Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Crime Japan Security IT Your Rights Online

Japanese Man Arrested For Storing Malware 84

Posted by Soulskill from the intent-to-distribute dept.
Orome1 writes "38-year-old Yasuhiro Kawaguchi is the first person in Japan to get arrested for storing malware on his computer after the upper house's Judicial Affairs Committee has confirmed the new anti-malware law passed by the Japanese parliament. The law considers the creation, distribution and storage of malware a crime punishable with up to three years in prison and a fine that could reach the sum of 500,000 yen ($6,200)."
This discussion has been archived. No new comments can be posted.

Japanese Man Arrested For Storing Malware More

Japanese Man Arrested For Storing Malware

Comments Filter:

  • Symantec? McAfee? (Score:5, Insightful)

    by XanC ( 644172 ) on Monday July 25, 2011 @04:32PM (#36875328)

    Surely any "white hat" working against malware needs to store malware someplace, right? What a dumb law.

    • The article says the charge was "storing a computer virus without a legitimate reason". In this case, the suspect "told the MPD that he did it to punish people who use file-sharing software"; do you consider that "a legitimate reason"?

      • Re:From the article: "without a legitimate reason" (Score:5, Insightful)

        by gdshaw ( 1015745 ) on Monday July 25, 2011 @04:48PM (#36875538) Homepage

        The article says the charge was "storing a computer virus without a legitimate reason". In this case, the suspect "told the MPD that he did it to punish people who use file-sharing software"; do you consider that "a legitimate reason"?

        I can think of at least two organisations that might.

      • Yes.
        Information should not be illegal.
        I hate Malware as much as the next guy, but there are hundreds of ways they could have passed laws that would lead them to be able to arrest this guy without having to making certain types of code illegal.

    • not dumber than cyber-crime law in other countries [slashdot.org]. politicans don't understand the whole computer/network thing

      • Re:Symantec? McAfee? (Score:5, Insightful)

        by Opportunist ( 166417 ) on Monday July 25, 2011 @05:06PM (#36875730)

        The German law is even actually dumber.

        If I understood the Japanese law correctly, you'd have to have some kind of intent to use that malware to infect other computers to break it. So far, so good. Personally, I don't see anything wrong with that by itself, creating, storing or distributing malware with the intent to infect should be punishable. I wonder how they want to discriminate between intentional and accidental spreading (after all, it could well be that he himself downloaded that somewhere and didn't even know it's malware), but if they find a way to actually identify the intent of someone, that law could actually do much good.

        The German "anti-hacker law" cannot. There is simply no angle or way this could possibly have any beneficial effect. Basically, what the law says is that a "hacking tool" is illegal. There may be an exception for good reason, so far nobody tested it. I actually cannot remember a case where it was used. And it's sufficiently ambiguous that a hex editor could be subject to it or a firewall that lets you configure the packets it replies with. But let's stay with nmap, hping and all the other "hacking tools" for a moment. These are very well known and quite powerful tools to check the security of a network, so they can be used to find weaknesses in it, hence they're hacking tools.

        And auditing tools. Why? Because auditors use exactly the same tools for an obvious reason: Everything you can use to find weaknesses in a network to break into it can also be used to find weaknesses in a network to fix and seal them. Unfortunately, the law makes little difference in intent. Because not the use, but the possession, is already illegal. And when I own a rifle with a scope, it doesn't make any comment yet on whether I go on a killing spree with it or whether I'm a hunter.

        Now let's ponder for a moment who gives a shit about a law that makes those tools illegal: An auditor, whose job and pretty much his career hangs on his police record being spotless, or a criminal who plans to commit a crime much more serious than "possession of hacking tools".

        • Technically, though, having a virus-infected PC is both storing and distributing viruses....

          • But without intent. And someone who is clueless enough to collect active malware on his PC can credibly claim that there was no intention behind it.

            I dunno about your courts. Ours follow the logic of "don't assume malice if stupidity is enough of an explanation".

            • Re: (Score:2)

              by sjames ( 1099 )

              I don't know where you're from, but in the U.S. there are far too many DAs who will attempt to indict nearly anyone for nearly anything on the thinnest of pretexts and without regard for the clear intent of the law.

              • They usually get shot down quickly by our judges. I guess that's the result when you have a system where judges for superior courts are chosen by their peers instead of being appointed by an administration. They tend to follow the spirit of the law since they want to be considered for higher "honors" and it's general consensus amongst our judges that attorneys who try to bend, stretch or otherwise mutilate the law should be shown their limits.

                The drawback is that judges try to weasel out of controversial ca

        • If I understood the Japanese law correctly, you'd have to have some kind of intent to use that malware to infect other computers to break it. So far, so good. [..] The German "anti-hacker law" cannot. There is simply no angle or way this could possibly have any beneficial effect. Basically, what the law says is that a "hacking tool" is illegal.

          I don't know of any actual cases based on this *great* law but two criminal self-complaints - both were dismissed by the prosecutors. A constitutional complaint was not accepted because the law does not infringe any fundamental rights.

          both the Japanese and the German laws are stupid as it is impossible to enforce them with reasonable methods:

          * The literal application of the German one would forbade even "hacker tools" like telnet.
          * Japanese law enforcement agencies will have problems to distinguish between

          • I remember those two self-reports of two malware researchers, both having been dismissed by the courts (iirc, one didn't even get so far but was threatened to get smacked for contempt if he continues to persist... draw your own conclusions), so far no verdict has been issued on the matter.

            Personally, I think it's one of those "just to have something" laws. You know, the kind where you get a shady, not-quite-fully-in-sync-with-procedures warrant, crash into the home of the "pesky" individual, find nothing an

        • Re: (Score:2)

          by rtb61 ( 674572 )

          Here's a fine line, for a network or computer systems administrator a disk of the latest malware is highly appropriate as the only means of ensuring the quality of computer systems protection software us functioning properly ie you attempt to infect the system in a controlled fashion and check to see of the various protection system are functioning correctly. Via this method I at one stage was able to ascertain a configuration fault as the system was not updating remote units by reason of a simple referenc

          • Erh... no. Not necessarily. Having a trojan to test the security of a computer system is like having a single sample of e coli and using it to see whether a patient's immune system is up to speed. It works, but only if the patient just happens to be not immune. What if he is against this sample but not against the billion others?

            Also, given the heuristics getting better in contemporary malware scanners, you might be surprised how many they find even if the sig file they use never had any exposure to the cur

        • Re: (Score:2)

          by wrook ( 134116 )

          The Japanese legal system is complicated somewhat. It doesn't work the way many other legal systems work. The police have a fair number of freedoms when interrogating suspects, such that getting confessions is easier than it might otherwise be. So to prove intent is not so difficult if you can convince the suspect to confess (as seems to have been this case here).

          You might notice that I'm choosing my words carefully. Like I said, things in Japan are different. I'm not an expert on these matters, and th

          • I'd rather think that this has more to do with Japanese culture and the general "I vs. we" difference to Western cultures. I have noticed that the Japanese people I had to deal with put a lot of emphasis on the way they're being viewed and how they affect others, compared to people from Europe or the US who are far more egocentric and more concerned about their personal gain. That's not to say that Japanese are altruistic (far from it...), rather that they seem actually concerned how their actions affect ot

    • Re:Symantec? McAfee? (Score:4, Informative)

      by Derekloffin ( 741455 ) on Monday July 25, 2011 @04:38PM (#36875400)
      The summary is pretty poor (as usual). The article says 'The revised Penal Code, which was enforced July 14, bans storage of a computer virus for the purpose of infecting other computers.' I doubt Symantec or McAfee store for the purpose of infecting other computers.

      • Re: (Score:2)

        by Trepidity ( 597 )

        You could consider Symantec/McAfee a sort of disorder, which is tolerated or even sometimes selected for by its host because of the protection it confers against another pathogen. Sort of the sickle-cell anemia of the computer ecosystem. But probably not a "virus", so it depends on how specific that is...

        • Re: (Score:2, Funny)

          by Anonymous Coward

          it is some where alone the lines of breaking your own leg to prevent yourself from getting on a bike, because then you might have a nasty crash and hurt yourself

      • Re: (Score:3)

        by sconeu ( 64226 )

        I doubt Symantec or McAfee store for the purpose of infecting other computers.

        No, their regular products do that quite nicely, thank you.

      • Re: (Score:2)

        by isorox ( 205688 )

        The summary is pretty poor (as usual). The article says 'The revised Penal Code, which was enforced July 14, bans storage of a computer virus for the purpose of infecting other computers.' I doubt Symantec or McAfee store for the purpose of infecting other computers.

        Ask yourself this, who has the most to gain from the continued proliferation of malware?

        If malware ceased, virus companies would go under. I'm not specifically saying that Symantec et al write malware, but it is in their business interests to do so, or to encourage it's growth.

        • Re: (Score:1)

          by Desler ( 1608317 )

          Ask yourself this, who has the most to gain from the continued proliferation of malware?

          Spammers and criminals.

        • You are correct. It's been known for a long time, but it's a tough issue to deal with because: no antivirus program will catch everything, even the most robust that exists today, as there will be new things tomorrow. Etc etc.

          So beyond them trying to keep it above a level of "unreliable", there's a level of "keeping out malware" they will never successfully reach anyway.

        • Both McAfee and Symantec sell products other than antivirus, though... Kaspersky may suffer a little if viruses disappeared, as may AVG and Avast!, but McAfee and Norton wouldn't be hurt at all. Microsoft certainly wouldn't suffer if they had the opportunity to drop Defender... that one's a money pit for them, and their profits would actually go up.

          But as others have pointed out, criminal syndicates who use viruses either to collect credit card info, or to launch DoS attacks for the purposes of either keepi

    • Re: (Score:3)

      by dindi ( 78034 )

      I ran servers for years and years as a sysadmin, now I run/develop for servers. From time to time this and that gets hacked, most of the time it is just attempts that leave some binaries, sources here and there. I always keep these to see what they do, how they do it and as a reference to any in-the-future attempts to see if a name, email or something pops up again from an older attack. I keep logs, hacked files packaged and usually password protected.

      This law is stupid! I 100% agree. Even writing malware

    • Part of me wants to scream ABOUT TIME. I thought it was outrageous back in 2003 and 2004 when malware really began to infect dial up users within seconds and why no one would do anything about it? I mean what if someone tried to break into your home every 30 seconds? Or what if each time you stopped your car at a light people would dash towards your car trying every method to break in?

      Today it is a normal to shrug our shoulders while a single person has 675,000 credit card numbers and names.

      Yes, this law is

  • So, they effectively locked Microsoft out of Japan?

  • 2.5 years in prison for this? (Score:4, Interesting)

    by Baloroth ( 2370816 ) on Monday July 25, 2011 @04:41PM (#36875438)

    FTFA:

    Kawaguchi uploaded a file containing the virus, which was titled to suggest child pornography, to the Internet via the file-sharing software Share

    Well, normally I consider people who upload viruses via file-sharing software to be scum of the earth, but this guy seems like he was actually doing it for a moderately good cause. "Think of the children" is hella over used, malware is malware, and vigilante justice it questionable, but punishing this guy seems kinda weird, especially that strongly. Also, how the hell do they define "storing" malware? Technically, that could mean anyone infected is guilty, which is really scary.

    I'm sure it won't be abused, of course. /sarcasm

    • Edit: damnit, the 2.5 years appears to be for someone else. Oops.
    • The problem is that if you're uploading something to infect people, there's a risk, for one, that it'll get out of control; and for second, that you might interfere with law enforcement efforts. If I pulled the same stunt here, and infected an FBI system with my virus, then who wouldn't expect them to come rip me a new one? If they wanted honeytraps set they'd do it themselves and get the laws written for it, because, they can shout "THINK OF THE CHILDREN" and get the permission to do it in a second.

      This g

      • You're quite right. I posted in haste after only skimming TFA. Thought this guy got 2 and a half years for this, which seemed way too severe considering what he did. Wish Slashdot had a delete function. Turned out that was some other guy who actually made a fairly malicious virus. This guy should get a punishment, just not that bad. A hefty slap on the wrist, to discourage this kind of thing. To be followed shortly by a job offer, most likely. Still a little skeptical about how they can interpret "storing"

    • Where to draw the line? Let him go because he's trying to infect pedos, but impound the guy pretending to seed the latest blockbuster because he's "only" infecting copyright infringers? Or is that ok still (after all, they'd break the law, wouldn't they?) and we should only punish people that try to pretend seeding nude pics of their ex? Or is that still ok because it's "morally" wrong to show nude pics of people you don't like anymore?

      Who gets to draw the line?

    • Maybe his malware hit a police-sanctioned honey trap, impeding an actual investigation? There might be good reason for prosecuting him.

  • how will they differentiate between active distribution of malware and infected machines? if some agency identifies an IP address handing out virus they will send in a SWAT team to confiscate all computers to search for installed malware or how should this work?

  • Slightly better article here with some extra info:
    http://mdn.mainichi.jp/mdnnews/news/20110721p2a00m0na006000c.html [mainichi.jp]

    Just a personal opinion, Yomiuri is okay. But it's pretty close to sensationalist journalism without the meat. In the future people would be better off using well just about anything else.

  • A side effect of punishing researchers is that there will now be a deficit in that field for the next 10 years. In other words, Japan will be importing talent. Time to start learning Japanese :) Dewa, hajimemashou ka?
  • So if my grandma who doesn't know how to use a computer, clicks on and downloads Bonzai Buddy because a purple ape told her to, is she guilty?
  • What about 20% or so Windows PCs infected with malware? Does this law means their owners should be indicted immediately?

  • should have a bypass, such as a white hat or security company or employee studying it.....just like diseases for labs etc...

Slashdot Top Deals

One man's constant is another man's variable. -- A.J. Perlis

Close