The Osaka prefectural police arrested a man from Suita, Osaka Prefecture, on Aug. 26 and the Mie prefectural police arrested a man from Tsu, Mie Prefecture, on Sept. 14, both on suspicion of posting threatening announcements on the Internet that heinous crimes would take place. Subsequently the Osaka man was indicted. But the police released both men on Sept. 21 after it became clear that their personal computers were infected with a “remote access trojan” (RAT) virus that allowed an intruder to remotely manipulate them. In fact, a person sent e-mail to a Tokyo lawyer earlier this month, identifying himself as the “real perpetrator.”
During the investigation, the two men strongly denied their involvement. Clearly the Osaka and Mie prefectural police acted prematurely by arresting them before they had even conducted forensic examinations of their computers, but they still insist that they conducted their investigations properly. The police should apologize to the two men, humbly reflect on their conduct and make strenuous efforts to improve their cyber investigations. They cannot excuse themselves by simply stating that they were unaware of the virus infection of the two men’s computers. The prosecution should quickly drop the Osaka man’s indictment.
The Osaka man was arrested on suspicion of posting an announcement in the Osaka city government’s home page on July 29 that mass murder would take place on Ota Road in Osaka’s Nipponbashi district. On Aug. 1, an e-mail was sent to Japan Airlines saying that a bomb was implanted in a jetliner bound from Narita to New York, forcing the plane to return to Narita. By investigating IP addresses, the police concluded that the Osaka man posted the announcement on Osaka City’s website and arrested him. On Sept. 10, an announcement that the Ise Shrine would be bombed appeared on an Internet message board. The police arrested the Mie man on Sept. 14 and held him until Sept. 21 after belatedly discovering the RAT malware on his computer.
Only after receiving notification from the Mie prefectural police did the Osaka prefectural police thoroughly examine the Osaka man’s computer and find evidence of the malware. At that point they decided to release him. Had it not been for the notification from the Mie prefectural police, the Osaka man might have been found guilty in a trial. In his case, it is believed that the intruder erased the malware from his personal computer after posting the announcement in Osaka City’s website. It appears that the infections took place when the two men downloaded free software onto their computers. Both the Osaka and Mie prefectural police should have thoroughly examined the two men’s personal computers before arresting them.
Experts warn that RATs has been around for years, but the Osaka and Mie incidents are the first known examples of such malware being used for criminals purposes in Japan. The police must beef up their cyber-crime departments and improve their cooperation with private-sector specialists. And finally, the public can greatly aid efforts to combat these viruses by installing computer security software and only downloading from trusted websites.