By Yoshitaka Sumida
THE ASAHI SHIMBUN
Prepaid wireless network cards provide convenient Internet access
anywhere, but in the wrong hands they can be misused to commit fraud.
And this amounts to an open invitation to "wireless hackers," whose
numbers are proliferating.
Prepaid wireless network cards are the tool of choice because they leave
no tell-tale fingerprints, which allows perpetrators to slip away
undetected into cyberspace.
If card distributors were to confirm the identity of the purchaser, this
could be avoided. But if the retailer skips the process then no record
of the customer is retained. Police investigating a hacker attack may be
able to track down the prepaid wireless card but they will be unable to
find the hacker who used it.
To prevent their use in the commission of a crime, the National Police
Agency will require distributors to push for more comprehensive customer
Wireless network cards work when they are inserted into ports on
personal computers to wirelessly enable them at any location where PHS
or cellphones can be used.
The cards are sold with a variety of Internet access plans to meet a
user's needs. A prepaid card includes Internet access and communication
fees for a certain time period. They are hassle-free as no further
billing is required. That is why some distributors allow retailers to
forgo ID checks.
According to the National Police Agency, crime involving the cards began
cropping up three years ago. In 2005, police nationwide made arrests or
sent papers to prosecutors in 271 illegal Internet access cases. Of the
total, 28 cases involved prepaid cards.
Police investigations into illegal Internet access involve tracking down
the source by checking the access record of the server that came under
attack. If the network was accessed via cable, the user can be
identified via the Internet service account.
However, in cases where a prepaid card was used, and the retailer failed
to record customer ID, it is only possible to get to the card used in a
wireless attack, but not to the "hacker" as there is no Internet service
According the National Police Agency, police were aware of 592 illegal
access cases in 2005, through complaints made or suits filed. However,
as of May 2006, investigations had gone cold in 31 of the cases that
involved prepaid cards.
But through diligent cyber sleuthing, some cases have been cracked.
In September 2005, police in Ibaraki Prefecture broke a fraud and
illegal access case after 16 months of detective work and arrested a man
and a woman who had no fixed address.
The pair, who were constantly on the move in their vehicle, sold
nonexistent merchandise on Internet auction sites using a wireless
network card. Some 340 gullible buyers were allegedly duped into paying
a total 80 million yen to the couple.
Police were able to trace their network card via Internet access
records. However, the retailer had not confirmed the purchaser's ID. So
the police traced PHS signals to locations of origin, and tracked down a
suspicious vehicle that was traveling in and out of the area. The car
was tailed from Itabashi and Ikebukuro in Tokyo to Saitama, before
police arrested the couple on suspicion of fraud.
In July 2006, the Ishikawa prefectural police tracked down a group that
was trafficking pornographic DVDs. In this case, the retailer had not
ID'd the purchaser of the prepaid card used in the crime.
To complicate things further, the card had been given to another user.
But the Ishikawa police got a lucky break. The original purchaser used a
point reward card issued by the retailer--made out in the real
name--when buying the card.
This allowed the police to identify the suspects.
Attend Black Hat USA, July 28-August 2 in Las Vegas,
the world's premier technical event for ICT security
experts. Featuring 30 hands-on training courses and
90 Briefings presentations with lots of new content
and new tools. Network with 4,000 delegates from
70 nations. Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on
June 1 so register today. http://www.blackhat.com