Getting hot hOT HOT!

The security scene in Japan has definitely improved in the last year and people are surprised about how many security "study gatherings" there are around the country now. (Although still the hacking scene is still probably lamer than the hacking scene was back in 98' in the U.S.)
I have been going to security conferences here for the past couple years and besides the international conferences (BlackHat Japan, Pac Sec, etc...), all of the conferences I have been to are elderly manager types in suits that want to get in on this security thing but can only see a strange black box and have little idea what's inside. Little to no technical goodies.

Last weekend was the first Japanese security gathering that I thought was interesting. A couple semi-famous Japanese hackers bullet trained down from Tokyo to host the gathering. There were about 50 people that half came from very distant places just for the event. We just went over some of last year's Defcon CTF problems that was mixed with some original problems. It was only from 13:00-17:00 or so, so it is hard to really learn alot in that short of a time. But I did find it somewhat interesting.

There is finally a small group of semi?-talented hackers here that have finally decided to get serious about hacking. They are extremely determined to make it into this year's Defcon CTF.

I find it funny that probably the biggest motivation for this is not for self improvement or for purely the love of hacking, but to not loose to South Korea!
In recent years, South Korean hackers have gained some "skillz" and the two teams apparently did quite well in last year's defcon. They even have a CTF in Korea, "CodeGate", with probably the largest monetary award for the winners for a CTF that I have seen. (As you can see, Japan is not doing well compared to others...)

So I forget who were the Korean hackers and what exactly they did but I guess there were some Korean hackers that while flaunting their l33t haXin skillz, they were wearing this shirt or something to that effect...
For those of you who do not know, Dokdo is the name of an island that is almost equidistant between South Korean and Japan which both countries claim as their own territory. This was big in the news a couple months ago when many South Koreans got super pissed off after Japan wrote in their textbooks that this small useless island where only Koreans live was actually part of Japan.

So it is the classic "Hacker Ego" scenario. Someone angers your ego by saying they are smarter than you so you devote all of your time just to try to prove that you are actually better/smarter than them.

Well, whatever gets the fire burning I guess.....


Fighting Flames with Fire

This is somewhat old news, but last month (Feb 6th), 19 individuals were referred to prosecutors (criminally charged without being physically arrested) for posting death threats and false allegations to a comedian, Smiley Kikuchi's blog. Smiley Kikuchi is a minor comedian who has had false allegations (defamation) written about him for the past decade that claims he was involved in a murder case back in 1989. His talent agency was forced in the past to shut down a forum due to the flood of misplaced malice directed toward him.

Kikuchi was mistakenly accused of being one of the murderers due to being a similar age to the criminals (born in 1972) and hailing from the slummy areas of Adachi-ku where the crime happened. According to Smiley himself, the rumors showed up verbatim in a “taboos of the entertainment industry” book, which his tormentors then used to back up their claims. It did not help Kikuchi that he has based his whole comedy career on being a jerk. His own boss describes him as “a suspicious person you’ll never forget once you’ve seen him,” and Wikipedia summarizes his comedic style as “getting laughs by saying mean things with a big smile on his face.” Not exactly a charmer.

Now after setting up a new blog with Ameblo earlier last year, Kikuchi enabled comments between January and April, using a system specially designed for celebrity bloggers. All comments appeared immediately on the site but were then subjected to moderation, usually resulting in harmful comments being deleted after 15 minutes. During this time Kikuchi was apparently still inundated with the age-old accusations in the comments section, until he finally suspended blogging in May (it is back up now). Though Ameblo initiated a pre-clearance moderation system in May, Kikuchi has explained that he filed a complaint with the police after he started receiving threats offline and began fearing for his life.

The police then traced back and filed criminal charges against 19 people all throughout Japan ranging from a 17 year old girl to a 45 year old guy. Perhaps maybe because in Japan people can not say what they truly want or criticize others in person due to social pressures, they go crazy when they find an assumed anonymous medium such as the Internet. (Although it is just my gut feeling, it seems that I see a lot of unnecessarily mean comments on Japanese forums which I recall seeing a lot of in the past in the states, while I am starting to see less and less of unnecessarily mean comments with more respectful ones in the U.S. Perhaps it is because after years of receiving and seeing these ugly negative comments people are finally realizing that that is not nice and it is better to be polite and respectful even if you will never meet them in person and they probably won't be able to track you down and physically harm you even if you talk bad about them... I could be wrong though...There is still too much negativity and ignorance out there...(I admit I too have foolishly fell victim to writing negative things in which I highly regret later on...)

Anyways, I do not think there has been any other cases where people have been arrested for merely flaming a person? This certainly would never happen in the U.S. Please let me know if you know of any related cases though.

I do think people who make death threats on the Internet should be arrested. That's just not cool, right? I think if you have a problem with people flaming or trying to defame you publicly, you should just moderate your posts before they go public. And if you get negativity privately, just delete the email, pray to Buddha that that person will realize their foolish ways and better themselves, and forget about it is probably the best action.
The problem with people making death threats on the Internet is that they can be anonymous and you never know if they are telling the truth. There have been several new agencies created to monitor the Internet for these threats after the big incident were one crazy guy ran a truck into some people and then went on a stabbing spree killing 7 people in Tokyo's famous electric town, Akiharaba. He was ranting on online forums that he was going to commit this horrendous killing spree in this exact fashion months prior, but no one took him seriously.

However, what do you do when the Yokozuna gets an anonymous death threat on the net? Do you stop the Sumo tournament for the day? or put everyone who comes in through metal detectors and piss off a few thousand people?

This is certainly not a simple problem to solve.

This is not that first time that Japanese celebrities have had trouble with defamation on their blogs, but is surely the most well known now as the media went crazy about this after people started getting semi-arrested.

Also, this is not just a problem for Japan. The other major incident was when Jin-sil Choi, Korea's top actress was found dead after she committed suicide. The reason was: depression from being flamed on the Internet.

While many people around the globe can just shake off negative criticism like its nothing, most people in countries like Japan and South Korea are EXTREMELY sensitive to what others say about them. Even myself... just living in Japan, I have completely changed changed from a "I don't care what others think! Whatever! I'll do what I want!" typical American to a "I have to focus all of my strength on making sure I do not make a single regret in anything I say or do publicly that could directly or indirectly risk anyone thinking badly about me" typical Japanese.

(Even Linus admits that the reason that not more Japanese people work on the Linux kernel is not because of language barriers but due to culture barriers of most Japanese not being able to put up with the "fairly abrasive and impolite" flaming that goes on in the mailing lists)

This huge culture difference will probably result in drastically different punishment and handling of online flaming in the future...



Jumping to Conclusions?

On Feb. 26th, Finjan, a secure web gateway vendor wrote on their blog that there is a possible "Sino-Japanese Cyber War" going on....

This is completely groundless and it seems that they just got caught up with the recent media headlines as calling everything a "cyber war between countries" or "cyber terrorists" is what all of the cool kids are doing these days.

They found out that two highly popular blogging sites in Japan, livedoor and yaplog, were hacked through a web application vulnerability and used to distribute malware that is downloaded from servers located in China.

Yea, I think I've heard this same story about 100 times for the past 2-3 years now.

They conclude the blog with:
"This Chinese attack is very popular and is known to infect hundreds of websites all over the world. However, we can’t ignore the fact that two very popular Japanese websites were infected in such a short period of time."

Well, I do not see any logical reasoning that just because the attackers and the victims happen to reside in countries that have had a certain history a long time ago means that this was a politically motivated attack. They were probably just looking for easy targets that gets lots of hits... And is really a Sino-Japanese War if the attacks are only happening from one side and it is nothing really out of the ordinary??

Now if they reported that this malware infected users creating a botnet which was then used to DDoS the Yasukuni Shrine website or if the Chinese hackers posted a message on the homepage or either site specifically stating "We are Chinese hackers, we hacked you because we dislike what Japan is doing, etc...", like some Chinese hackers have done in the past, then maybe this might be interesting.

Even the consensus from the comments on slashdot.jp was "Yeah, whoever wrote this blog posting is an ignorant foreigner that doesn't understand the meaning of his words"(referring to the "Cyber Sino-Japanese War")

For more information about Chinese hackers, I highly recommend checking out The Dark Visitor.

Finjan MCRC Blog - Cyber Sino-Japanese War?


Japan and the iPhone

Although not related to security, it seems to be a hot topic these days so I figure I would throw in my two cents.

Last Friday, someone was spreading rumors that Japan hates the iPhone.

This was followed up a couple days latter with someone claiming that this was all a lie.

I mostly agree with the second article.

I think there is a big misconception outside of Japan regarding cellphones here. Yes, we all know that Japan is several years ahead of the rest of the world IN HARDWARE but it doesn't mean Japan has the best cellphones in the world. That is mainly because only fancy hardware does not make a good phone. You need both good hardware and good software. And by far, the iPhone has the best software available to a phone that I have seen. (Although Android is probably going to catch up or surpass it in the next couple years...) There is no other phone in Japan with as big of a screen, a full fledged web browser (although not perfect...), millions of apps to satisfy your every needs, etc... (although it would be much better if if was jailbroken by default).

Yes, the camera sucks compared to all of the cameras in phones here, but when I ask my friends about it they say it is not a big factor in determining a phone. No, you can not charge money on it, or watch TV like with some local cellphones but people who actually use those functions are still an extreme minority.

I have only seen one DoCoMo P905i in real life that the first article claims that that is what everyone in Japan wants, and the person who owned it was American! And he does not even use any of the special features! It is completely false. That phone is way too expensive for anyone to buy here and just has extra fancy features that few would utilize.

To all of the friends here that I showed the iPhone to they are all very impressed and say they want one really bad.
The reaons why they do not buy one are:
1. No one I know has extra money to spend on a new cellphone even if it is only around $200. (Yes, the economy is bad and everyone is strapped for cash...big time...)
2. They can't change their carrier. The second article has some great insight in to why people do not like Soft Bank and would rather stick with their DoCoMo or AU.
3. They have no idea how to use it or what it is capable of.

Also, when the iPhone first came out, there was not very good marketing so no one knew what you could actually do with this phone. It got very bad reviews because the phone calls would drop, the browser would always crash, it didn't support emoji, etc...
Although all of these things have been fixed in the latest firmware, everyone still has the perception that this phone is nothing but problems.

Although it has emoji support now, it is still kind of lame and I can't put in as cool of images as my friends can do with their phones. Everyone I know is pretty crazy about having these cute little images in their text messages so this is actually still a big issue.
Also, typing on a touchscreen takes time getting used to and it is very difficult to do with one hand. This is also a big problem because most people do a lot of text messaging or fiddling with their phones on the trains where they need one hand to hold on to something so they only have one hand to manipulate their phone.

So Japan hates the iPhone as much as the U.S. hates Apple.
It is seen as a rich snobby person's toy that is impossible to use because they are not used to it.
It is the same reason why most of the world does not use OS X despite they it is a much superior operating system than Windows XP. They do not want the spend the time to learn a new OS, they do not want to pay for switching costs, there is a perception that all Macs require you to take out several loans in order to purchase, etc...

I do not want to make any specific predications of the future but I have a feeling that the iPhone will slowly but surely start replacing Japanese phones just like Macs are slowly but surely replacing people's PCs around the world.