A hacking organization accused of stealing 39 billion won from BTS's Jungkook and other wealthy individuals in the country has been captured by the police.
The Seoul Police Agency announced on the 28th that 18 members, including A (35) and B (40), who are of Chinese nationality and are suspected of being the leaders of the international hacking organization, were arrested along with domestic and international associates.
According to the police, these members hacked six websites, including those of government agencies, public institutions, and IT platform companies, from July 2023 to April this year, stealing personal, financial, and authentication information of 258 individuals. The hacked information included identification cards, driver's licenses, account numbers, financial asset balances, and phone numbers. The members also hacked low-cost mobile phone services to fraudulently activate SIM cards and, after securing means of identification such as joint certificates or I-PINs, they infiltrated financial accounts and virtual asset exchange accounts.
They embezzled 39 billion won from 16 victims in this manner and attempted to defraud 25 billion won from 10 victims but failed. The total estimated loss amounts to 64 billion won. The victims included eight corporate chairpersons, one executive, three entertainers and influencers, and three virtual asset investors. Among the corporations, there were also two individuals included in the top 100 groups.
The largest loss was said to be worth 21.3 billion won in virtual assets. In Jungkook's case, he lost 8.4 billion won worth of HYBE stocks, but it was reported that his agency took measures such as payment suspension immediately after recognizing the damage, so it did not lead to actual losses. Additionally, 12.8 billion won was returned to the victims through police measures to block withdrawals and freeze accounts.
◇ The targets were military personnel and detained wealthy individuals… 'Difficult to respond to unauthorized activations'
The members prioritized selecting wealthy individuals among the 258 who had their personal information compromised, ultimately narrowing down those who would be difficult to respond to unauthorized mobile activations. Accordingly, the main targets were the heads of chaebols who were detained, entertainers, athletes, and virtual asset investors who were overseas or serving in the military. This is also the reason why BTS's Jungkook was among the victims.
The members hacked the activation services of 12 low-cost mobile operators and fraudulently activated 118 SIM cards under the names of 89 individuals. They exploited the fact that low-cost mobile operators have lower security levels than the three major telecommunication companies. The masterminds shared articles related to wealthy individuals through Kakao Talk messenger, checking their arrest status and sharing information about the low-cost mobile activations.
Once the low-cost mobile phone systems were compromised, various non-face-to-face identity verification systems were also breached without resistance. The affected institutions and companies included five entities such as the government and public institutions, two identity verification institutions, one financial institution, one ICT consignment institution, one IT company, and 12 low-cost mobile operators.
◇ Police succeeded in dismantling the organized crime network in collaboration with Interpol and Thai police
The police arrested a total of 18 members of the organization. Among them, three have been detained.
After receiving intelligence from Interpol that A was in Thailand, the police, in a joint operation with local police and Interpol last May, captured the masterminds A and B, who are of Chinese nationality. At the time of their arrest, they were also hacking from a hotel in Bangkok. They had been operating in an organized crime manner from bases in Yanji and Dalian, China, and Bangkok, Thailand.
A was extradited to Korea on the 22nd and was detained on the 24th for 11 charges, including violation of the Information and Communications Network Act and specific economic crime laws. The police plan to transfer him to the prosecution for detention on the 29th. B was arrested in Thailand last June and is currently undergoing extradition procedures to Korea.
Additionally, four intermediaries of Chinese nationality, who were instructed by the masterminds to recruit domestic operatives and launder money, were also arrested. Twelve Koreans who were involved in unauthorized activations of SIM cards, operating SIM relay devices, and circumventing identity verification were also apprehended.
Oh Gyusik, head of the Cyber Investigation Unit 2 of the Seoul Police Agency, noted during a briefing, "This case is not simply personal hacking, but an unprecedented incident that circumvented non-face-to-face verification systems."