Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Whitepapers

Gift Cards Preferred Payment Method in Japanese Underground

A report published on Tuesday by Trend Micro provides a detailed view of Japan’s cybercriminal underground which, despite being in its infancy, has all the elements needed to thrive.

A report published on Tuesday by Trend Micro provides a detailed view of Japan’s cybercriminal underground which, despite being in its infancy, has all the elements needed to thrive.

Japanese individuals and organizations have often been targeted by both APT actors and profit-driven cybercriminals. While some of these threats have been traced to other countries, Japan has its own share of malicious actors and many of them are after more than just playing cat and mouse games with law enforcement.

The country’s National Police Agency reported earlier this year that queries about cybercrime cases increased by nearly 40 percent compared to the previous year, with online fraudsters causing losses estimated at millions of dollars.

While not as well developed as the cybercriminal underground in Russia and China, the Japanese scene is evolving and there is increasing interest in the use of various tools and malware development.

According to researchers, forums and bulletin board systems play an important role on the Japanese underground as they allow cybercriminals to shop for products and services, and exchange messages with others while maintaining their anonymity.

These websites, which are often gated and screen their members, rely on Tor and I2P to protect their operations. Users who sign up often use a secret language when selling illegal goods and services to mask the real object of their transactions.

As for payment, Japanese underground players prefer gift cards, including PlayStation Store cash cards and Amazon gift cards, over Bitcoin, WebMoney and other payment methods that are popular in other countries.

An analysis of the Japanese market offerings revealed some interesting aspects. For instance, the average value of a stolen Japanese credit card verified by Visa was $60, much more than UK and US cards which cost only $7-8.

Advertisement. Scroll to continue reading.

Credentials for PayPal and SSH accounts cost roughly the same as in other countries, approximately $1-2 per record.

It’s also worth noting that the fake passports sold by Japanese cybercriminals are far cheaper than the ones sold by others. For example, a US passport, which can cost as much as $5,900 when purchased from other sources, can be obtained on the Japanese market for just $1,000.

Trend Micro pointed out in its report that the Japanese underground veers away from malware creation, mainly due to strict legislation and lack of technical know-how, and instead cybercriminals prefer to acquire tools from foreign peers.

“Although our observations reveal that Japanese cybercriminals lack the technical know-how needed for malware creation, the interest is there, as evidenced by exchanges on how to monetize malware tools purchased from other regional underground markets,” Trend Micro wrote in its report. “Once enterprising individuals discover the feasibility of making money using hacking or malware, we may see more locally produced hacking tools and tips on Japanese underground sites.”

The complete report, titled “The Japanese Underground,” is available for download in PDF format from Trend Micro.

Related Reading: Japan Sees 25 billion Cyberattacks in 2014

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

As the year comes to a close, we thought it would be appropriate to highlight some of the best stories and columns for 2010....

Cybercrime

Verizon this week published its 2020 Data Breach Investigation Report (DBIR). The report is based on insights from thousands of incidents and it’s more...

Application Security

If Patch Tuesday is a party, this would be the IT security version of pre-gaming.On Aug. 9, Microsoft accidentally released information on the five...

Application Security

Hackers breached the systems of anti-adblocking solutions provider PageFair and used the access to deliver malware via the publishers that rely on the company’s...

Whitepapers

Symantec has published a new whitepaper detailing the activities of a threat group dubbed by the security firm “Waterbug.”

Application Security

Protests against Apple and Foxconn due to furor over reports about working conditions have gone digital.

Whitepapers

A new report from FireEye details the activities of a threat actor whose mission has been to gather valuable information on individuals and organizations...