Around 160 user IDs of Tokyo-based e-book sellers Kinokuniya Co. were confirmed to have been hacked to illegally download some 36,000 e-books worth about 21.7 million yen (around 200,000 US dollars) for free from Kinokuniya’s e-book sales application, this revealed by the Metropolitan Police Department (MPD). Kinokuniya’s e-book sales app called “Kinoppy” was used to download e-books for free, with the use of some auxiliary illegal apps installed in devices running Apple Inc.’s iOS. These downloads happened before the bookstore was forced to improve security on the system in November last year.
In police custody are suspects Takahito Kariya, a 33-year-old staff member of a non-profit organization in Shimabara, Nagasaki Prefecture, and Hidekazu Kikuzawa, a 41-year-old employee from Toyonaka, Osaka Prefecture, under charges of computer fraud. Police believe that the 2 suspects – while not responsible for the whole operation – fraudulently downloaded 259 e-books worth a total of 200,000 yen from August to October 2012. The police have revealed that the two suspects have admitted to the allegations. The user IDs that have been used are reportedly mostly from minors, and police plan to investigate the case starting with the larger monetary values first. This e-book fraud is largely made possible by illegal apps installed on an iOS device – including “IAP Free” and “IAP Cracker”. These apps were designed outside of Japan and meant to allow anyone to use Kinoppy and download books without any credit card or billing.
According to security software company Trend Micro, there are numerous other illegal apps that are designed to avoid being charged by giving sellers fake payment information. Masaya Takahashi, senior specialist at Trend Micro, said, “There is a possibility that other apps such as paid games that do not have their own authentication security system have fallen victim. Users should realize that using illegal apps is a crime.”