Japan's cybercrime underground still in its infancy

Security firm Trend Micro has found the Japanese dark web is still in its infancy, with online message boards being used as learning tools for up-and-coming hackers.

The Japanese internet underground is still in its infancy and cybercriminals in the country are still learning how to use various tools of the trade, according to Trend Micro.

The Japanese Underground, Trend Micro's TrendLabs research paper [PDF], says the toolbox of choice for up-and-coming hackers is one of the many online message board platforms in the country that allows visitors to learn the tricks of the trade.

Such message boards, bulletin board systems (BBS), play a large role in the thriving Japanese cybercriminal underground economy, Trend Micro claims.

The community aspect of BBS was widely embraced in Japan, the report says, with the introduction of the 2channel forum in 1999. Apparently, its success in Japan influenced its US counterpart, 4chan.

2channel is best known for the anonymity that it offers to its large user base, reportedly giving users an outlet for "unrestrained, free expression, without worrying about being ostracised".

"Unfortunately, the anonymity that 2channel offers also makes it a suitable place for facilitating and committing cybercrime," the report paper adds.

As part of the study, Trend Micro says it penetrated what it called the deep web, and collected 2,224 underground Japanese URLs, under 11 unique domains.

One such site, "Ken-Mou wiki@Tor", contained links to bitcoin services and BBS tied to other pages with illicit content, which included information on child pornography and drugs. Not all of the 2,224 URLs, however, were explicitly related to cybercrime.

Among the offerings found in the Japanese underground were phone number databases; passports for 12 different countries for sale; and stolen account credentials such as various credit card, PayPal, and Secure Shell (SSH) account credentials, listed for a fee.

The Japanese underground market not only offers goods, but also hacking advice, the report says. Users can get tips on hacking enemies, extorting money using malware, and where to get the tools they would need.

"Japan's presence in the global cybercriminal underground, although still fairly small, is not negligible," the report says. "The way these boards are currently set up is reminiscent of Silk Road before it became a notorious marketplace."

Trend Micro did say, though, that Japanese cybercriminals lack the technical know-how needed for malware creation.

"The interest is there, as evidenced by exchanges on how to monetise malware tools purchased from other regional underground markets. Once enterprising individuals discover the feasibility of making money using hacking or malware, we may see more locally produced hacking tools and tips on Japanese underground sites."

Additionally, Trend Micro said Japan was the second most affected country by online banking malware in 2014, behind the United States.

The financial damage from illegal online bank transfers in Japan came to almost 2.91 billion yen in 2014; and in the first half of this year, banks in the country were hit with a total estimated online fraud damage bill of 1.54 billion yen.

Last month, IT security firm FireEye said that organisations in the Asia-Pacific (APAC) region were increasingly targeted by advanced persistent threats (APT) in the first half of 2015, with APT exposure growing rapidly in the region from well below average, to well above average.

In the Regional Advanced Threat Report: Asia Pacific 1H 2015, FireEye found that organisations in Southeast Asia are 45 percent more likely than the global average to be attacked.