comment 0

JJPTR wasn’t hacked

The fact that this RM2 company manage to raise RM500 million should be news enough, but claims that it lost all it’s money to ‘hackers’ is too hilarious for me to ignore.

If you haven’t heard, a get-rich-quick scheme called JJPTR, claimed it lost RM500 million to hackers, which even with today’s depreciating ringgit would exceed a value of USD100 million. For perspective, the hackers who hacked into the Bangladeshi central bank, pocketed ‘just’ over USD60 million.

So why aim for central banks, when get-rich-scheme’s like JJPTR have are swimming in money like ol’ scrooge McDuck, (did you know JJPTR stands for Jie Jiu Pu Tong Ren which literally translates to salvation for the common people in Mandarin)

Salvation for the common people…..

Da Fuck?!

Let me break it down for you.

It’s one thing to hack a computer, it’s another to steal money.

Let’s say you gave me your Maybank2U login details, and even your phone (for the OTP), everything malicious I do can still be traced directly to me.

I could transfer your entire savings to my account–and then I’m just one police report away from jail.

I could transfer your entire savings through other hacked accounts, and then to me–and still be just one police report away from jail. Every cent transferred across every bank account is recorded till Kingdom come.

I could paypal the money across (which still doesn’t help), or better yet transfer the money to my bitcoin address–but bitcoin is useless on it’s own, and I’d still need to spend it on a currency where every spend is public knowledge. We could get exotic and use bitcoin mixers and the like, but moving that much cash through the system still isn’t easy.

I could just spend your money paying other people’s Maxis, Astro, Indah Water bills, or maybe just transfer all your money to random accounts making you broke. But that would harm you, but not benefit me–which is why criminals never do it. Even gangsters gotta eat.

That’s why the common scams online are credit card fraud (where criminals ship mechandise to themselves via online shopping) or something that ends up using ATM machines–because cash dispensing at the ATM is pretty anonymous.

But RM500 million isn’t something you can withdraw from the ATM.

I hear you shouting now–these are trading accounts, the crooks probably just traded his money to accounts they control.

Yes, and those accounts belong to someone, can be traced and investigated. Banks are ridiculously paranoid about KYC processes (Know Your Customer), and they won’t let you open a simple savings account without proper documentation–let alone a trading account.

The only reason we marvel at the Bangladesh Central Bank hack is not that hackers broke into the bank–it wasn’t very secure anyway– but because the hackers knew how to get physical cash out of the system, without leaving a money trail. I’m not glorifying people who steal from 3rd-world countries, the point is, hacking accounts is quite far removed from extracting cold hard cash.

And the way the Bank got back it’s money (recovering roughly USD38 million), was not by stopping the hack, or technical cyber-forensic, rather it worked with financial institutions to stop payments, and with law enforcement to recover funds from accounts. Eventually this landed up in the justice system with criminals charged and brought to court.

In other words, if you get hacked, report it your bank and the police–they’re likely able to help more than any hacking guru you might find.

Mr. Lee though, decided to ask his friends to probe the trading accounts, and has so far refrained from lodging a report, or alerting financial institutions to lock his accounts. He hasn’t contacted proper cyber-security professionals or even provided details to anyone.

For someone smart enough to guarantee double-digit returns to investors (per month!)–he sure looks like a dumbass.

Either that or he’s lying.

To help you along make your decision, just note that the Monetary Authority of Singapore (MAS) had listed JJPTR on it’s Investor Alert List back in August 2016.

I’ll let you decide, but remember dear readers–never ascribe to hacking, what is more easily explained by stupidity.