Pro-Russia hackers claim to have temporarily brought down Japanese govt websites

From the Telegram messaging app
A still image of a video posted by a pro-Russia hacker group called Killnet

A pro-Russia hacker group has claimed to be involved in attacks on Japanese government and company websites.

Digital reform minister Taro Kono said Tuesday at a press conference that the trouble has been “highly likely caused by DDoS attacks.”

Distributed denial of service attacks involve the transmission of massive amounts of data to paralyze computer systems.

DDoS attacks are a popular means of cyber-attack. The Russian military paralyzed the Ukrainian Defense Ministry’s sites by flooding them with data, while the “IT Army” recruited by the Ukrainian government made a counterattack on a Russian stock exchange website.

A DDoS attack only temporarily paralyzes a target computer system. It does not steal data or render the data unusable. The reality is, however, that it is costly to build additional servers to withstand the massive amounts of data being sent, making it difficult to cope with these attacks.

On Sept. 7, the pro-Russia hacker group Killnet posted a video of a masked figure on the messaging app Telegram. Saying that Russia is not committing any crimes in Ukraine, the group claimed they were responsible for a series of system failures as a “declaration of war on the Japanese national government as a whole.”

When Kono was asked if he could confirm who the attacker was, he declined to say.

“Showing our hand would give the attacker an advantage,” he said.

The DDoS attack on the e-Gov website shut down the site around 4:30 p.m. on Sept. 6. It recovered once around 7:50 p.m. the same day, but became inaccessible again around noon on Sept. 7.

The e-Gov website allows users to request disclosure of administrative documents and provides information on laws and regulations. The site receives about 7.8 million hits a day. It was opened in fiscal 2001 as a general point of contact for electronic applications at ministries and agencies. When the Digital Agency was created, it took over the site’s management from the Internal Affairs and Communications Ministry.

The agency announced the full recovery of e-Gov on its official Twitter account around 6:30 a.m. on Sept. 9.

Between Sept. 6 and 9, the attacks made 23 government websites temporarily inaccessible. These sites belonged to the Digital Agency, the Internal Affairs and Communications Ministry, the Education, Culture, Sports, Science and Technology Ministry and the Imperial Household Agency.

The website of the Nagoya Port Authority, operator of one of the nation’s largest trading ports, was down for about 40 minutes after 10 p.m. on Sept. 6.

Some sites of credit card business JCB Co. were inaccessible, while websites of social media company mixi, Inc. were also hard to access.

The Digital Agency announced another system failure with the e-Gov website on Sept. 7 that was later found to have been a technical problem and had nothing to with a cyber-attack, Kono said Tuesday.

Rising trend since invasion

Killnet appears to be a hacktivist organization that uses cyber-attacks to support a political cause, according to Mihoko Matsubara, a cyber expert at NTT Corp. who analyzes trends in cyber-attacks.

DDoS attacks are a method hacktivists tend to use because they can easily see the damage of bringing a website down.

Killnet’s activities have been observed since earlier this year. In May it declared a “cyber war” on 10 nations, including the United States, United Kingdom, Germany and Italy. The following month, it claimed to have targeted more than 130 government entities in Lithuania, as well as airports and other facilities that use digital services.

“It is believed that Killnet has targeted Japan for the first time,” Matsubara said. “The activities of pro-Russia hacker groups have been intensifying and it is necessary to pay close attention to their future activities.”

Since Russia’s invasion of Ukraine, DDoS attacks have been on the rise worldwide. Since March, U.S. security firm Imperva Inc. has detected around 10,000 DDoS attacks per month at about 6,200 companies worldwide, twice to five times more than in previous months.