Will questions on KT payment scam be resolved after arrest of suspects?

Koo Jae-hyung, head of KT's Network Technology Division, bows to apologize during a press conference at its headquarters in central Seoul in relation to unauthorized mobile payment fraud cases targeting its users, Thursday. Yonhap

The KT payment fraud issue seems far from resolved, even after suspects were arrested due to a series of unauthorized mobile payment fraud cases that targeted the company's users.

The telecoms industry is closely watching whether the lingering questions over the unprecedented use of rogue cellular base stations, which alarmed the public, will be answered.

According to KT on Thursday, a total of 362 users have been affected, with the accumulated damages totaling 240 million won ($173,000), both figures up from last week’s announcement.

“Since blocking suspicious payment attempts on Sept. 5, there were no additional cases reported,” Koo Jae-hyung, head of KT's Network Technology Division, said during a press briefing at its headquarters in Seoul.

“As we expanded investigations on all payment attempts before the block, the number of victims increased by 84 from the previous announcement, and the total damages grew by 70 million won to 240 million won.”

The company also said the number of KT users whose personal information — including their international mobile subscriber identity, international mobile equipment identity and phone numbers — was compromised has risen to 20,000, up from 5,561 announced last week. It also said the number of rogue base stations suspected to be used for the crime also increased to four from two.

During its first announcement on Sept. 11, KT said there would be no additional damages or data breaches, but reversed its remarks just a week later. This time, however, Koo said he believes the company has “identified nearly all possible types of damages.”

The mobile payment breach came to light earlier this month after police began investigating unauthorized charges affecting KT users in parts of Seoul and Gyeonggi Province.

The incident especially alarmed the public after initial investigations revealed that attackers had used miniaturized rogue cellular base stations, known as femtocells, to intercept verification messages sent to users during payment processes. It was the first case of its kind in Korea.

On Wednesday, police apprehended two Chinese nationals in Incheon and Seoul, respectively, as suspects in the payment scam. During their apprehension, police secured the illegal femtocells that were allegedly used.

Police believe one of the suspects carried illegal femtocells in his vehicle and traveled across the western part of Seoul and Gyeonggi Province to intercept KT users’ signals from Aug. 27 until recently. Through this, the suspect made unauthorized small payments, such as topping up transit cards and purchasing mobile gift certificates, while another suspect is believed to have converted the proceeds into cash.

A suspect involved in a series of unauthorized mobile payment fraud cases targeting KT users leaves a police station in Suwon, Gyeonggi Province, Thursday, as he is taken to a local court for an arrest warrant review. Yonhap

Lingering questions

Femtocells are typically used in homes or small offices to cover a range of 10 to 50 meters. It is usually installed in indoors or in underground areas where signals from base stations are weak or inaccessible, improving call quality and data speeds.

Since femtocells are less costly than setting up base stations, domestic mobile carriers have been expanding the use of femtocells, with KT commercializing femtocell service in 2012 for the first time in Korea.

Koo said during the briefing that KT now has 189,000 femtocells across the country, and around 150,000 are currently operational. There are 43,000 femtocells that have not been able to access the network for the past three months, meaning those devices could be malfunctioning or not traceable.

Because of this, industry officials suspect that KT’s femtocells may have been stolen and exploited for the fraud. Koo also said the company “suspects the attackers may have illegally obtained and modified some of its femtocells, or created a system of linking access information to other illegal devices.”

“Femtocells that have been inactive for more than three months have been switched to an unusable state,” said Kim Young-geol, head of KT’s Service Product Division. “We aim to collect 20,000 units this year and will conduct a full inspection within two weeks. Unused devices will be dismantled and collected, and any lost units will be permanently blocked from network access.”

However, this does not answer key questions about the payment cases, as the suspects are known to have worked in Korea as day laborers, and it remains uncertain whether they have any work experience related to telecommunications. One of them is believed to have no command of the Korean language.

While being taken to a local court for a warrant review, one of the suspects told reporters that he “just did what I was told,” implying the possible involvement of a crime ring behind the scheme.

Police are now investigating how the suspects obtained the illegal femtocells, how they acquired the technical knowledge used in the crime, and whether there is another group orchestrating the scheme.

Also in question is how the attackers bypassed phone verification processes to enable illegal payments. KT officials said it will be able to identify the process after the police investigation.