Japanese police target users of Tor anonymous network

Japanese people who “abuse” the Tor anonymous browsing network could be blocked from using it.

The police in Japan have decided to target people, who are found abusing the anonymous Tor network, and block them from accessing the network. This development was reported in a recommendation made by a panel of experts from the technological to the National Police Agency, according to the Japanese daily The Mainichi. The panel, which was established with the sole purpose of coming up with new strategies for tackling crimes which were perpetrated using the Tor network. All this happened after the high profile case of the Demon Killer who used the Tor anonymous network to elude capture from authorities.

Japanese police target users of Tor anonymous network

Japanese police target users of Tor anonymous network

Tor, an abbreviation of The Onion Router, is a network which has features of anonymity for its users by redirecting the traffic to dedicated servers worldwide which provides for concealment of a user history and his location so that internet activity cannot be traced easily. The network works in layers of encryption as the name suggests i.e. like the layers of an onion peel, and the data is encrypted and re-encrypted repeatedly so that it cannot be deciphered during the transit process. The network has been around since 2002 and many versions have been released from time to time and there has been some controversy about the level of safety and anonymity on the network and its use for potentially illegal activities.

The anonymous has made investigation into cybercrime much difficult and perplexing and the noise around it was heightened during the recent case of the Demon Killer. Demon Killer, the notorious hacker who went around sending threat messages about bombing nurseries and schools on online discussion and chat forums. The Police had announced a reward of 3 million Yen or 20,000 dollars for information about the hacker’s whereabouts.  When the police arrested four suspects, they were found to be innocent victims of the hacker who had compromised their machines using the virus iesys.exe and was using them to use Tor. The hacker sent taunting emails to the Police, which included riddles which took the investigators to an island near Tokyo and finally led them to a feline wearing a collar which had a memory card on it which included details of the virus used by the hacker. He was finally apprehended by the police soon after they studied the CCTV footage of the cat in which he featured. The hacker was a worker in the IT industry named Yusuke Katayama, aged 31.

It was after Katayama’s arrest that the NPA decided to get expert guidance to nab criminals who used similar means to elude the law and set up an expert panel. The panel has recommended a ban on networks like Tor or any other network which provides anonymity to the users.

The ISPs in Japan are not apparently happy with this recommendation of the panel, and an industry insider commented in a talk with the Mainichi that “Communication privacy is our lifeline. We won’t be able to accept such a request,”

Well, the merit of this recommendation will be understood only later after more reaction is observed and the opinion of other experts in industry is sought. 


Japan task force to fight cyber crime

Japan is going to launch a nationwide task force which is going to consist of 140 members with the intent of fighting cyber crime which has been plaguing the country for quite a while now. The force will also tackle cyber attacks originating from other countries, the National Police Agency announced on Tuesday.

Japan task force to fight cyber crime

Japan task force to fight cyber crime

The personnel who are going to be recruited in the task force will be experts in their respective fields and will possess skills in languages such as English, Korean, Chinese and Russian. Moreover, they will be deployed in many important locations like Tokyo, Osaka, and other cities, according to the statement made by the agency.

The move has been taken so as to protect national interests by providing cyber security to government organizations, defense contractors and private corporations which control infrastructural facilities like power plants and gas storage sites etc.

National Police Agency commented that the recruitment of experts in foreign languages will help counter cyber threats from other countries and these experts would “gather information on cyber attacks from abroad”. Until now, such cases were handled by provincial police departments who use to get help from specialists in their respective fields.

This move was necessitated when Japan came under attack from across the border in the September last year, which occurred when Japan decided to administer control over Tokyo governed Senkaku islands, on which the Chinese also stake a claim and call them as Diaoyus. The resultant attack was a widespread one which affected around 19 or so websites which included the websites of a government ministry, some courts, and even a medical facility. The attack was said to have been perpetrated by the Chinese state as per the statement made by the agency. In fact, Japan was victim of more than 1000 cyber attacks in the year 2012 according to the National Police Agency, and most of them had their origins in the Chinese states.

Moreover, a report by a leading US firm earlier this year also pointed towards the same fact when they said that the Chinese were investing money so as to organize cyber attacks. The report also asserted that the People’s Liberation Army was connected with a long running campaign of cyber espionage.

The effectiveness of this venture by the National Police Agency will be demonstrated only with time but it is surely a step in the right direction against the growing menace  of cyber crime.

Hackers turn China security report into Trojans

Hackers create malicious versions of a report released by Mandiant which linked cyberattacks to the Chinese army, but the IT security vendor says its system is not breached.

Hackers have tampered with the security report by a leading U.S. security vendor Mandiant, which incidentally discussed implicated Chinese army in the cyber attack on many leading U.S. companies and other Western organizations. The report which was released last week obviously made headlines around the world and made many shocking revelations about the role of the Chinese state in using cyber technology to further their espionage and other activities etc. So the hackers decided to turn the tables on them and they tagged the report file with a little souvenir of a malware of their own to the file such that a report which accused the Chinese of attacking others became a weapon for their use itself.

Hackers turn China security report into Trojans

Hackers turn China security report into Trojans

The digital report, which is about 60 pages long, was tagged with a Trojan or malicious software which allows the hackers to control the infected computers once the file is downloaded and accessed by users. These tainted files come with an email that was sent by the hackers as part of their spearphishing campaign. As per a blog post by Symantec, the corrupted files have been used as “bait” by hackers by embedding a virus called Trojan.Pidief into fake reports which are disguised as PDF files and open a blank PDF document upon opening, which unleashes the malware while remaining unknown to the users. The malware has been designed to exploit the vulnerability in Adobe Acrobat known as Reader Remote Control Execution vulnerability. The email containing the fake report comes from a media organization is in Japanese language along with the PDF attachment containing the malware. 

Moreover, there have been reports of a second spearphishing campaign, according to Kaspersky Lab ThreatPost : The first phishing attacks are using a file named “Mandiant_APT2_Report.pdf“, a slight variation of the real report name, which uses the APT1 moniker that the computer security firm applies to the specific crew of Chinese attackers discussed in the document. The other spear-phishing attack is using a document named “Mandiant.pdf” as its bait, and the malware used in that attack calls back to a C&C server based in Korea, also at a dynamic DNS provider.”

The first phishing mails were sent from somewhere in Korea to target Japanese organizations, but the second campaign is more obscure in its whereabouts and targets.

The report by Mandiant, which raised strong evidence for the role in Chinese army in sponsoring cyber attacks, including a video has left little to the imagination of anyone.  The report mentioned a unit of Chinese government known as Unit 61938 responsible for the hacking attacks to which the report referred to as Advanced Persistent Threats (APT) which have been functional for many years now.  Mandiant has developed this report over quite some period and have documented more than 150 attacks perpetrated by the APT groups.

The Chinese Ministry of Defence has refuted all such allegations of industrial espionage. However, the U.S, Government has recently decided to up their cyber security. Well, this seems the only solution at present but the government must aim for increasing education and awareness about such attacks to effectively curb this problem.

Zeus banking Trojan targeting five major banks in Japan

Zeus, one of the most well known banking Trojans around for quite a long time is finally heading East. If reports are to be believed, the Zeus Trojan is set to target customers and at least five major banks in Japan. The malware which has affected millions of users in the United States and Europe and thousands of organizations across the globe has caused financial losses in millions. Since its inception in 2007, it has helped many cyber criminals in their illegal activities such as stealing personal and financial details of thousands of people all over the world.

Zeus banking Trojan targeting five major banks in Japan

Zeus banking Trojan targeting five major banks in Japan

The National Police Agency of Japan has been following threats related to the Zeus banking Trojan for some time now and have alerted many customers in Japan about possible intrusions. It is surprising because Japan is a country that was relatively safe from such Trojan attacks for unknown reasons, though some assert that it is possibly the language barrier that was responsible. Moreover, Symantec has also confirmed the existence of variants of the Zeus Trojan which is being used to target customers in Japan.

Zeus banking Trojan, also known as Zbot belongs to a family of malware toolkit which allows miscreants to write their own Trojan horses, software commands that appear authentic but are carrying a hidden attack. This toolkit has become much popular over the last two or three years. When Zeus Trojan infects a machine, it starts monitoring the websites visited by the users, especially the banking sites, and injects an HTML code that displays a message that prompts victims to re-enter the information they provided so as to re-register for better services and an improved customer experience. This information is requested in a form similar to that provided by banks so that the information can be stolen by cyber criminals. Its biggest feature is that one can tweak the forms to fields to forms at the browser level and then stealing the information via keystroke logging which tracks the keystrokes one makes while entering sensitive information such as account numbers and PIN etc. The ability to tweak this malware makes it stealthy and it is the reason why most anti-virus software is ineffective against Zeus.

 This Trojan is propagated through various methods, commonly phishing emails and unmonitored downloads and web links etc. and can be used to steal not only banking credentials but any type of personal information such as social networking account credentials, email passwords and usernames etc.

The ability of Zeus to dodge anti-virus software because of its adaptability has led to infection of more than 3 million users in the U.S. alone and cyber crime organizations and theft rings are always looking for avenues to spread this Trojan.

The Japanese variant of Zeus is pretty much similar to the basic Zeus toolkit only differing in the fact that it comes in the Japanese language.

The best measure for people in Japan would be to stay clear of suspicious emails and malicious links on the internet and regularly update their anti-virus software and malware detection kits.

Malware stole 3000 confidential Documents from Japan ministry

Cyber attack in Japan : Malware steals 3k confidential documents from farm ministry

Recently, many Japan ministries became the victim of a widespread cyber attack which was perpetrated with an aim of stealing official information and more than 3000 confidential documents were pifered in this attack many of which pertained to international trade negotiations. The hackers used malware to exploit the vulnerabilities in the security of the minstry websites and it is being believed that this attack is a cyber espionage attempt on the Japanese government.The attack was reported by the Japanese daily, The Daily Yomiuri.

Malware stole 3000 confidential Documents from Japan ministry

Malware stole 3000 confidential Documents from Japan ministry

Forensic investigations have revealed that this attack was perpetrated using the Advanced Persistant Threat (APT) exploitation kit known as “HTran”. The attacked ministries include the Ministry of Agriculture, Fishery and Forestry.

HTran is a malware that was developed way back in 2003 and that the source code of the kit mentions a chinese hacker as the author of the malware. It was identified and studied by the Dell security team in 2003 whereupon they commented that HTran (aka HUC Packet Transmit Tool) is a rudimentary connection bouncer, designed to redirect TCP traffic destined for one host to an alternate host. The source code copyright notice indicates that HTran was authored by “lion”, a well-known Chinese hacker and member of “HUC”, the Honker Union of China. The purpose of this type of tool is to disguise either the true source or destination of Internet traffic in the course of hacking activity.

The source code of this file can be found on the internet at


The HTran malware is commonly used by the hackers to hide the location of their command and control servers and thus evade identification. This is the reason why no trace of the perpetrators has been found by the authorities. Read More