How hackers exploited Japanese trading accounts to steal $700M
What's the story
A surge in illicit trading activities has seen hackers manipulate penny stocks using compromised online brokerage accounts in Japan.
The fraudulent trading spree, which started in February, has already surpassed ¥100 billion (around $710 million or ₹6,070 crore).
These scams involve buying low-volume stocks both domestically and internationally, allowing early investors to profit from inflated prices.
Broker response
Major Japanese brokers report unauthorized trading
Japan's top brokerage firms, including Rakuten Securities and SBI Securities, have reported cases of unauthorized trading on their platforms.
The incident underscores Japan's weakness in safeguarding markets against cybercriminals.
Following these hacks, some securities firms have also stopped processing buy orders for certain Chinese, US, and Japanese stocks.
Investor concerns
Japanese investors left perplexed and unsupported
Many Japanese investors are perplexed as to how their accounts were hacked, as the securities companies have mostly refrained from compensating for losses.
One investor lost around ¥50 million when his account was hacked to purchase both Japanese and Chinese individual stocks.
Despite only ever buying index funds that tracked the S&P 500 index, his account was misused for margin trading, prompting him to sell off his securities to prevent further losses.
Official action
Government's response to the trading scam
The Japanese government has called on brokerages to hold "good faith" discussions with clients on compensating for losses.
The Japan Securities Dealers Association is also calling on its members to strengthen their systems by mandating multi-factor authentication.
Nobuhiro Tsuji, a cybersecurity expert at SB Technology, said hackers are probably using techniques like adversary-in-the-middle and infostealers to access accounts.
Attack strategies
Cybersecurity expert details hackers' methods
Tsuji explained that the adversary-in-the-middle method employs both fake and legitimate websites to steal cookies - small text files stored in web browsers that contain session data.
The attack typically begins with a phishing email or malicious ad directing the user to a fake site.
Infostealers, on the other hand, are malware specifically designed to steal sensitive information such as IDs and passwords.