Japan's novice cybercriminals: isolated but learning fast

Digital crime in Japan is unique and growing

If anywhere in the world deserves to have ascribed to it that overused epithet “a nation of contrasts” it is Japan. At once intimidatingly advanced and shamelessly archaic, its technology landscape perfectly sums up the concept of galapagos-ization – developed in isolation from the rest of the world. For example, before the iPhone finally made its mark, the top smartphones in Japan were produced by the likes of Sharp, Fujitsu, Hitachi and NEC and unlikely to be seen anywhere outside the Land of the Rising Sun.

But what of the country’s cybercrime underground? We hear a lot today about the transnational nature of online crime – of gangs dispersed across the globe in virtual teams to evade capture and obfuscate the true location of attacks. Are Japanese nationals a part of this trend too, or has this ‘industry’ also developed in a global vacuum?

A new report from Trend Micro suggests emphatically the latter. In fact, the Japanese cybercrime underground is very much in its infancy – so much so that most local online players haven’t even summoned up the technical know-how to create malware.

Report author Akira Urano summed it up with the following:

“The country’s strict legislation against crime has influenced an underground that veers away from malware creation and transforms into its own entity—a marketplace characterized by the taboo, the illegal, and the vindictive.”

The majority of illegal activity is conducted on Bulletin Board Systems (BBSs) hosted on TOR and other anonymising Deep Web platforms. These replicate the popularity of ‘legal’ online forums like 2channel – self-contained communities which facilitate discussions and knowledge sharing, and the buying and selling of goods and services.

The usual suspects are here: hacked card details, phone number databases, child porn, weapons, fake passports, and so on. But there are some highly distinctive Japanese idiosyncrasies:

  • Some ‘secret’ BBS URLs are published in books and magazines about the Deep Web
  • Japanese cybercriminals are known to accept gift cards from Amazon, PlayStation Store etc. as payment instead of cash
  • Many use code when discussing illegal activities to further hide their involvement – for example 冷(cold) is used as a euphemism for methamphetamine.
  • CAPTCHA is used in Japanese language to enter many BBS sites – keeping membership strictly local

Time for the yakuza?

While this is an industry very much in its infancy, is there a risk for individuals and businesses outside Japan that a new generation of ‘cyber samurai’ might one day expand their horizons abroad? Not in the near term while offline crime tactics continue to bear fruit, Urano told me by email.

“There are other ways to get money from victims instead of online crime,” he argued. “This isn’t likely to change in the near future because simple money transfer scams work. The traditional modus operandi will remain.”

And what about the elephant in the room: the notorious yakuza organised crime gangs? Well, at the moment they too seem content to live in the real, rather than the online, world, although some affiliates are starting to try their hand at phishing and fake shopping sites, Urano claimed. A FireEye malware analyst I contacted also attested: “I haven’t seen any reports indicating yakuza’s involvement”.

Despite strict cybercrime laws in Japan, there must be a temptation to test the waters, given the woeful state of online policing.

In a celebrated case a couple of years ago, a lone hacker known as “Demon Killer” used Trojan malware to infect the computer of several innocents and post online bomb and other terror threats onto the web. Police traced the IP addresses and arrested the four owners of the hacked PCs but failed to check if there was any malware present. Two of the four were even coerced into making false confessions. It was only after the real Demon Killer – 30-year-old IT worker, Yusuke Katayama – contacted police while the four were in jail that police reopened the case.

Despite this, Trend Micro’s Urano claims things are improving.

“After the Demon Killer case, the National Police Agency (NPA) has been taking action to reinforce cybercrime investigations,” he told me. “I think the capability of the police is getting better.”

It will have to. Cybercrime reports to the NPA soared 40% in March 2015 from the previous year – a big figure when you consider 86% of the population is online. And Japan was the second worst hit by online banking malware after the US last year, although it’s unclear how many attacks were launched from within the country. NPA data translated for me by FireEye revealed that in the first half of 2015, 88 people had been arrested for cyber-related crimes, 58% of whom were Japanese.

For now though, it’s probably safe to say that Japan’s irrepressible shimaguni konjo (island mentality) will keep us gaijin out of the crosshairs.