Japan’s Cybercrime Underground: a Ticking Time Bomb?

japanese toriChina, Russia, Eastern Europe, the Middle East – the list of hacking hotspots on the radar of most threat intelligence operatives is growing all the time. But what about Japan? For such an apparently technologically advanced nation, you might be surprised to learn its cybercrime underground is still in its infancy.

That’s the key takeaway from a new Trend Micro report I covered for Infosecurity and IDG Connect recently.

The security giant claimed that Japanese cybercriminals haven’t yet built up the technical know-how to create malware themselves, preferring to buy from other countries and then share tips on how to use it on many of the local underground bulletin board forums.

These forums also sell the usual suspects of child porn, stolen card data, stolen phone numbers, weapons, and so on.

There were several interesting distinctions Trend Micro uncovered between the Japanese cybercrime underground and elsewhere:

  • Cybercriminals accept gift cards from Amazon and the like in lieu of payment
  • CAPTCHA in Japanese is used to access the forums, keeping their membership mainly to locals
  • URLs for some secret BBSs hosted on Tor and other anonymising platforms can actually be found published in books and magazines
  • Japanese cybercriminals are ultra cautious, even using code words when discussing certain contraband, like the kanji character for “cold” when referring to methamphetamine.

So far, the notorious yakuza organised crime gangs have largely stayed out of the game, and that’s the way it’ll stay for some time to come, report author Akira Urano told me. That’s because of a combination of strict cybersecurity laws and the fact that offline scams still work a treat. But it might not be that way forever.

“If ever organized crime groups like the yakuza ever venture into darknets, all they would need is the aid of tech-savvy individuals to engage in criminal transactions,” Urano argues in the report.

I was curious to hear a second opinion on Japanese cybercrime, so I asked FireEye’s local experts.

They hit me with a few stats from the National Police Agency (NPA) which show that, infancy or not, there’s a pretty healthy cybercrime industry in Japan.

Some 88 people were arrested for cybercrimes in the first half of the year, 58% of whom were Japanese. The country is also a major victim of banking fraud – second only to the US, according to other stats.

The country’s public and private sectors also have to withstand a barrage of likely state-backed cyber attacks, launched from outside the country.

Japan’s strengths in advanced technology and engineering, as well as its hand in territorial disputes, have made it a target for China.

Aerospace and defence, transportation, high-tech, construction and telecoms are some of the highest risk industries.

FireEye told me the following by email.

“FireEye observes similar tactics and techniques on Japanese networks as we see elsewhere in the world. However, the key difference is localization: APT actors tailor their phishing e-mails, CnC infrastructure, and even their exploits to Japanese end users. For instance, we have observed threat activity against Japanese targets exploit the Japanese Ichitaro word processing system; zero days against the program are not uncommon.”

Advertisements

Forcing out rooms – Japan’s dirty secret

exitOver the weekend a New York Times story had some interesting insights into the continuing labour problems at Japan’s once proud electronics giants.

It alleged that workers who are unable to be sacked are often sent to oidashibeya or “forcing out rooms” where they are made to perform menial or repetitive tasks in a bid to make them resign out of shame and boredom.

It’s not particularly nice but it’s a situation that seems to have been forced upon multinationals such as Sony because of Japan’s relatively strict employment laws which make it hard to sack staff without good reason.

These firms simply can’t be as agile as their international rivals because they can’t downsize or strip out waste in specific areas. In the technology industry especially, skills can quickly become outdated.

As Gartner analyst Hiroyuki Shimizu told me, these laws should take the majority of the blame for the decline of Japan’s electronics industry on the global stage.

“In these 20 years, the goal for the company executives in almost all the Japanese electronics companies were to make much use of (or not to leave idle) their own excessive resources including workers and assets,” he said.

“In the global electronics market, companies focus on their differentiators. However, Japanese companies focused on the segments where they have plenty of human resources and large assets.”

This is a major failing of Japanese technology firms but not the only one.

Large scale job cuts are starting to appear, at firms including NEC, Sharp and Sony, although more are probably needed. However, this stripping out of dead wood needs to go hand in hand with enhancing traditional areas of technical weakness, said Shimizu.

It’s also true that there’s more to Japan’s well-charted decline on the technology front than just some stubborn employment laws.

“There are several reasons for each Japanese company for losing power such as commoditisation of electronics products, severe competition with Korean or Taiwanese companies or exchange rates,” he told me.

“But we consider that the deep-seated reason is the employment policy of Japanese companies.”


Can fibre-based smart grids provide a solution to our superfast broadband problems?

fibre opticDo you have superfast fibre optic broadband? The answer is probably not, because in the US, UK, Australia and elsewhere projects are riven by funding issues, political in-fighting and delays, delays, delays. The answer just might be right in front of our eyes.

Take this new report from Ovum on smart grids. Before you fall asleep, the smart grid pilot project it refers to in China is being undertaken by the SGCC, the largest utility in the world, so plenty of food for thought for utilities globally depending on what happens with it.

The crux of the Ovum piece is that the pilot – if it goes nationwide – is likely to offer a potential windfall of up to $2bn for international fibre infrastructure vendors. Yup, the project is basically running power alongside fibre to kill three birds with one stone – deliver power, run a smart grid (ie collect and monitor smart meters in customer homes) and potentially offer triple play services.

This hasn’t really been done with any great degree of success outside of Japan, where investments were made over a long period of time, report author Julie Kunstler told me. But if it works out in China, the big question is whether it could show US utilities a way forward – yes fibre is pretty costly but apply for a telco license or lease the lines to comms providers and they could fund such an investment.

It’s sorely needed, in the US and elsewhere, to manage that difficult last mile problem. As Kunstler told me, it solves this issue because power companies already shoot their cables right into the customers’ home, and are pretty much ubiquitous to boot.

In the end it’s still very early days, and although a technology supplier in China I spoke to said they were confident of this 80,000 home pilot going nationwide, even then, the unique political and economic conditions in the People’s Republic may make it the only country where such a huge project can work.

As Clive Longbottom of analyst Quocirca told me, “getting Verizon and AT&T to work together is like getting Democrats and Republicans to agree on a new fiscal package”.

This is where China has the edge – a basically homogenous, state-run set up where what the government says goes…a government, by the way, which has seemingly bottomless pockets and huge aspirations  to lead the world in technology deployments, the bigger the better.

In the meantime, the citizens of the UK, US, Australia and elsewhere will continue to suffer from the kind of political indecision and selfish stakeholders which have thus far hampered any kind of coherent national superfast broadband strategy.


Decline and fall of Akihabara as a tech hub

maid cafe signHas anyone been to Akihabara lately? I know I’m probably way behind the times here, but I still had the impression it was the land of all things shiny and technology-related – where impossibly gadgetry was salivated over by Japanese otaku and envied by foreign visitors.

As my latest ramblings on The Reg explain, I was rather disappointed to see, on exit from the station, pristine pedestrian walkways, giant IT mega-stores and shopping centres. Redevelopment over the past few years has apparently made the place a lot more family and tourist friendly but definitely not much fun for those interested in tech.

Most of the small, cramped, independently owned consumer electronics stores have closed now, but don’t blame the local mayor for wanting to redevelop the place. From my conversations with Japan tech experts and analysts it was going to happen anyway.

The area was big in the 70s, when according to some estimates, 10 per cent of all household appliances sold in Japan were bought in Akihabara. Then the PC and laptop boom in the 90s and beyond took over, drawing in a more geeky crowd keen to build their own customised machines. 

But now it’s all cosplay, manga, Maid Cafes and Hobby shops. It seems the tech industry, and Japanese consumers, have moved on. They’d rather get their gadgets online now and maybe try before they buy in a megastore like Yodabashi Camera, according to an IDC analyst I spoke to.

On the other hand, it’s fascinating to see the area reinvent itself as a geek manga/anime/cosplay paradise. Japan, if nothing else, has a remarkable resilience. 

The decline of Akihabara as a tech hub is therefore unlikely to portend the collapse of the country’s once unstoppable tech industry.