Hack Attack: Japan Comes Under Black-Hat Fire

Tracking Down Perpetrators Online

Hackers have their sights set on Japan. Cryptocurrency worth ¥7 billion was stolen from the major Japanese cryptocurrency exchange Zaif in September 2018. This followed an attack on Coincheck, another major exchange, in January of the same year, in which thieves made off with ¥58 billion of cryptocurrency. Both cases bear the hallmarks of crypto theft: the value of the currency stolen was huge, and the culprits are still at large.

However, the Zaif attack may mark a turning point in Japan’s cybersecurity. Immediately after the attack, a six-strong team of “white hats,” IT specialists who fight cyberattacks, was formed to secretly track the hacker. The team included Japan Hackers Association Director Sugiura Takayuki.

How did this team set about tracking down the culprit? Sugiura explains: “We set ‘traps’ in the cryptocurrency network and spent the month after the attack carefully monitoring online activity for clues. After much analysis of transaction logs, we finally identified the IP address from which we believed the attacker had connected to the exchange.”

The Zaif attack resulted in the theft of ¥4.2 billion worth of Bitcoin, ¥2.1 billion worth of Bitcoin Cash, and ¥700 million worth of Monacoin. “Our team focused its attention on Monacoin,” says Sugiura, “the currency with the smallest volume in circulation.

Sugiura Takayuki, director of the Japan Hackers Association.

“A hacker must access a node in the network in order to transfer stolen cryptocurrency into another account. We hit on the idea of creating new nodes and logging and analyzing the transactions performed through those nodes. The Monacoin network originally consisted of around 200 nodes, but my team added nearly 220 more, effectively ‘booby-tracking’ half the network. We figured that if the hacker accessed one of those nodes to transfer funds, we might be able to perform a reverse IP lookup of the hacker’s address, and even identify the individual concerned.”

This approach paid off. A month after the attack, the thief started transferring the stolen cryptocurrency and was caught in the team’s traps. Says Sugiura, “The IP address we identified was located in Europe. There’s only so much we can do, however: we ultimately handed our findings to the Financial Services Agency and the police.

“Cost and a dearth of specialists with the necessary skills means that teams like ours are rare. Despite the highly anonymous nature of cryptocurrency transactions, however, our operation meant that there is now a possibility that the culprit behind this theft will be successfully identified.” Sugiura hails this as a positive result that could both deter, and warn of, future attacks.

Next Target: The Olympics

The shortage of security specialists in Japan is a subject of some concern. According to statistics released by the Ministry of Economy, Trade, and Industry, the shortage will reach 200,000 by 2020. For its part, the Ministry of Defense plans to grow its cyber defense team to around 150 by the end of the current fiscal year in March 2019 and then to 220 in fiscal 2019, including external contractors. This number still falls well behind similar teams in the United States and China, though.

Indeed, the threat grows greater by the day. A monitoring system established by Japan’s National Institute of Information and Communications Technology detected around 150 billion packets in hacking-related Internet traffic in 2017—500 times greater than when records began in 2005. While only a portion of this represents actual attacks against Japanese targets, the statistic does show just how commonplace hacking has become.

Over half of the 411 Japanese banks and credit cooperatives surveyed by the Bank of Japan in 2017 stated that they had been subject to cyber-attack within the previous two years, and numerous governmental organizations and corporations have fallen victim to attacks.

Sugiura has frightening news when asked what hackers are likely to target. “You should assume that all of us are constantly under attack. Different hackers have different objectives. A hacker might want to obtain confidential information from a specific company, or simply steal IDs and passwords.”

There are steps individuals can take to prepare, though. “You can defend yourself against such attacks by always keeping your operating system up to date. By the same token, older systems, as you’d expect, are more vulnerable to hacking. If you’re running a five-year-old operating system that you have never updated, you’re at risk. While I realize that money can be tight in small businesses, if you’re running an operating system that’s no longer supported, such as Windows XP, you have no way of protecting yourself against hacking.” Sugiura urges companies in this situation to separate their important information and take it offline as much as possible.

“There are also fears that the 2020 Tokyo Olympics will be targeted by cyber-attacks,” notes the cyber security specialist. “In a way, however, the Olympics’ large budget makes them more secure. While some hackers may choose to attack during the Olympics for infamy, those interested in profit will probably strike before the Games officially commence and security is beefed up.”

Hackers as National Agents

Some cyber-attacks are suspected to be part of a national strategy. For example, a North Korean hacking syndicate was believed to be involved in the Zaif and Coincheck thefts. Meanwhile, the New York Times has reported that Chinese and Russian intelligence agencies eavesdropped on Donald Trump’s personal cellphone calls.

Sugiura does not deny that states may be mounting strategic cyber-attacks, but strikes a cautious tone: “It’s important to note that such claims can’t be backed up with solid evidence. Suppose a North Korean hacking syndicate operating in China steals some cryptocurrency. All we’d be able to tell from the log is that the attack originated in China. Just because an attack originates in China or Russia doesn’t mean that it was perpetrated by Chinese or Russian hackers. You can’t determine the hackers’ nationality from the log.”

It is conceivable, Sugiura admits, that the Chinese or Russian authorities eavesdropped on Donald Trump. “After all, it’s a fact that those countries’ expansion of military preparations includes intensive intelligence operations. The same applies to North Korea. In this area, we can say categorically that the Japanese government has not engaged in any wrongdoing. In the future, though, Japan needs to be prepared as intelligence offensives and psychological warfare become more sophisticated and social media is used to influence public opinion.”

Defending Your Online Communications

Of this year’s top ten threats to information security announced by Japan’s Information Technology Promotion Agency, number one in terms of crime against individuals was online hacking and abuse of credit card or other key financial information. The runner-up was ransomware attacks (the hijacking of vital data or functions while demanding a “ransom” in exchange for restoring them). In reality, the threat with which those who use the Internet for personal purposes are most familiar is likely the leakage of personal information. In October 2018 it was revealed that the names and contact details of 29 million Facebook users had been compromised by hackers. Google also announced that the personal information of as many as 500,000 users of its Google Plus platform had been compromised.

“Leaks of personal information will always happen,” admits Sugiura. “The moment you enter your personal details onto a website, you’re entrusting your personal data to that site, and therefore creating a risk that it will be leaked. If anything, you should assume that it will be.”

Featuring heavily in recent attacks against individuals are fake emails that claim to be from companies like Apple, Amazon, Rakuten, or a major bank. “These emails aim to steal IDs and passwords by having the victim click on links or attachments. Other messages encourage prospective victims to sign up on websites. The emails might appear authentic, but the real Apple doesn’t use official email accounts to ask for IDs or passwords,” Sugiura warns.

“Those who use the same combination of email address and password on multiple sites are also vulnerable to being hacked. Many readers are probably in this situation! If hacked, this means you’ll be compromised on multiple sites.”

Many net users, of course, rely on the same password for everything, due to the bother of keeping track of multiple passwords. “That’s a risky practice,” Sugiura warns. “If you’re using the same passwords and IDs for your online banking and credit cards as well, a thief could withdraw money from your account or use your credit card. Your backup data and the data in your Keychain—a digital repository for your IDs and passwords—may be stolen. Some criminals even hack into Amazon accounts with the sole purpose of writing product reviews: improving the reviews of specific products is big business.”

Most importantly, cautions Sugiura, people must never let their email accounts be hijacked. “A hacker who gains access to your email account is free to reset the passwords for the websites where you use that address, and thereby free to access those websites as you.

“That said, if your email account is hijacked, you shouldn’t panic and delete it either, as you will then have the additional hassle of not being able to use your own email. Rather, you should immediately change your password and the passwords you have registered on the sites you’re signed up on.”

(Originally published in Japanese on January 22, 2019. Reporting and text by Shibui Tetsuya; editing by Power News. Banner photo © Graphs/Pixta.)