25.09.09.Today News : KT Small Payment Scam Expands: Ghost Base Station Evidence Found

KT Small Payment Scam Expands: Ghost Base Station Evidence Found

📍 Over 40 victims across Seoul metro area, damages exceed 50 million won; government launches joint probe, KT pledges full compensation

A hacking scheme targeting KT mobile subscribers through unauthorized small payments has spread from Gwangmyeong and Yeongdeungpo to Bucheon, with total damages surpassing 50 million won. Investigators suspect the use of “ghost base stations” rather than simple smishing attacks. The government has formed a joint investigation team, while KT has promised to fully reimburse all victims.

A new type of hacking was carried out using ghost base stations.

---

■ Damages Spread Across Seoul Metropolitan Area
What began in Gwangmyeong has quickly spread to Yeongdeungpo, Geumcheon, and Bucheon. Police have already received more than 40 reports, and damages are estimated to exceed 50 million won. Payments were mostly made for gift cards or transportation top-ups, often during late-night hours.

■ Ghost Base Station Hacking Suspected
KT confirmed abnormal network activity, identifying an extra base station signal in areas where only five should exist. This sixth signal was a “ghost base station” set up by hackers to mimic legitimate telecom equipment. Once connected, the fake station could capture sensitive information such as IMSI numbers. Experts warned: “This is the first real-world case of an attack previously thought possible only in laboratories.”

■ Victims’ Testimonies
Victims reported unusual incidents, including forced logouts from KakaoTalk, sudden inaccessibility of the PASS authentication app, and unnoticed increases in their small-payment limits. Some even said no text alerts arrived after fraudulent charges. One victim wrote online: “I lost 700,000 won overnight without installing anything or visiting a telecom store. This feels like a breach inside the carrier’s own system.”

■ KT’s Slow Response Raises Questions
Initially, KT denied responsibility, claiming its systems were intact. But four days later, the company formally acknowledged the intrusion and reported it to the Korea Internet & Security Agency (KISA). KT explained it found traces of past intrusions between September 7 and 8, but experts criticized the company for missing the first hacking incident in early August.

■ Joint Government and Police Investigation
The Ministry of Science and ICT (MSIT) classified the incident as a major telecom security breach and formed a joint task force to conduct on-site inspections at KT headquarters. Investigations will continue for one to two months, covering KT, payment service providers, and retailers. Police are also tracking the fraud routes, considering the possibility of wider spread beyond Seoul.

■ Legal Responsibility and Compensation Issues
Legal experts argue that KT cannot avoid liability, even if it was not the direct perpetrator. Attorney Kim Hyung-kyu said: “The question is whether KT took sufficient preventive security measures. If negligence is proven, KT could face both administrative penalties and compensation duties.”

KT has promised to fully compensate all victims, but trust remains shaken. Experts warn that unless Korea’s telecom industry invests in stronger security infrastructure, similar mass-scale breaches could recur.

One-line summary :KT’s small-payment hacking scam, linked to ghost base stations, has spread across the Seoul metro area with damages exceeding 50 million won, prompting a government probe as KT pledges full compensation.