The cybercrime challenge

The joint investigation team of the Metropolitan Police Department and the police of Kanagawa, Osaka and Mie prefectures on Feb. 10 arrested Mr. Yusuke Katayama, a 30-year-old man from Koto Ward, Tokyo, on suspicion of making anonymous online threats in 2012 by remotely manipulating other people’s personal computers.

Although a suspect has been arrested, the case poses serious questions for the nation’s police: Do they have sufficient capability to solve cybercrimes in general and can they carry out an investigation against the suspect in a fair manner?

In this case, the police first arrested four men. Although all four suspects were eventually released without being indicted, two of them made “confessions.” Considering that the men were innocent, this suggests that investigators used coercion or leading questions while interrogating them.

The mistaken arrests resulted from the fact that the police attached too much importance to IP addresses, which are identification numbers in networks, and failed to thoroughly examining the personal computers of the arrested four men. The suspect arrested on Feb. 10, Mr. Katayama, an employee of an information technology company, claims he is innocent. The police must now collect concrete evidence to build a case against him.

Since October, a person claiming to be the culprit in the case has sent email messages to mass media and a Tokyo lawyer, detailing about 13 cyberthreats. In the most recent message on Jan. 5, recipients were challenged to locate a memory chip on the collar of a cat on Enoshima Island, a popular tourist spot near Kamakura, Kanagawa Prefecture. That day, the police located a cat on the island with a micro SD card attached to its collar. The card, it was discovered, contained a source code that serves as a blueprint for the remote access trojan virus “iesys. exe.”

Attention must be paid to the fact that it was not an examination of personal computers or a cyberspace investigation that led to Mr. Katamaya’s arrest, however. That came about thanks to an investigation of security camera footage near where the cat was found. The footage showed a man who appears to be Mr. Katayama approaching the cat. A mobile phone used by him earlier contained a photo of the cat with the collar plus news related to the computer manipulation case.

Clearly the police need to take concrete steps to strengthen their capability to investigate cybercrimes. They need to recruit experts from the private sector to improve their ability to analyze malicious programs as well as to increase their cooperation with experts working in the private sector.

Because cybercrimes often know no borders, the police must enhance their ability to conduct joint investigations involving police departments in multiple prefectures. In the case in question, the culprit reportedly used servers abroad to hide the original source of the remote access trojan virus. Therefore Japan’s police must also deepen their cooperation with foreign law enforcements agencies.