Japan’s Cybercrime Underground: a Ticking Time Bomb?

japanese toriChina, Russia, Eastern Europe, the Middle East – the list of hacking hotspots on the radar of most threat intelligence operatives is growing all the time. But what about Japan? For such an apparently technologically advanced nation, you might be surprised to learn its cybercrime underground is still in its infancy.

That’s the key takeaway from a new Trend Micro report I covered for Infosecurity and IDG Connect recently.

The security giant claimed that Japanese cybercriminals haven’t yet built up the technical know-how to create malware themselves, preferring to buy from other countries and then share tips on how to use it on many of the local underground bulletin board forums.

These forums also sell the usual suspects of child porn, stolen card data, stolen phone numbers, weapons, and so on.

There were several interesting distinctions Trend Micro uncovered between the Japanese cybercrime underground and elsewhere:

  • Cybercriminals accept gift cards from Amazon and the like in lieu of payment
  • CAPTCHA in Japanese is used to access the forums, keeping their membership mainly to locals
  • URLs for some secret BBSs hosted on Tor and other anonymising platforms can actually be found published in books and magazines
  • Japanese cybercriminals are ultra cautious, even using code words when discussing certain contraband, like the kanji character for “cold” when referring to methamphetamine.

So far, the notorious yakuza organised crime gangs have largely stayed out of the game, and that’s the way it’ll stay for some time to come, report author Akira Urano told me. That’s because of a combination of strict cybersecurity laws and the fact that offline scams still work a treat. But it might not be that way forever.

“If ever organized crime groups like the yakuza ever venture into darknets, all they would need is the aid of tech-savvy individuals to engage in criminal transactions,” Urano argues in the report.

I was curious to hear a second opinion on Japanese cybercrime, so I asked FireEye’s local experts.

They hit me with a few stats from the National Police Agency (NPA) which show that, infancy or not, there’s a pretty healthy cybercrime industry in Japan.

Some 88 people were arrested for cybercrimes in the first half of the year, 58% of whom were Japanese. The country is also a major victim of banking fraud – second only to the US, according to other stats.

The country’s public and private sectors also have to withstand a barrage of likely state-backed cyber attacks, launched from outside the country.

Japan’s strengths in advanced technology and engineering, as well as its hand in territorial disputes, have made it a target for China.

Aerospace and defence, transportation, high-tech, construction and telecoms are some of the highest risk industries.

FireEye told me the following by email.

“FireEye observes similar tactics and techniques on Japanese networks as we see elsewhere in the world. However, the key difference is localization: APT actors tailor their phishing e-mails, CnC infrastructure, and even their exploits to Japanese end users. For instance, we have observed threat activity against Japanese targets exploit the Japanese Ichitaro word processing system; zero days against the program are not uncommon.”

Advertisements

China’s mobile cyber crime underground…and me on the Beeb

chinese flagI was on BBC Newsday, a World Service breakfast programme, on Wednesday talking about the Chinese cyber mobile underground story I wrote up for The Reg this week.

It’s based on a Trend Micro report The Mobile Cybercriminal Underground Market in China – published this week by its Forward Looking Threat Research Team, which reveals once again the sophistication and commercialisation of the underground networks via which cyber criminals trade goods and service.

Although the report itself doesn’t throw up a huge amount of new data it’s interesting to see evidence that such networks exist in China, selling common attack kits like premium service abusers, SMS Forwarder Trojans and spam.

Typically, being broadcast journalism we were kept strictly to 5 minutes of short, sharp soundbursts by the BBC which allowed for little meaningful discussion of the topic besides “what’s the Dark Web”? “How do I get on it?” and Who’s behind these attacks?”. I had a better chat with the researcher the night before.

That said, it’s an important topic to air publically.

Although we didn’t cover this in as much detail as I’d have liked, the real message to listeners of the program – which apparently has among the highest audience numbers on the planet – is to be more vigilant when downloading apps online and make sure they install basic AV on smartphones.

In China, where unregulated third party Android stores are the norm and mobile AV is rare, the cyber criminals have it made.

The only light I can see on the horizon in this part of the world is for the government to follow through with its planned regulation  of the mobile app space. This would force industry to self-regulate and clamp down on malicious apps either pre-loaded onto phones or uploaded to web stores.

The only problem is that any new regulations are also likely to restrict content deemed “offensive” to Beijing – in other words censorship by the back door.