Pierluigi Paganini March 26, 2016

Japan – The police has found on a server of a company more than 18 million login credentials, 90% of which belongs to customers of Yahoo Japan.

The Japanese newspaper The Yomiuri Shimbun reported that the Tokyo’s Metropolitan Police Department has arrested the president and a number of employees at the Tokyo-based Nicchu Shinsei Corp in November.

The authorities have found on a server of the company more than 18 million login credentials, roughly 1.78 million belong to customers of Yahoo Japan (90 percent), Twitter, Facebook, e-commerce company Rakuten and other websites.

In response, Yahoo Japan confirmed to have reset the passwords of all the affected accounts. The investigators have also discovered on the server a hacking tool used to brute force the target accounts, they also confirmed that the company servers had also been used to conduct illegal money transfers.

Why did the Japanese company store the login credentials?

The Nicchu Shinsei Corp allegedly offered its services to Chinese hackers, it provided stolen credentials and proxy services. The hackers used the login credentials to invite users in visit fraud websites, and steal reward points earned by victims.

Unfortunately, this isn’t the first time that the Japanese Police discover million of login credentials belonging to Japanese netizens stored on a server. Last year, the law enforcement seized a server containing 8 million stolen credentials, also in that case hackers used the machine as a proxy.

The Japanese Criminal underground is a criminal online community that is growing in a significant way despite it has a still highly stealthy underground economy.

According to the Japan’s National Police Agency cybercriminal activities until March 2015 increased 40% over the previous year.  On June 2015, the Japan’s Pension Service suffered a significant data breach that exposed more than one million users’ records.

The researchers consider Japan cybercriminal rings still newbies, due to the nation’s strict criminal laws Japanese criminals don’t write malware due to due to the severe penalties against such activities.

The experts noticed that Japanese Cybercrime Underground is very active in the illegal buying and selling of counterfeit passports, drugs, weapons, stolen credit card data, phone number databases, hacking advice and child pornography.

Japan criminals are increasingly targeting bank customers with malware-based attack. In the last year several threats were detected by security firm targeting Japanese users, including Brolux, Rovnix, Neverquest, Tsukuba, and Shifu.

Other worrying phenomena that are threatening Japanese users are the APT groups, recently the critical infrastructure of the country have been targeted by threat actors behind the Operation Dust Storm, meanwhile, another hacker crew dubbed Blue Termite hacked hundreds of organizations in various industries.

Pierluigi Paganini

(Security Affairs – Japan, malware)