Chinese cyber-criminals caught laundering $48 mln through online games

In China’s largest ever cybercrime bust, the authorities have nabbed a gangsuspected of defrauding small-business owners of around ¥300 million (about $48 million). (The original report in Chinese comes from the news site Sina.) The cyber-criminals contacted their victims through Chinese instant-messaging service QQ, where they offered naive users a link to a deal they couldn’t refuse. Clicking on the link installed a piece of malware on victims’ computers that would steal online payment details such as Paypal account logins.

The unique wrinkle: The criminals used these accounts to buy not Swiss watches or giant TVs but credits in online games, which they then sold for cash. Worldwide in 2011, consumers spent $2.1 billion on “in-game purchases”, such as virtual goods for their characters in online games to use or trade. And that’s just counting the purchases made on mobile devices.

The scheme is in some respects similar to what could become the biggest online bank heist in US history, should the Russian gang that discussed it on what they thought was a closed channel manage to pull it off. In both cases, the key to penetrating banks’ security is stealing payment details from users’ home PCs, which tend to be much more vulnerable to attack. Online identity in hand, it’s then possible for a criminal to impersonate a user and connect to the bank without having to hack the bank’s security systems. China has as many internet users as the US has citizens, and leads the world in total amount of cybercrime, according to a 2012 report (pdf) by computer security firm Symantec, from which the graphic above is taken.