Out of the 9 million records the hacker got hold of, 4.8 million belong to banks, 260,000 to loan firms, 650,000 to online shopping malls, 5,300 to universities, and 3.2 million to various web pages.
Shin, 42 years of age, one of the people that the Chinese police took into custody, ran a so called "loan mediating company" that would contact people and offer to lend them money. The contact information of these potential customers was provided by a Chinese hacker who, back in May 2006, broke into Korean banks, loan firms and Internet shopping malls databases for the bargain price of $14,900. About 4.8 million records were obtained from banks alone, including info such as name, address, phone number, and credit card details.
Chun, Shin, and the other people involved in the case did not use the data provided by the hacker to fraudulently obtain credit cards or lines of credit. What they did instead was use that info to contact people and put them in touch with loan sharks. It is estimated that about 1,100 transactions were made, and for each one Chun charged a 5-15% commission. The Korean authorities also estimate that part of the records were sold on to an unscrupulous loan operation for a profit. Chun and his associates were so successful that they managed to bring in an estimated $2.67 million.
A warrant has been issued under the name of 42-year-old Chun, but the Seoul Metropolitan Police Agency's Cyber Crime Investigation Division will first have to track him down, then take him in custody. His six accomplices were arrested, but have not been detained.
This incident is very much similar to spam, except that instead of sending you messages that try to convince you to buy something, the Koreans in question phoned people and asked them whether they would like to borrow some money.