“Cyber-attacks” against the Japanese government and Japanese companies What is a “killnet”?

[NHK] A hacker group "KILLNET" that claims cyber attacks on the Japanese government and companies. On September 7th, "the entire government of Japan ...

KILLNET, a hacker group that claims to carry out cyberattacks against the Japanese government and companies.

On September 7, he also posted a video stating, "Declaring war on the entire Japanese government."

Since Russia's invasion of Ukraine, it is believed to have launched a series of cyberattacks against countries that support Ukraine.

NHK has continued its own coverage of "Kilnet".

Who are they?

(Cyber reporting team Yohei Fukuda)

What is a kilnet

Kilnet is a hacker group that supports the Russian government and is one of the "hacktivists" who work for the purpose of making a political statement.

Since Russia's invasion of Ukraine in February, cyberattacks are said to have targeted not only Ukraine but also countries supporting Ukraine.

He has opened a channel on SNS that anyone can see and posts his claims.

The channel currently has around 90,000 subscribers.

According to the interviews so far, the Kilnet organization existed before the invasion of Ukraine, but it is believed that the activities they are doing now began around the end of January or early February this year.

The main attack is a "DDoS attack" that sends a large amount of data to websites and servers to cause them to stop functioning.

Attacking Ukraine-supporting countries one after another

It has said it has attacked US airports and websites of government agencies in Italy and Lithuania that were allegedly involved in arms shipments to Ukraine.

Among them, it is reported that in May this year, during the European national song festival "Eurovision Song Contest", an attempt was made to attack a live distribution service.

The U.S. Department of Homeland Security has singled out the group, saying it poses a threat to critical infrastructure around the world.

First attack on Japan

On September 6th, Killnet launched a cyberattack on SNS on the administrative information portal site "e-Gov" operated by the Japanese government, the local tax portal system website "eLTAX", and credit card companies. posted a claim that

After that, the social network service "mixi", the website of the Nagoya Port Management Association, and the following day, the sites of Tokyo Metro and Osaka Metro were also targeted.

It has been confirmed that both sites have become difficult to access, but it is unclear whether they were actually caused by attacks, and the government and others are investigating the relationship.

On the 7th, he also posted a video with Japanese subtitles that said, "Declaration of war on the entire Japanese government."

Since then, he has maintained his attacking stance against Japan, claiming to attack bulletin board sites.

According to information security experts, Japan has never been the target of a killnet attack so far, and this is believed to be the first time.

Treadstone 71, an American information security company familiar with the trends of Killnet, said, "Japan's sanctions against Russia, resolutions condemning the UN's invasion of Ukraine, disputes over the Northern Territories and suspension of visa-free exchanges, Japan's Russian and Chinese military It is highly probable that the Kremlin's order to have its 'agent' = Kilnet attack Japan."

"The cord of patience has broken"

Who the hell is Kilnet?

NHK focused on the killnet while covering the "cyber warfare" related to the invasion of Ukraine.

She was interviewing a person who claimed to be a member.

After a month of negotiations, she received a written and video message response in June.

who are you

And when asked what is the motivation for the activity...

"The Kirnet is a group of ordinary Russians who don't like the situation in Russia. Kirnet was born as a hacker collective because I had run out of patience. A real World War III against my country." We can't just

stand still while there's an attack on Russia." , called for cooperation.

Kilnet expressed his strong indignation at such a situation.

"Civilian services are being attacked. Pro-Ukrainian hackers aim to inflict as much damage as possible without narrowing down their attack targets. They have no beliefs or morals.

" He explained that there is a division that conducts attacks and a division that conducts other cyber activities such as gathering public information and hacking.

Japan is 'hostile'

When asked about cooperation with Russian government authorities, he replied:

“We operate independently of the authorities. We are not from the authorities. "

We are scrutinizing the criteria for selecting countries to be targeted for attacks,

" he said.

“We are attacking a country that has an anti-Russian policy and is funding the war in Ukraine. We will look at the situation in the country as a whole and there are so many factors involved in making a decision.”

We heard about Japan.

“We view all unfriendly countries as potential targets, and Japan is no exception. Japan is currently a low priority target. We cannot ignore the fact that it is hostile to

Expert "A professional group?"

Atsuo Inomata, a professor at Osaka University who is familiar with cybersecurity, points out that the hacker group that is said to have attacked Japanese government sites and other sites may have advanced technology.

“In recent years, many large organizations and companies have systems that can withstand DDoS attacks of some degree, and it is becoming difficult to completely disable services due to attacks. The fact that large-scale systems such as 'e-Gov' were affected this time has a great impact. We can presume that a group of professionals skilled in cyberattacks are involved.

" Cybercriminals may also be involved.

“Some of the hacker groups make attack activities their business. Didn't you form a group over time?"

Are cybercriminals involved?

In fact, information has also been confirmed that suggests that Killnet is involved in cybercrime.

According to an information security expert, in late January this year, a post was found on a dark bulletin board on the Internet where cybercriminals gather, claiming to be "Killnet" and providing a DDoS attack proxy service.

“Even before the invasion, the killnet appears to have already provided DDoS attack services to other cybercriminals. Core members of the killnet include former cybercriminals. It is possible that the

The countermeasure is

So how do we prepare for these attacks?

According to Kiyotaka Domae, a senior engineer at IIJ, an information security company that monitors DDoS attacks around the world, he has not been able to directly observe data related to this attack.

However, it is possible that a large amount of traffic was sent to the website by using a "botnet" that hijacks vulnerable IoT devices around the world and exploits them for attacks.

"DDoS attacks occur frequently on a daily basis, but I'm surprised that this time it may have had a major impact, especially on government agencies. There are a lot of things that have vulnerabilities, and it seems that they are sending out attack traffic little by little all at once."

Regarding countermeasures against DDoS attacks, Mr. Domae said that the load is reduced by distributing the server. It is said that it is possible to introduce a mechanism called "CDN (content delivery network)" and a system that automatically analyzes and blocks incoming communication whether it is due to an attack.

In addition, in the event of a large-scale attack, it is possible to take measures such as restricting communication in cooperation with telecommunications carriers.

He also points out that it is important for site operators to secure a means of disseminating necessary information via SNS, etc., even if the site goes down due to an attack.

“The reality is that there are cases in which cyberattacks can only be interpreted as a single case, such as having a name similar to that of a major company. We need to look back and check.”

Professor Inomata points out that there is a risk that cyberattacks against Japan like this one will continue in the future.

“There is a risk that similar DDoS attacks will be carried out in the future, and it is thought that critical infrastructure companies that have a large impact on society and world-famous companies are particularly likely to be targeted. I want you to think about it yourself."

The relationship between Kilnett's claim and the fact that it has become difficult to connect to the site has not been substantiated, and there are many unclear points.

Also, at present, no evidence of attacks other than DDos attacks has been confirmed.

However, if government agencies and infrastructure are targeted by hackers with advanced technology, we cannot deny the possibility of a situation leading to major system failures in the future.

It is certain that we need to prepare now against invisible threats lurking in borderless cyberspace.