The World Cup wrapped up last week, drawing to a close both global attention and cybercrime activity associated with the international soccer tournament. Though protests via DDoS attacks and data breaches certainly plagued the event, it was carried off without major hitches. As the World Cup winds down and Brazil prepares for its Olympics, the eyes of sports fans and cybersecurity experts alike turn to another upcoming international sporting event, the 2020 Olympic Games to be held in Tokyo.
Japan, known for being ahead of the technological curve, is already in the throes of preparation for the prestigious event. Despite its technological expertise, Japan is not necessarily on the cutting edge of cybersecurity. A recent flurry of incidents in Japan have shown this -- from the circulation of banking malware to open statements by the Government. Will Japan be prepared for the cybersecurity risks that come along with large international events like the Olympics?
Japan Hit Hard in 2014
So far this year, Japan has seen quite a few cyber-attacks. The banking sector in particular has suffered at the hands of a financial malware that circulated the country. The malware family VAWTRAK, which took advantage of a Microsoft vulnerability to block anti-virus software, spread across Japan earlier this year.
Between that malware, ZeuS, and others, huge financial losses were reported in Japan. The Japanese National Police Agency reported 1.417 billion yen were stolen via financial malware between January and May this year. That is more than was lost in the whole of 2013.
Similarly, The Japanese Bankers Association reported 21 individual cases of banking malware in the first quarter of 2014. There were a total of 14 in 2013. Trend Micro Labs reported that Japan was the second most affected by financial malware in the first quarter of 2014, surpassed only by the US.
Another malware was recently discovered in some of Japan’s most popular pornographic websites. The malware exploits a Java vulnerability in order to steal personal and banking information. A variety of this malware has also been adapted for form-grabbing, which allows hackers access to all data entered into forms on infected computers. This malware has been discovered on 87 websites thus far.
Mt. Gox Fiasco
Amid the banking malware came the collapse of Mt. Gox, one of the most important Bitcoin trading platforms, which was based in Japan. Mt. Gox announced its bankruptcy after it had lost over half a billion dollars worth of Bitcoins due to hacking.
This has led the Japanese government to consider regulation of the crypto-currency, considering the huge financial loss caused by the bankruptcy of Mt. Gox. In an attempt to save Bitcoin in Japan, a sino-american partnership is hoping to buy up what is left of Mt. Gox. Regardless, the damage is done, and the money lost.
Preparation for 2020
Cognisant of the impending cybercrime influx, Tokyo is already preparing cybersecurity for the Olympic Games. It has been reported that the London Olympics website was attacked over 200 million times. The Japanese government has already made moves to improve its cybersecurity. A cybersecurity policy council is to be set up next year in the lead-up to the games.
Japanese government officials have admitted that Japan lacks in the domain of cybersecurity. However, concrete preparations have already begun. In March of this year, the Japanese government held a cybersecurity drill in many of its agencies. White-hat hackers were hired to attempt to penetrate the government’s networks.
The responsibility of cybersecurity is held by four agencies, including the National Police Agency. Tokyo has also stated it will increase cooperation and coordination between these agencies in order to improve security over-all.
In May, Japanese Prime Minister Shinzo Abe met with EU leaders to discuss a potential cybersecurity partnership, among other things. Dialogue between the two would certainly aid Japan in preparation for the Olympics. An agreement was reached, aiming to facilitate exchange of expertise and knowledge of cybersecurity practices.
Private Efforts
As previously noted by HackSurfer, DDoS (Distributed Denial of Service) attacks are the primary problems with which international sporting events must struggle. HackSurfer had the opportunity to speak with one of the largest Japanese ISPs, Sakura Internet, which has developed a way of dealing with such attacks quickly and effectively.
They are using big data in order to filter out malicious traffic in real time. Their servers send sample traffic to their databases, which profiles the traffic and is able to distinguish the malicious from the legitimate. They are essentially able to stop many DDoS attacks in their tracks. In April of this year, they were able to mitigate 40 of 60 attacks, quickly restoring service to the victims.
DDoS attacks are frequently able to overwhelm servers before they are recognized as attacks. According to Tamihiro Yuzawa, network engineer at Sakura Internet, “In most cases, it takes less than 10 seconds for the attack traffic to grow over gigabits per second.” This solution is often able to neutralize a DDoS attack before it reaches such volumes. Some attacks have been stopped within 20 seconds.
Looking to 2020
Solutions like those developed by Sakura as well as other private sector efforts are certain to be in high demand when the Olympics finally make their way to Tokyo. It is clear Japan has a long way to go before it is ready to face the cybersecurity challenges of The Olympic Games. Its financial sector has been a major victim this year, and cybercrime is on the rise.
However, with six years to prepare, Japan has time to beef up security. With preparations already in full swing and a blossoming cybersecurity partnership with the EU, hopefully Japan will be up to the challenge.