Embed Size (px)
Citation preview
AVAR2004AVAR200425-26 November 2004 in Tokyo, Japan25-26 November 2004 in Tokyo, Japan
Computer Secutiry Situation in Japan (Report from National Police Agency Japan)
Takashi Garcia SATOTakashi Garcia SATO Assistant Director, Superintendent, Cybercrime Division
National Police Agency, [email protected]
ContentContent
1. Trend in Internet Usage in Japan2. Countermeasures by Police
i. Organizationii. Investigation – Statisticsiii. Cooperation with Industrial Circlesiv. Improvement of Public Awarenessv. International Cooperation
3. Legal System against Cybercrimei. Basic Laws
ii. Recent Progress of Laws
1. Trends in Internet Usage in Japan1. Trends in Internet Usage in Japan
Estimated 77.30 millions (2003).
Population of Japan:
127.4 millions (2003)
→60.6% of Population is using internet in Japan.
0
10
20
30
40
50
60
70
80Millions
'97 '98 '99 '00 '01 '02 '03
2. Countermeasures by Police2. Countermeasures by Police i.i. OrganizationOrganization
National Police Agency Coordinates/Advises Local Police
Cybercrime DivisionProvides Technical Assistance
High-Tech Crime Technology Division
47 Prefectural Police (Local Police)– Task Force against Cybercrime– Agents with High-tech– Information Security Advisors
47 Prefectural PoliceNPA
-Task Force against Cybercrime-Hiring Agents with High-tech-Equipments for Cybercrime Investigation (ex. High Efficiency Computer)-Information Security Advisor
High-Tech Crime
Technology Division
Technical Assistance
Liaison & Coordination,Advice
Cybercrime Division
• Technology Center• Cyber Terrorism Technology Center (Cyber Force Center)• Cyber Force
-Investigate Cybercrime
-Counter Cyber Terrorism
-Cooperate with Industrial Circles
-Raise Public Awareness about Information Security
-Train Police Personnels
-Keep the IT Society Safe and Secure
Organization against CybercrimeOrganization against Cybercrime
Established in April 2004 Approximately 20 personnel Duties
– Coordinates/Advises Local Police about investigations– Raises public awareness about Information Security– Plays a role as contact point of international cooperation– Makes IT security policies and drafts of new or revised law
Cybercrime Division, NPACybercrime Division, NPA
ii.ii. Investgation - StatistictsInvestgation - StatistictsArrest Rate for CybercrimeArrest Rate for Cybercrime
8021209
14711649
30
44
55
63
10567
67
145
0200400600800
1000
12001400160018002000
2000 2001 2002 2003
Violation of the Unauthorized Computer Access LawCrime against Computer/ DateInternet Crime
913
1339
1606
1849
Analysis of Arrest Rate for CybercrimeAnalysis of Arrest Rate for Cybercrime
67 67 105 145 40+
44 63 30 55 25+
Computer Fraud 33 48 18 34 16+
Illegal production/ Destruction ofelectro- magnetic data 9 11 8 12 4+
Obstruction of business bydestroying computer
2 4 4 9 5+
178+
Child Prostitution 8 117 268 269 1+
Child Pornography 113 128 140 102 38-
Fraud 306 485 514 521 7+
Distribution of Obscene Object 154 103 109 113 4+
Violation of juvenile protectionordinance
2 10 70 120 50+
Intimidation 17 40 33 38 5+
Infringement of Copyright 80 86 66 87 21+
Defamation 30 42 27 46 19+
Others 92 198 244 353 109+
243+
37-
2002 2003
121
2000
245
2001
408
Total
Crime against Computer/ Data
Internet Crime
Unauthorized Computer Access
371
913
1,209 1,471 1,649802
1,339 1,606 1,849
Example of Specific Cases (1)Example of Specific Cases (1)
Unauthorized Computer Access– Criminal stole other persons’ ID and password, illegally
accessed to the Internet auction site and put fake goods in the auction. 31 victims paid about 4 millions yen to his fake name banking account. (unauthorized computer access, fraud etc., 2004 February, Saitama, Yamagata, Ibaragi, Kyoto and Okayama)
Crime against Computer / Data– Criminal deleted hospital’s data such as 500 patients’ name,
address and disease name and obstructed business of the hospital because he received a caution in the hospital and got angry. (obstruction of business by destroying a computer etc. 2004 March, Hyogo)
Example of Specific Cases (2)Example of Specific Cases (2) Internet Crime
– Criminal found the message from junior high school girl in dating service site for mobile phone. He contacted the girl through the internet and promised to pay 30000 yen to her for child prostitution. (Violation of Child Pornography and Prostitution Law, 2004 February, Hiroshima)
– Criminal put the message of sale of game software on the internet bbs. He sold copied CD-Rs of game software to 29 persons without permission of the copyright holder. (Violation of Copyright Law, 2004 March, Aomori )
– Criminal put the message such as “I will go to XXX post office for robber on next Sunday. Can you stop it?” on the internet bbs and threaten the post office. (Intimidation, 2004 May, Gunma)
Cases Consulted with PoliceCases Consulted with Police People can consult with the police on cyber crimes and other network-related
incidents. – 11,135 cases in 2000– 17,277 cases in 2001– 19,329 cases in 2002– 41,754 cases in 2003
Breakdown of 41,754 in 2003– 20,738 Fraud & Sharp Business – 5,999 Internet Auctions– 4,225 Illegal & Harmful Contents– 2,619 Defamation– 2,329 Spam E-mails– 1,147 Unauthorized Computer Access and Virus – 4,697 Others
Examples of Cases consulted with PoliceExamples of Cases consulted with Police
Fraud & Sharp Business– Someone sent email which says that he is a creditor and
strongly demands the charge for accessing pay internet site. (In general those who receive those emails have no access to this kind of pay internet site. But it becomes big profit if one out of hundred persons pays to him!)
Internet Auctions– The winner of a bid for some goods in internet auction sent
money to get the goods. But he/she received no goods and lost contact with the owner of the goods.
(Sometimes the information of contact to the owner of goods is fake.)
iii. Cooperation with Industrial Circlesiii. Cooperation with Industrial Circles
Comprehensive Security Meeting (NPA)– composed with various experts about IT from private
sector– discuss policy of cooperation between industrial circles
and police
Connection Conferences with ISP (each prefecture)– composed with ISP, police and prefecture– exchange information about cyber crime
iv. Improvement of Public Awareness (1) iv. Improvement of Public Awareness (1) Home page of counter-cybercrime of the National Police
Agency ( http://www.npa.go.jp/cyber/ )– Policies for information security– Contact information for Prefectural Police in case of cybercrime– Statistics of cybercrime etc.
iv. Improvement of Public Awareness (2) iv. Improvement of Public Awareness (2) Home page of @police (security portal site of the National
Police Agency) ( http://www.cyberpolice.go.jp/ )– Prompt and accurate information in case of emergency – Internet Activities Monitored (every 15 minutes’ renewal )– Technical Advices for Internet Users– News of Security Trends in the world
National Police Agency ・ Analysis of Criminal Cases and Consultations・ Making Policies to Raise Public Awareness on IT Security
Information Security Advisor
Liaison & Coordination
Companies
Entities Concerned
CitizenPublic Relations, Education, Consultation, Advice
Connection Conferences with ISP
Assistance Based on Unauthorized Computer Access Law
Public RelationsEducationConsultationLiaison &
CoordinationExchange of ideas
Prefectural Police(Local Police)
iviv.. Improvement of Public Awareness (3) Improvement of Public Awareness (3)
Cooperation
v. International Cooperationv. International Cooperation
G8 Lyon/Rome Group– “High-Tech Crime Sub Group”– Daily Cooperation through the “24-Hour Contacts for
International High-Tech Crime” ICPO
– Daily Cooperation among each state’s police through the ICPO
– “Asia-South Pacific Working Party on IT Crime” APEC Council of Europe
3. Legal System against Cybercrime3. Legal System against Cybercrimei. Basic Lawsi. Basic Laws
Unauthorized Computer Access Law (legislated in 1999)
Penal Code Law for Punishing Acts Related to Child Prostitution
and Child Pornography (legislated in 1999)
Other domestic criminal laws (e.g. drug, firearms, copyright protection and so on)
Prohibition of unauthorized computer access and penal provisions (Article 3 and 8)
Prohibition of facilitation of unauthorizedcomputer access and penal provisions (Article 4 and 9)
Prohibition of unauthorized computer access
Less than 1 year in prisonor a fine less than 500,000 yen
Fine less than 300,000 yen
Protective measures by access administrators(Article 5)
○ Secure maintenance of ID codes ○ Upgrading the access control function
Assistance by Prefectural Public Safety Commissions (Article 6)
○ Emergency response to attacking incidents
Sharing information with National Public Safety Commission, Minister of Economy,Trade and Industry and Minister of Public Management, Home Affairs,Posts and Telecommunications (Article 7)○ Publication of the status of unauthorized computer access○ Publication of the research and development ofsecurity technology○ Public relation and education
Protective measures
Sound growth of advanced information-communication society
Prevention of high-tech crime/ maintenance of the order of electrical communication
Unauthorized Computer Access LawUnauthorized Computer Access Law
Penal Code – provisions relating to CyberPenal Code – provisions relating to Cybercrimecrime
Illegal production and use of an electromagnetic record (Art.161bis) - less than 10 years in prison or fine less than one million yen
Illegal production and use of an electromagnetic record on payment card (Art. 163bis) - less than 10 years in prison or fine less than one million yen
Interference with business transaction by computer system (Art. 234bis) - less than 5 years in prison or fine less than one million yen
Computer Fraud (Art. 246bis) - less than 10 years in prison
Destruction of official or private electromagnetic record (Art. 258 - 259) - less than 7 years in prison
Law against Child Prostitution and Child Law against Child Prostitution and Child PornographyPornography
Prohibition of child prostitution and invitation of child prostitution (Art.4 - 6) - less than 7 years in prison and/or fine less than 10 million yen
Prohibition of production and distribution of child pornography (Art.7) - less than 5 years in prison and/or fine less than 5 million yen
Prohibition of dealing (selling and buying) of children under the purpose of child prostitution or child pornography (Art.8) – 1-10 years or more than 2 years in prison
Children under 18 years old are protected by this law.
ii. Recent Progress of Lawsii. Recent Progress of LawsRecent problems about Information SecurityRecent problems about Information Security
Computer Virus (e.g. MS Blaster) Websites often used by criminals (e.g. internet aucti
on site, date servicing site) P2P tool (file exchange software) (e.g. Winny or Wi
nMX) Leakage of digital personal information from big
companies Anonymous environment (e.g. internet café, wireless
LAN, …)
Recent Progress on Legal SystemRecent Progress on Legal System
Submission of revision of Penal Code, Criminal Procedural Law and so on, to Diet, to join the Convention of Cybercrime
Secondhand Dealers Law (come into effect from September 2003)
Law on Control of Dating Service on the Internet (come into effect from September 2003)
Convention on Cybercrime (1)Convention on Cybercrime (1)
Substantive Criminal Law– Illegal Access – Illegal Interception– Data Interference– System Interference– Misuse of Devices (Computer Viruses)– Forgery and Fraud– Child Pornography– Infringements of Copyright
Procedural Law– Expedited Preservation of Stored Computer Data– Production Order– Search and Seizure of Stored Computer Data– Real-Time Collection of Computer Data
International Co-operation– Extradition– Mutual Assistance
http://conventions.coe.int
Convention on Cybercrime (2)Convention on Cybercrime (2)
Revision of Penal Code, Criminal Procedural Law Revision of Penal Code, Criminal Procedural Law
and so onand so on
Penal Code – Production and Distribution of Computer Virus
Criminal Procedural Law– Seizure of Digital Evidence from Remote Computer– Request of Cooperation (to those who receive seizure)– Request of Preservation (from police) (maximum 90
days) Unauthorized Computer Access Law
– expansion of criminal jurisdiction to outside Japan
Secondhand Dealers LawSecondhand Dealers Law
Target: – Secondhand Dealers using the technology of
information and telecommunication (mainly internet auction dealers)
Content: – Dealers have to submit documents to local Public
Safety Commission (local Police) when they want to start internet auction which may deal with secondhand goods.
– Dealers have to report to Police when the goods on the internet auction have possibility of stolen goods.
– Police can issue stop order when the goods on the internet auction have big possibility of stolen goods.
Law on Control of Dating Service on the InternetLaw on Control of Dating Service on the Internet
Target: – Dating Service Providers, Users of Dating Service
Content: – Prohibition of invitation to make sexual intercourse or
invitation to do pay dating service with children (under 18 years old), using dating service on the internet (to children or from children)
– Dating Service Providers must take measures to prevent children from using dating service on the internet, in view of the damages of children by crimes resulting from dating service on the internet.
Thank you very much !!!
Takashi Garcia SATOTakashi Garcia SATO Assistant Director, Superintendent, Cybercrime Division
National Police Agency, [email protected]
