South Korean police have uncovered a hacking operation that stole delicate knowledge from therapeutic massage parlours and blackmailed their male clientele.
In line with native media reviews, the Gyeonggi Nambu Provincial Police Company believes that 15 folks have been concerned in a legal scheme that noticed the homeowners of therapeutic massage parlours tricked into putting in apps that claimed to supply enterprise providers – however truly helped hackers steal the non-public particulars of consumers.
Clients’ names, telephone numbers, name logs, and textual content messages have been reportedly stolen by means of the malicious app, enabling the extortionists to ship threatening messages to their supposed victims:
We put in cameras within the therapeutic massage rooms and have your video. For those who don’t pay, we’ll ship it to your loved ones and pals.
In actuality, the hackers solely had the purchasers’ particulars, and didn’t have entry to any video footage of what occurred within the privateness of the therapeutic massage parlours. Nevertheless, in response to police, the mere risk of publicity was sufficient to persuade 36 folks to reply by sending cash to the criminals.
Victims are mentioned to have paid quantities starting from 1.5 million to 47 million Korean Received (roughly USD $1,000 to $32,000) every.
In all, the gang is claimed to have tried to extort almost 200 million Korean Received (roughly US $105,000) by means of the scheme.
Police imagine that the hackers began accumulating buyer particulars from therapeutic massage parlours in Seoul, Gyeonggi, and Daegu in January 2022, having tricked 9 therapeutic massage enterprise homeowners into putting in the malicious app.
The gang arrange its personal workplace in Nam District in south-central Busan, with some members tasked with exfiltrating knowledge, some with pressuring focused victims into paying up, and others with laundering extorted funds.
The legal gang was uncovered by accident after an unrelated investigation by police the place they found a malicious app on a therapeutic massage parlour proprietor’s telephone.
In August 2023, the gang’s alleged chief and one other member have been arrested, whereas different suspects went on the run. Police say that the fugitives have been caught since – together with one who’s alleged to have continued working the scheme to extort much more cash from victims whereas evading arrest.
Sadly there was a protracted historical past of cybercriminals blackmailing members of the general public by threatening to reveal embarrassing or delicate info.
Within the notorious case of Finnish psychotherapy supplier Vastaamo, a hacker stole remedy notes of hundreds of sufferers and threatened to launch the main points if they didn’t individually pay a ransom.
The end result was long-term trauma for a lot of of these affected, Vastaamo’s CEO in the end resigning in shame, and the chapter of the corporate.
One other hacking group, often called The Darkish Overlord, constructed a repute for itself with related ways – stealing medical and different data, after which threatening to dump data publicly if they didn’t obtain a ransom.
What makes the most recent case from South Korean case notably hanging is how strange the victims are. The hackers weren’t focusing on banks, hospitals, or authorities businesses. As a substitute, their victims have been people who walked right into a therapeutic massage parlour anticipating a personal service.
The non-public disgrace of the sufferer was exploited in a legal marketing campaign that was extremely efficient and, if it had not been uncovered by police, may simply have gone unreported for a very long time.
