To expose cyber-attackers, Japan police need to cooperate on intelligence

The National Police Agency will reorganize its cybercrime forces next year in a bid to enhance capabilities to cope with ever more ingenious cyber-attacks.

What is tentatively being called a “cyber bureau” and a “cyber-investigation unit” will be set up to help the NPA identify and expose cyber-attackers.

It is vital, however, to beef up Japan’s cooperation with other countries regarding cyber-attacks and related matters.

Hindered by bureaucracy

“As the attacking methods using malware have proliferated, the situation surrounding cyberspace is extremely serious,” said Mitsuhiro Matsumoto, commissioner general of the NPA.

He could not hide his sense of crisis as he spoke during a press conference in June.

The NPA has five bureaus, including the Criminal Affairs Bureau and the Traffic Bureau. Under the changes planned, the agency will reorganize the Info-Communications Bureau to establish a cyber bureau next April.

To date, the Info-Communications Bureau has been in charge of making sophisticated analyses of cyber-attacks, while the Community Safety Bureau has dealt with illegal remittance cases via online banking, and the Security Bureau has handled cyber-attacks targeting government ministries and agencies.

The NPA has decided to have relevant tasks be intensively handled by the “cyber bureau” as the current bureaucratic sectionalism lengthens the time for relevant information to be shared among the bureaus concerned, hindering the task of dealing with cybercrimes.

The cyber-investigation unit will be made up of about 200 members and inaugurated as early as autumn next year. They will be tasked with investigating cases whose damage could spread nationwide, such as illicit bank account withdrawals made through an NTT Docomo online payment service, besides such cyber-attacks targeted at power stations and other key infrastructure and at advanced technologies.

For many postwar years, the NPA has been in charge of police administration, while the Tokyo metropolitan and other prefectural police have conducted investigations. The upcoming reorganization, under which the NPA will directly investigate cyber-attack cases, will signify a historic shift.

Offensive capabilities lacking

Lying behind the reorganization of the NPA is the reality that under the current system, whereby the Tokyo metropolitan and other prefectural police investigate such cases according to region, police have been unable to cope with cyber-attacks that would go across national borders.

On July 19, the U.S. government, joined by its allies such as Japan, Australia and the European Union, issued a statement calling out the People’s Republic of China by name over cyber-attacks:

“[T]he PRC has fostered an intelligence enterprise that includes contract hackers who also conduct unsanctioned cyber operations worldwide … hackers with a history of working for the PRC Ministry of State Security [China’s intelligence organization] have engaged in ransomware attacks, cyber enabled extortion, crypto-jacking, and rank theft from victims around the world.”

Regarding Russia, the U.S. Justice Department last October announced that it had indicted six members of Russia’s GRU military intelligence agency for having repeatedly conducting cyber-attacks on the 2018 Winter Olympics in Pyeongchang, South Korea, among other targets. The attacks were considered as Moscow’s retaliation against the ban on Russian athletes representing Russia in the 2018 Winter Games over the country’s systematic doping.

“As state-level cyber-attacks have increased, the necessity has grown for countries to cope with such cases on their own initiative,” said a senior NPA official.

Even if a cyber-investigation unit is created, hurdles remain extremely high for identifying and exposing cyber-attackers.

In countries in Europe and North America, investigative organizations can conduct such offensives as launching cyber-attacks against the offenders to shut down their computer systems. But in Japan, investigators are not authorized to take such actions. This is because there is a possibility that hacking into the computer system of others could violate the Constitution’s prohibition against “the secrecy of any means of communication be violated.”

To expand investigative authority, it is necessary to define concrete procedures for investigation by reviewing the Criminal Procedure Code, for instance. But relevant discussions have yet to progress.

The International Institute for Strategic Studies, a U.K. policy research organization, in June ranked Japan in the lowest of the three tiers of countries in terms of their assessed strengths regarding measures to deal with the security aspects of cyberspace, and noted that its offensive cyber capabilities “remain under-developed because of the constitutional and political constraints.”

Emotet takedown

Holding the key to such tasks in the future is the enhancement of Japan’s cooperation with other countries.

Eight countries of North America and Europe in January seized control of the Emotet malware that had raged worldwide since around 2014. The Dutch police hacked the offenders’ computer system and had their main servers shut down, while the Ukrainian police conducted searches at their house, the base for their operations, and exposed the two offenders.

Like Emotet, operational bases and servers used by cyber-attackers are dispersed in various parts of the world. Therefore, the cooperative investigation by multiple countries is becoming the tide of the times in the investigation of global cyber-attacks.

The NPA has cooperated in investigations with other countries to date. From now on, the agency intends to vigorously take part in international cases by supplying to other countries information such as results of analyses on traces of cyber-attacks and modi operandi of attackers found through its investigations.

“By teaming up with countries whose police have powerful investigative authority, the task of elucidating the real state of criminal organizations will make progress,” said Ko Shikata, a professor at Chuo University who was formerly a bureaucrat in police administration and is knowledgeable about measures to fight cyber offenses. “To protect Japan’s classified information and infrastructure, it is also necessary to push ahead with full-fledged discussions on expanding investigative authority.”