A South Korean law enforcement operation has taken down a large-scale fraud network that extorted $6.3m from victims with fake online trading platforms that were sophisticatedly designed to steal money.
Dubbed Operation Midas, this year-long task involved the Korean Financial Security Institute (K-FSI), a South Korean nonprofit, and several South Korean law enforcement agencies.
Sung-Wook Jang and Yong-Hyun Kim, from K-FSI, shared their experience for the first time with a global audience at Black Hat Europe in London on December 11.
Behind the Scenes of a Fake Personal Trading Network
As part of Operation Midas, K-FSI and the South Korean authorities identified 125 illegal home trading system (HTS) programs.
These online trading platforms are computer software, mobile apps, or websites offered by brokerage firms to allow individuals to trade stocks using their personal devices.
Operating from abroad, an unnamed fraudulent organization impersonated at least five South Korean financial companies promoting seemingly legitimate HTS platforms with transactions that appeared to be real.
These programs communicated with the servers of legitimate brokerage firms to get real-time stock price information and used publicly available chart libraries to create visual representations.
“However, no actual stock trades are made. Rather, the program's core feature, a screen capture function, is used to spy on users' screens, collect unauthorized information, and refuse to return money,” explained Jang and Kim.
Users of the fraudulent HTS platforms were also pushed to invest through YouTube broadcasts and KakaoTalk reading rooms and then siphoned off the investment.
Operation Midas: 20 Servers Seized, 32 People Arrested
K-FSI professionals obtained 14TB of screen captures that were inadvertently exposed by the developers, including the supply organization that developed and sold the program and the operations organization that rented and operated the program they provided.
They monitored this activity for over a year.
“We watched as they used generative AI for efficient development, operated over 100 domains and servers, moved servers offshore to evade law enforcement, and extorted money from users,” Jang and Kim added.
Finally, K-FSI helped South Korean law enforcement agencies seize and analyze over 20 servers used by the fraud ring and took down the 125 illegal HTS platforms.
They also arrested 32 people involved in the scheme, including two developers and one infrastructure manager.
K-FSI published a report in Korean in April 2024 detailing how Operation Midas had been conducted and uncovering the criminal methods used by the perpetrators of the fraud scheme.