Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Crime The Almighty Buck Technology

Man Spoofs GPS To Fake Shop Visits For Profit, Gets Caught (nikkei.com) 97

AmiMoJo writes: A man in Japan used GPS spoofing to fake 2.7 million visits to shops in the Aeon Kyushu chain. Each visit rewarded him with two "WAON" points, with the total worth around 5.3 million yen ($45,000). The man used 45 laptops to continually spoof GPS readings and launch the Aeon Kyushu app, collecting two points each time.
This discussion has been archived. No new comments can be posted.

Man Spoofs GPS To Fake Shop Visits For Profit, Gets Caught

Comments Filter:
  • So jail for violating an EULA?

    • by Howitzer86 ( 964585 ) on Saturday November 17, 2018 @08:41PM (#57662184)
      I would think fraud, since he's certainly not entitled to that $45k.
      • store gift cards? or limited gift cards but not real cash?

      • by Anonymous Coward

        Coupons aren't money. If you look at any physical coupon, they state that their monetary value is less than 1/1000th of a cent or some ridiculously low amount (probably the amount the paper is worth to recycle). He was getting electronic coupons, which are worth absolutely no amount of money.

        The fault here lies with the idiots running Aeon Kyushu and whoever was responsible for creating their app. You'd have to be really fucking incompetent to not account for something like this.

        Aeon Kyushu should fire the

        • You can go ahead and not define it as fraud until it is exchanged for goods or services. But it won't make a practical difference.

          But no, you don't blame the victims of fraud. It might or might not be poor design, but as you build a better system someone will always build a better hacker.

      • Not automatically. That would depend on the terms of the contest.

        Although, TBH, I have a hard time imagining they did not include "actually visit the site" as one of their terms.

        But you never know until you read them.
      • by AmiMoJo ( 196126 ) on Sunday November 18, 2018 @05:18AM (#57662862) Homepage Journal

        According to TFA the specific laws are misappropriation and misuse of electromagnetic records. Basically exploiting a flaw in a computer system that you should reasonably have known was not intended, similar to using an exploit to gain access to a system.

      • It's definitely fraud, says so right there in the article:

        è...éZå®ç-'è...ãå®ç-'ã'èãã¦ãã

        Plain as day.

    • by Barny ( 103770 )

      Do I really have to say it? Slashdot has been running for, what, 20 years now, and you still haven't worked out you should RTFA before posting?

      "suspected misappropriation of electromagnetic records and use of the same." From google translate of the linked article.

      • Re: (Score:2, Funny)

        by Anonymous Coward

        RTFA? Why should I be first?

    • So jail for violating an EULA?

      No, for gross stupidity in attempting fraud. If he had stopped at a few thousand visits he might have got away with it but 2.7 million visits are clearly physically impossible and simply has to be fraud.

      • If someone is smart enough to come up with an illegal scheme to make money, they're smart enough to come up with a legitimate one. So actually I agree: the stupidity is not in the spoofing itself, that's actually kind of impressive. Rather, it's the poor application of skill and effort that makes it stupid. He's like those investors that run ponzi schemes instead of actually investing. I'll never understand these people.
        • by Anonymous Coward

          Uh, no. There are many barriers to legally making money, mostly artificially imposed by the people at top to keep everyone else down. It's always easier to make money illegally.

        • If you invest other people's money, you actually have to make a profit to pay them out the return you promised. If you run a Ponzi scheme, you can promise double digit returns, and all you have to do is keep finding more suckers and use their money to pay out to earlier investors, before you take the lot and skip town. They require two completely different skills: investment savvy vs. being a charismatic salesman.

          How exactly would you propose making a quick legal $45.000 with GPS spoofing?
    • Comment removed based on user account deletion
      • Re: (Score:2, Insightful)

        by Anonymous Coward

        Define "visit the store". Did the TOS specifically say a "physical" visit? You might assume that, but how did the company choose (they chose) to measure when a visit took place? That's why contracts and TOS's are so damn long.

      • by mysidia ( 191772 )

        The man misrepresented the facts.

        Not so clear.... MERELY lying does not constitute fraud.. there has to be an actual representation which the party Had a right to rely on. The man used a capability of his phone/computers to "Virtually" visit the approximate GPS location of stores without actually driving there in person --- he can make the argument that he represented nothing, or that information was given only to the app on his local phone.

        If the 3rd party software provider/developer took the GPS i

        • Comment removed based on user account deletion
          • by mysidia ( 191772 )

            I suspect the Japanese courts are going to be even less swayed by that logic.

            The laws are different in Japan.
            He wasn't jailed for fraud... he was jailed for misappropriation of electromagnetic records --
            or in other words: basically, for exploiting a bug in software on his phone.

            • Comment removed based on user account deletion
              • by mysidia ( 191772 )

                Would you argue that a shoplifter isn't guilty because the store didn't have adequate security

                An entirely different thing -- the items on their shelfs are the property of the store.
                You can only remove them with the intent to possess them if a store employee agrees that you can have them,
                otherwise it would be theft; generally when you go to check out and you are presented a receipt for the items after
                being given an amount to pay for them AND you submitted the payment.

                On the other hand, If you gave the ca

  • by Anonymous Coward
    but the assholes who spoof phone numbers keep cashing their checks.
  • Huh? (Score:4, Informative)

    by grep -v '.*' * ( 780312 ) on Saturday November 17, 2018 @09:10PM (#57662248)

    to fake 2.7 million visits to shops

    Really? Let's see: 365 days / year, 18 hours / day (he's got to stop for gas sometime), let's say 45 sites (45 laptops, and I'm ASS-U-ME-ing, and let's say they're all in a circle. (It's been done before [mashable.com].)

    Around in the US, I thought a "visit" lasted an hour. Since he's "going" to different store locations, this shouldn't be a problem. And 0 seconds at the store -- he drives up to the front door, the GPS reads his location, and drives off.
    For convenience sake, it always takes 10 minutes to reach the next store.

    It takes 10 * 45 = 450 minutes for a 45 store transit, or 7.5 hours. Say 7, so 3 complete rotations per day. That's 21 hours (a bit over my 18 hours / day, but he hits a lot of green lights. Or pedestrians, your choice.) That's 3x45 = 135 stores per day. In a year that's 49,000 store visits.

    So 2.7 Million visits would take 55 years. So a la Mythbusters: CONFIRMED. ;-) (Man, that's a cheap life. They oughta give him a free soda or something.)

    And so he really thought he could get away with it? A million visits (over multiple accounts, that's what the 45 computers were for. Yeah I know. But how much did THEY cost?) That's like the guys in Germany who were getting paid to produce solar power. It was fine, but they noticed one company producing it at night. Bright moon I guess.

    I've also heard of geniuses who go to WalMart (or wherever) buy thousands of dollars or merchandise and hand the clerk a million dollar bill. AND WANT THEIR CHANGE.

    • Re:Huh? (Score:5, Funny)

      by R3d M3rcury ( 871886 ) on Saturday November 17, 2018 @10:07PM (#57662346) Journal

      I've also heard of geniuses who go to WalMart (or wherever) buy thousands of dollars or merchandise and hand the clerk a million dollar bill. AND WANT THEIR CHANGE.

      No, no, no.

      A group of counterfeiters had a problem with their printing press and it started print $18 bills. So they figured they'd go to the local Walmart and ask for change. The Walmart person said, "Sure, how do you want it? Three sixes or two nines?"

      I'll be here all week. Try the veal!

      • No, no, no.

        A group of counterfeiters had a problem with their printing press and it started print $18 bills. So they figured they'd go to the local Walmart and ask for change. The Walmart person said, "Sure, how do you want it? Three sixes or two nines?"

        And then there was the guy who went to Walmart and tried to pay with a $2 bill. Got the cops called on him by the clueless employees.

        • And then there was the guy who went to Walmart and tried to pay with a $2 bill. Got the cops called on him by the clueless employees.

          This happened to me at McDonald's on Mission St. in Santa Cruz, except there were no cops involved, only a manager. Cashier was a FOB who'd never seen a $2 bill, and told me it was a fake. Manager knew what it was, though.

        • ...and then there's guys like Woz [hackaday.com]...

    • That's like the guys in Germany who were getting paid to produce solar power. It was fine, but they noticed one company producing it at night.
      That was in Spain, not in Germany.

      I've also heard of geniuses who go to WalMart (or wherever) buy thousands of dollars or merchandise and hand the clerk a million dollar bill. AND WANT THEIR CHANGE.
      If that happened to me, I would take the bill, tell him I have to consult my manager and check if it is genuine, and run to my car ...
      Ah, well, the flaw is I usually come

      • Re:Huh? (Score:4, Interesting)

        by Antique Geekmeister ( 740220 ) on Saturday November 17, 2018 @11:49PM (#57662518)

        There was a famous short story by Mark Twain, titled "The Million Pound Bank Note". It described a young man, the pawn of two wealthy men making a bet, that he could bit survive with only a million pound bank note. The key was for the young man to convince people that he was an eccentric wealthy man, rather than personally poor, and he was never forced to actually _deposit_ the bank note.

    • by hey! ( 33014 )

      This shows something I've observed many times over the years: stupid people can be cunning; or alternatively clever people can be idiots.

  • Takeshi Fukuoka preliminary police On November 12, police arrested Daigo Sugano (29), an unemployed worker in Hokkaido Ishikari-shi, Hanakawa Northern 2, 2, for suspected misappropriation of electromagnetic records and use of the same. Sugano admits charges.

    I'd like to see the actual law on Japanese books that makes this somehow an actual crime.

    So just so we're clear, he's being charged with misuse of a magnet, basically. WTF?

  • by fluffernutter ( 1411889 ) on Saturday November 17, 2018 @09:34PM (#57662298)
    I think the penalty should go to the company with the stupid idea to give anyone anything worth money based solely on GPS data.
    • by mikael ( 484 )

      There used to be competitions to be in the most remote location and take a photograph of yourself. That was before the days of Photoshop, Gimp and other utilities. So people would go hill-climbing or sailing out in the ocean, or find some generic bit of sand dune and say they were in somewhere exotic. Much easier if you can just fake your GPS coordinate.

      • by Anonymous Coward

        Ahh so this is how the moon landing came to be!

      • by mysidia ( 191772 )

        Much easier if you can just fake your GPS coordinate.

        Probably mod the contest to require using a specific camera with a built-in GPS that digitally signs the photo stream, and the submitter needing to show the moderator some background info about the location and papers as supporting evidence proving that they went there.

    • That might be a stupid idea but faking 2.7 million visits is even more stupid since it is physically impossible and obviously fraud. If he had faked a few thousand he might well have got away with it since it would have been a lot harder to prove that they were faked.
      • But how many people are doing this and simply not being as greedy? How can any one trust a business that leaves themselves open so willingly?
  • by mapkinase ( 958129 ) on Sunday November 18, 2018 @05:32AM (#57662898) Homepage Journal

    He better be using them cheap laptops for less than $1000 a piece.

    • He better be using them cheap laptops for less than $1000 a piece.

      Well, that's not hard. A few minutes on Amazon and I could find laptops for a little over $100. Not very powerful laptops, granted, but he probably didn't need a lot of computing or graphics power to do this.

      • And yet if you're using junk like that you could get a dozen or more VMs per physical machine with something a little more powerful. Huge waste of money even if they weren't $1K each.

        • And yet if you're using junk like that you could get a dozen or more VMs per physical machine with something a little more powerful. Huge waste of money even if they weren't $1K each.

          Maybe he got them for free, or nearly free. Lots of people have offered me free craptops, I've taken some but refused most. And I see low-end laptops and netbooks at flea markets for only a few bucks all the time. Most are probably stolen, but compliance with the law doesn't appear to have been a big priority for this guy.

        • And yet if you're using junk like that you could get a dozen or more VMs per physical machine with something a little more powerful. Huge waste of money even if they weren't $1K each.

          Given that he was spoofing GPS, it's possible he might have needed them to be in 45 different locations while he was pulling this off. Bit difficult to do that with VMs.

    • Well, it's not like you have to consume the laptops to pull off this heist...

Genius is ten percent inspiration and fifty percent capital gains.

Working...