around 310,000 customers have filed complaints and nearly 1,000 called for compensation.

The major technical glitch also temporarily deleted records of some of Nonghyup's 5.4 million credit card customers, leaving the firm unable to bill customers or settle payments to retailers.

State prosecutors have launched a probe to see whether hackers attacked the the bank's system.

The financial supervisory service and Central Bank officials visited Nonghyup's Seoul headquarters on Monday to investigate whether it had followed computer security rules.

Nonghyup pledged full compensation for any damages to customers and stressed there was no leak of personal data.

It was the second major glitch at a financial firm in April, after Hyundai Capital, a financial arm of South Korea's top automaker Hyundai Motor, said a hacker broke into its computer system and stole customer data.

Hyundai Capital, which has about 1.8 million customers, said it lost data on 420,000 customers such as names, residential registration numbers and mobile phone numbers.

About 13,000 passwords also appeared to have been hacked from customers' loan accounts, said Hyundai Capital which is also under investigation by regulators.

Consumer rights groups said they may file class action suits against the two firms.

"We have already enough people to qualify to file suits, but laws are not favourable to consumers in a case like this," Cho Nam-Hee, chief of the Korea Finance Consumer Federation, told AFP.

Cho said the level of protection that financial firms must by law maintain on its online systems is relatively low, and courts usually impose fairly light punishments.

Police have arrested a 40-year-old man identified only as Hur on charges of masterminding the attack on Hyundai Capital.

Hur was one of three South Korean men who allegedly recruited a hacker to make money by breaking into the computer system of Hyundai Capital.

Post new comment

<form action="/comment/reply/68513" accept-charset="UTF-8" method="post" id="comment-form"> <div><div class="form-item" id="edit-name-wrapper"> <label for="edit-name">Your name: <span class="form-required" title="This field is required.">*</span></label> <input type="text" maxlength="60" name="name" id="edit-name" size="30" value="Reader" class="form-text required" /> </div> <div class="form-item" id="edit-mail-wrapper"> <label for="edit-mail">E-Mail Address: <span class="form-required" title="This field is required.">*</span></label> <input type="text" maxlength="64" name="mail" id="edit-mail" size="30" value="" class="form-text required" /> <div class="description">The content of this field is kept private and will not be shown publicly.</div> </div> <div class="form-item" id="edit-comment-wrapper"> <label for="edit-comment">Comment: <span class="form-required" title="This field is required.">*</span></label> <textarea cols="60" rows="15" name="comment" id="edit-comment" class="form-textarea resizable required"></textarea> </div> <fieldset class=" collapsible collapsed"><legend>Input format</legend><div class="form-item" id="edit-format-1-wrapper"> <label class="option" for="edit-format-1"><input type="radio" id="edit-format-1" name="format" value="1" class="form-radio" /> Filtered HTML</label> <div class="description"><ul class="tips"><li>Web page addresses and e-mail addresses turn into links automatically.</li><li>Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd></li><li>Lines and paragraphs break automatically.</li></ul></div> </div> <div class="form-item" id="edit-format-2-wrapper"> <label class="option" for="edit-format-2"><input type="radio" id="edit-format-2" name="format" value="2" checked="checked" class="form-radio" /> Full HTML</label> <div class="description"><ul class="tips"><li>Web page addresses and e-mail addresses turn into links automatically.</li><li>Lines and paragraphs break automatically.</li></ul></div> </div> </fieldset> <input type="hidden" name="form_build_id" id="form-f68f3868d32e75191ce5542e35fc1495" value="form-f68f3868d32e75191ce5542e35fc1495" /> <input type="hidden" name="form_id" id="edit-comment-form" value="comment_form" /> <fieldset class="captcha"><legend>CAPTCHA</legend><div class="description">This question is for testing whether you are a human visitor and to prevent automated spam submissions.</div><input type="hidden" name="captcha_sid" id="edit-captcha-sid" value="80916607" /> <input type="hidden" name="captcha_response" id="edit-captcha-response" value="NLPCaptcha" /> <div class="form-item"> <div id="nlpcaptcha_ajax_api_container"><script type="text/javascript"> var NLPOptions = {key:'c4823cf77a2526b0fba265e2af75c1b5'};</script><script type="text/javascript" src="http://call.nlpcaptcha.in/js/captcha.js" ></script></div> </div> </fieldset> <span class="btn-left"><span class="btn-right"><input type="submit" name="op" id="edit-submit" value="Save" class="form-submit" /></span></span> </div></form>