Japan’s Cybercriminals Take Payments in PlayStation Codes
A report from cybersecurity firm Trend Micro reveals that the cybercriminal underground in Japan is still only finding its feet despite its potential for tremendous havoc.
Japan may find itself at the crossroads. It faces a growing threat posed by its cybercriminal underground that is still finding its feet and less prolific compared to cybercriminals around the world. It’s a tricky challenge, as law enforcement might also be cornering Japan’s organized crime syndicates do not delve into the darknet to engage in cybercrime.
The entire report titled “The Japanese Underground” by Akira Urano can be found here. [PDF]
In a strikingly similar OPM-like breach, the Japan Pension Service was the target of a cyber attack where the personal data of more than a million people was exposed. Despite the disruption and obvious threat, the cybercriminal underground in Japan is still in its infancy.
The choice destination for hackers in Japan is bulletin board systems (BBS) which are infamous for the anonymity they provide. Bulletin boards are popular the world over now, and their history can be charted back to 1999, the year when the 2channel forum was established. 4chan and other message boards are directly influenced by the Japanese original.
These are deemed to be the breeding grounds for cybercrime in a country that showed a 40% increase in online crime cases in March 2015 from the previous year. The author of the report takes no hesitation to point out that such an increase is staggering when one considers Japan to have a high internet penetration rate at 86%.
When engaging in the illegal trade of goods and services, cybercriminals often use jargons or a secret language and tend to accept gift cards from Amazon or PlayStation Store codes for their deeds.
Additionally, BBSs use CAPTCHA codes as a security measure to only allow native speakers access the boards.
The Japanese Deep Web
The study also revealed several offerings in the Deep Web that included several URLs leading to The Onion Router (TOR) – and the Invisible Internet Project (I2P) websites. Altogether, the investigation covered a total of 2,224 underground URLs contained under 11 unique domains.
One of the websites, called “JPON EXTREME” offered entire databases of phone numbers that were offered for free to all its users.
Another site, the Orda Project served up stolen account credentials to its users. Confidential information such as credit card details, PayPal login credentials and Secure Shell (SSH) credentials were all up for sale.
A website called “FAKE PASSPORT.ONION” sold counterfeit passports for 12 countries including Japan.
The text within the website read:
“Our passports produced with high quality and no difference from the original documents. We accept all security features like special paper, watermarks, security threads, intaglio printing, microprinting, fluorescent dyes, color-changing ink, document number laser perforation, latent image, laser image perforation while producing passports.”
Other websites also served as platforms for child pornography, weapon depots selling guns and ammunitions to buyers worldwide and even a DDoS tool sold by a cybercriminal who seeks PlayStation Store cards as a payment.
The report concludes by noting:
Both law enforcement agencies and cybercriminals have yet to actively take advantage of this window of opportunity. Whoever does so first many gain an upper hand in the long run.
Featured image from Shutterstock. All other images from Trend Micro’s “The Japanese Underground.”