Attacker posted tutorials and guides about his hacks

Nov 11, 2014 10:52 GMT  ·  By

A young man, known by the surname Jang, in the South Korean capital city Seoul has broken the security settings of various websites across the world, amassing an incredible collection of 280,000 private records before being arrested.

The information stolen from the websites included credentials for social networking accounts like Facebook and Twitter, along with details about employees of national or international government agencies, taken from North Korean websites.

Attacker wanted to prove himself to the hacker community

It appears that some of the stolen data has been posted online, on his blog, where he would explain the steps for carrying out the attack and reaching the information. In some cases, Jang would create video tutorials and publish them on YouTube. He was also sharing tips on hacker forums.

It is believed that 13,000 personal records were made public in one way or another. The stolen data would be stored in cloud storage accounts.

The authorities say that the hacking spree lasted from November 2013 until August 2014, and sites in 24 countries were impacted.

According to Korea Joongang Daily, the hacker told the police that the motivation behind his attacks was to prove himself among fellow hackers.

However, the authorities say that the deeds also started to have a financial angle, apart from simply showing off the skills; evidence has been produced by the police that Jang tried to make purchases using stolen credit card information.

One of the victims was a Korean official, who had made a purchase on an online shopping mall. The hacker also took over the official’s email account.

Hacker attacked websites with weak security

Only sites with weak security measures in place seem to have been targeted by the perpetrator.

Oftentimes, private data such as passwords was not encrypted, which made it a sitting duck. It would be safe to assume that if such basic protection was not in place, the targeted websites were probably riddled with easy to exploit bugs and weaknesses.

SQL injection is the most common and basic form of attack, but it is also highly efficient on sites that do not take some precautions against intruders.

Drupal alerted in the middle of October of a highly critical SQL injection vulnerability that would not require too much knowledge to be exploited. At the end of the month, the developers of the CMS warned that websites that had not been patched within hours from the initial disclosure of the glitch should be considered compromised.

The methods used by the hacker have not been disclosed by the authorities though.