US troops may be victims of massive credit card hack in South Korea, military says
By KIM GAMEL | STARS AND STRIPES Published: August 20, 2019
SEOUL, South Korea — American troops may have been among the victims of hackers who stole information from more than 1 million U.S. and South Korean credit cards and listed it for sale on the dark web over the past three months, the military said.
The thefts targeted unspecified business and financial entities in South Korea and included information on at least 38,000 U.S.-issued payment cards, according to an alert distributed by the Eighth Army via its Facebook page on Monday.
An unnamed credit union that provides services at U.S. Air Force bases in South Korea was among the potentially compromised organizations, it said.
Citing the large number of U.S.-issued payment cards involved and the significant presence of American troops in South Korea, the Major Cybercrime Unit-Korea said it could “assess with medium confidence that the purchase cards of U.S. service members may have been included in this compromise.”
The stolen information was listed on the dark web since the end of May, according to the notice, which was based on information from the Korea Office of the Major Cybercrime Unit, U.S. Army Criminal Investigation Command.
The notice advised people worried that their credit card information was stolen to place a “fraud alert” on their credit reports and to monitor their accounts for signs of identity theft.
No complaints had been received, and no Department of Defense employees affected had been reported to CID as of Tuesday, spokesman Chris Grey told Stars and Stripes.
Navy Federal Credit Union, which operates on Osan Air Base and other installations in South Korea, said it was aware of the situation and was monitoring it closely.
"At this time, we have no reason to believe any Navy Federal systems were impacted," a Navy Federal spokesperson said in an email. "Our members' privacy and security are our top priorities."
The armed forces bank, which serves all the branches, said that any members who suspect fraudulent activity should call 1-888-842-6328.
“At this point, these appear to be financially motivated cybercriminals,” Grey said, declining to give more information pending the ongoing investigation.
Gemini Advisory, a security firm, also reported the credit card data theft on Aug. 1, saying the hackers had apparently managed to capture the information before it was encrypted as the cards were swiped at the merchants or at ATMs.
That would enable the fraudsters to clone the cards and use them to make illegal purchases, it said. Transactions made using cards with embedded computer chips, also known as EMV chip technology, would have been secure, according to the report.
The New York-based firm first observed information from 42,000 compromised South Korean-issued cards posted for sale on the dark web in May, which it said is generally in line with recent trends.
However, the number spiked to 230,000 records in June and 890,000 in July, according to Gemini Advisory.
“This spike currently consists of over 1 million compromised South Korea-issued CP records posted for sale in the dark web since May 29,” it said, referring to the term CP fraud that involves collecting payment card information from in-person transactions.
It said 3.7% of the compromised records were U.S.-issued cards and many were believed to belong to American cardholders visiting the South.
Gemini Advisory warned that South Korea is becoming a major target for such attacks due to vulnerabilities in its purchasing infrastructure including failure by merchants to use the chip technology.
“While the entire Asia Pacific (APAC) region is experiencing a noticeable uptick in attacks against brick-and-mortar and e-commerce businesses, South Korea has emerged as the largest victim of Card Present (CP) data theft by a wide margin,” it said.
Some 28,500 American troops as well as family members and civilian contractors are based in South Korea, which remains technically at war with the North after their 1950-53 conflict ended in an armistice instead of a peace treaty.
The CID spokesman agreed that chips are more secure than magnetic stripes because they have sophisticated encryption capabilities. However, Grey stressed that the chips don’t assure absolute security and advised credit card users to exercise caution and practice sound operational measures.
"Financially motivated cybercrime is a major threat impacting Army readiness," said Special Agent Edward Labarge, the Director of the command’s Major Cybercrime Unit. "The MCU remains vigilant in pursing hackers and other cybercriminals who target our soldiers, civilians and family members regardless of where they are in the world.”
Stars and Stripes reporter Yoo Kyong Chang contributed to this report.