Three teenage boys, aged 14 to 16, were arrested for unauthorized access to the Rakuten Mobile system, according to Tokyo's Metropolitan Police Department. The arrests, announced on February 27, 2024, were made under allegations of violating the Act on Prohibition of Unauthorized Computer Access and electronic device fraud.
The arrested individuals include a 15-year-old junior high school student from Maibara, Shiga Prefecture; a 16-year-old first-year high school student from Ogaki, Gifu Prefecture; and another 14-year-old junior high school student from Tachikawa, Tokyo. Reports suggest they were linked through online gaming platforms.
From May to August 2023, the trio allegedly used 11 sets of stolen Rakuten IDs and passwords to sign up for over 100 mobile lines through Rakuten Mobile. The police stated the teens had developed a custom program utilizing generative AI, particularly OpenAI’s ChatGPT, to mechanize the contract signing process, leading to the establishment of more than 1,000 mobile lines.
The police also seized electronic devices during their investigation, discovering approximately 3.3 billion sets of IDs and passwords, including 220,000 records linked directly to Rakuten’s system. These details were reportedly purchased via telegram from other individuals, showcasing the extent of their operations.
According to the police, the boys earned around ¥7.5 million (approximately $70,000) through the illegal contracts, reselling the data plans obtained. A spokesperson from the police revealed the involvement of the 15-year-old student as the brains behind the operation, explaining his actions were driven by a desire for recognition on social media.
Each student expressed their motivations during interrogation with remarks like wanting to garner attention on social media platforms and hoping to use the profits for personal gains, including gambling activities online.
The alleged crime involved the manipulation of Rakuten's system, which allows for the consecutive signing of mobile line contracts under one Rakuten account with minimal verification, making it easier for unauthorized actors to exploit.
The police noted the significant risk generative AI poses, as evidenced by this case, reflecting broader concerns as criminal methods utilize advanced technologies. There are growing apprehensions about the misuse of AI-generated content and capabilities, which could lead to crime proliferation.
This incident is part of larger issues wherein generative AI is increasingly being leveraged for cyber crimes. Just last year, another suspect with no formal programming background was arrested for creating ransomware using generative AI to generate applicable codes.
“We aim to crack down on cyber crimes effectively to deter the future misuse of generative AI technologies,” stated the police during the press release.
The rise of such incidents emphasizes the urgent need for awareness and protective measures related to digital security at all levels, especially among youth.