Chinese Hackers Target Japanese Bank Accounts more than $16 million stolen in 6 months
Chinese cyber criminals are looting Japanese bank accounts in record numbers. The most affected Japanese banks are Mitsubishi UFJ Financial Group and Sumitomo Mitsui Financial Group and the total loss suffered by the Japanese banks in first six months is more than 1.85 billion yen or $16 million. This surpases the full-year record of 1.41 billion yen in 2013, according to Japan’s National Police Agency.
Japanese police have manage little headway in busting this cyber crime groups and have so far managed only 133 arrests most of whom are foot soldiers or couriers who have been tasked with withdrawal of the money after the cyber scams have been completed. “We see a very deep Chinese connection in these cyber theft cases,” says Arichika Eguchi, the police agency’s director of cybercrime investigations. “Japanese people’s wealth is draining into China.” About the arrests, he adds, “They’re usually exchange students and trainees from China” who accept employment without realizing they’re committing a crime, says Eguchi. “They think it’s just a part-time job.”
Cyber scams
The easiest method of luring Japanese account holders to be through phishing attacks and malwares. Japanese police says, the Chinese gangs hack into Japanese bank accounts by tricking customers into opening malicious software or disclosing their passwords.
After obtaining the banking credentials, they steal the money by transferring it to other accounts in Japan, then hire foot soldiers who live in the country to withdraw the cash at ATMs. Those people deliver the money to colleagues in Japan who use it to buy goods that are shipped to China. There the products are sold, with the proceeds going to the ringleaders.
Japan’s banks can do little more than alert the customers and compensate the victims. Japan remains a easy target for the Chinese hackers because of its wealth and proximity to China, as well as lack of experience dealing with computer hacking, says Hiroshi Koide, an associate professor of artificial intelligence at Kyushu Institute of Technology. “Japanese people and companies aren’t very sophisticated when it comes to computer security,” says Koide, who advises the Fukuoka Prefectural Police on cybercrime countermeasures. “Japan’s huge assets ensure big profits.”
Case of a foot soldier, Dai Wan
Dai Wan, a 22-year-old Chinese woman attending college in Japan, was arrested after withdrawing almost 12 million yen stolen from Japanese online-banking accounts, according to police in Kyoto. Acting on instructions received through the Chinese-language QQ text-message service, Dai allegedly took the money out of ATMs at convenience stores in the city over two months starting in March, says Kyoji Shibata of the Kyoto Prefectural Police’s anti-cyber crime department.
She is accused of sending the cash to other Chinese residents in Japan to buy luxury goods and diapers, which were probably shipped to China to be sold at higher prices, says Shibata. “The money they steal in Japan will end up giving them multiple returns in China,” he says. Dai was charged with theft and the transfer of criminal proceeds and is being detained for trial in Kyoto District Court, Shibata says. Dai’s lawyer, Hiromasa Nakaya, says his client wasn’t aware that she was committing a crime or working for gangs. She thought she was performing a legitimate part-time job, he says.
Customers visiting the Japanese banking websites are greeted with a red-and-yellow warning sign with text urging them not to enter their passwords in response to e-mails purporting to come from the company, however they tend to disregard such messages. The site also alerts users to computer viruses and offers protective software. “It’s a game of cat and mouse,” said Japanese Bankers Association chairman and president of Mitsubishi UFJ, Nobuyuki Hirano, “They always come up with tricks that seem to be one step ahead of our defenses.”
Resource : Bloomberg Businessweek
These types of attacks are extremely common throughout Europe. Most of the attacks however are perpetrated by Eastern European crime groups. This attack method is relitivley old fashioned in Europe as most crime groups have moved on to attacking bussiness rather than Retail customers. In the case of a technical attack such as this Law Enforcement have the tendancy to focuss on the malware, however reducing the crime groups capability to ‘cash out’ would be the most effective way for the Japanse police to mitigate this attack. The threat from this type of fraud has always been cornered by Eastern Europeans; However, seeing real evidence of Chinese involvement should raise real concerns amongst the Global banking community as it appears there is a new capable threat actor on the scene….these lossess are the tip of the iceberg for Japan, the crime groups will move on to attacking bussiness customers next so watch out…