• Kyodo


Police agencies received a record number of queries related to cybercrimes in the January-June period, but arrested fewer online criminals. They also confirmed for the first time the existence of a new form of online banking threat known as the man-in-the-browser attack.

During the six-month period, police were consulted 54,103 times in relation to online crimes — up 37.3 percent from the same period last year and the most since records began in 2000, data compiled by the National Police Agency showed Thursday.

The agency added that the number of cybercrimes that actually led to arrests was down around 10 percent to 3,697 cases.

Nearly half, or 25,630, of the queries were about fraud and dubious business offers outside the domain of Internet auctions, an increase of 64.1 percent, the agency said.

NPA devices that automatically detect suspicious Internet access also logged a total of 448.2 cases per machine, up 50 percent from a year earlier and the highest since 2007. The machines are designed to detect attempts to exploit vulnerabilities in computer servers and personal computers for attacks, the agency said.

The police also detailed a new kind of attack whereby an Internet user logs on to his or her online banking portal using a virus-infected PC, and the PC then executes an order — unauthorized and undetected — to transfer money into a different account.

Known as an MITB, or man-in-the-browser attack, it operates as if a person is in the browser. An agency official cautioned bank users to be vigilant.

“Increasingly sophisticated techniques are being used to exploit security holes on the Internet,” the official said.

Viruses used in previous online banking scams were programmed to steal user IDs and passwords from account holders by displaying bogus log-in screens. Criminals then went online to access the accounts themselves.

The new form of attack appears to have emerged as a result of beefed-up security measures put in place to guard against conventional viruses by detecting bogus log-in displays and other authentication procedures for log-ins.

Other queries handled by the police included those related to spam mail (6,526 cases, up 12.6 percent), defamation (4,646 cases, down 1.5 percent) and unauthorized access (4,021 cases, up 45.9 percent). Net auction queries were up 14.9 percent to 3,198 cases.

The agency said last week that roughly ¥1.852 million had been transferred from the bank accounts of unsuspecting victims in the first half-year period — a figure that already surpasses the annual record of around ¥1.406 million last year.

In a time of both misinformation and too much information, quality journalism is more crucial than ever.
By subscribing, you can help us get the story right.