After a seven-month investigation, four false arrests, and a major loss of face over a series of death threats made by a Japanese hacker, the Japanese Police may have finally gotten their man. A Joint Police Task Force, led by the Tokyo Metropolitan Police Department, arrested Yusuke Katayama, a 30-year-old IT office worker, on charges of forcible obstruction of business, this month. He allegedly posted a threat on a Net bulletin board, 2 channel, last August stating that mass murder would take place at a comic-book convention in Tokyo, causing chaos and disrupting the event. Katayama allegedly used a computer virus to take over an innocent man’s computer to post the threat. Katayama is suspected of committing at least three other similar crimes. According to his lawyer, he is denying the charges at present. However, this week the FBI presented evidence to the Japanese police that links Katayama to a U.S. server used in the crimes. But with four mistaken arrests weighing on their shoulders, the Japanese police are proceeding with due caution.
The arrest of Katayama may finally bring to a close one of Japan’s strangest criminal cases in recent years—one that showed major flaws in the country’s criminal justice system and its ability to investigate cybercrime. It was an investigation that gave a lone hacker national attention as he made fools out Japan’s law enforcement and then challenged the police to catch him with clues, taunts, false leads, and cryptic riddles. The police success in answering his final puzzle, hidden in the collar of a cat on a Japanese island, may have proved to be his undoing.
Starting in the summer 2012, a lone cyber malcontent began posting death threats on Japanese websites and sending emails warning of terrorist attacks. At the end of June, he posted plans to commit a mass murder on the Web page of the city of Yokohama, resulting in the arrest of a 19-year-old student attending Meiji University. In July, the same man posted on the Osaka City website, stating, “I will commit a massacre in Osaka’s streets. I will run over people, stab some at random and then kill myself.” The post resulted in the arrest of the anime creative director, Masaki Kitamura. Kitamura was indicted even while professing his innocence. By the end of September, the Tokyo, Osaka, Mie, and Fukuoka police departments had arrested a total of four people on charges of obstruction of business.
ADVERTISEMENT
“Hello. I’m the real culprit.” The email that collapsed four criminal cases.
Everything changed in October, when emails claiming responsibility for the crimes were delivered first to Yoji Ochiai, a Tokyo lawyer, and then to Tokyo Broadcasting System (TBS) and other media. The mails stated, “I am the real culprit,” and were sent from a man using the name Oni Koroshi (Demon Killer). Oni Koroshi is also the name of several different brands of saké in Japan, including one cheap version much beloved by the police, and sold in 100 yen ($1) juice packs in convenience stores. The mails held details of how the crimes had been committed that only the criminal could know. Demon Killer discussed how he had spread a Trojan horse virus (in Japan sometimes called a “remote control virus”) known as iesys.exe via online bulletin boards and then remotely controlled the host computers to post the death threats.
In his email to the lawyer, Ochiai, Demon Killer stated his goal was not to put innocent people in jail and laugh about it, but “my motive is solely to entrap the police and prosecutors and expose their shameful status to the world.” He insisted that he always intended to confess to the crimes, in due time, and save the people who were wrongly arrested. He said that he chose Ochiai because he had happened to see the lawyer on television and “you look like you understand these things.”
The revelations in October began a game of cat-and-mouse between the Demon Killer and the police. After the mails were made public, the police reopened investigations, and by October 18, Yutaka Katagiri, the chief of Japan’s National Police Agency, admitted that there might have been several false arrests. On October 19, a joint investigation task force was set up to get to the bottom of the crime. By December all four individuals that had been wrongfully arrested were cleared of all charges. On December 12, the National Police Agency (NPA) offered a reward of up to 3 million yen for information leading to an arrest. (*The day after Katayama’s arrest, the notice of the reward was no longer online, which may suggest the NPA feels they have the right guy.)
According to NPA sources, the cybercrime squads in each police department had determined the IP addresses of the computers that were used to make the threats but hadn’t gone further to see if the computers had been affected by viruses or had malicious software installed that would make them platforms for cybercrime, a.k.a. “zombie computers.” According to the Mainichi newspaper, none of the detectives investigating one death threat case made in September even knew of the existence of remote-control viruses.
Demon Killer, aware of the police inability to effectively conduct a cyber-investigation, taunted them in mails to the press and even sent them email directly saying, “Thank you for playing with me.” He also explained in detail the various means and methods he used to make the online threats.
What made the slow investigation even more embarrassing for Japan’s finest was that in two cases innocent people were coerced into making false confessions. One was a 19-year-old student at Meiji University and the other a 28-year old man in Fukuoka Prefecture. The reasons for their false confessions are still not entirely clear. In Japan, where there is a 99 percent conviction rate for criminal cases that are indicted, suspects are not allowed to have their lawyer present during questioning. In addition, due to an often exploited loop hole in Japanese law, suspects may be detained up to 23 days before being charged or set free. Bail is rarely granted. Suspects are sometimes promised lighter sentences or bail if they will simply confess. In recent years, cases of forced or coerced confessions that resulted in wrongful convictions have damaged public faith in the Japanese criminal-justice system. Prosecutorial misconduct is another issue. In March 2012 an Osaka prosecutor was convicted for falsifying evidence. Even in the rare case that the accused is found not guilty, the prosecution has the right to appeal, making double jeopardy a de facto part of the Japanese legal fabric.
It’s clear that the Japanese law enforcement made critical mistakes during the start of the investigation, thus stretching it out over half a year. However, it turns out the criminal had also made some mistakes. The police were able to determine by November that one of the messages sent to the lawyer had gone through a U.S. server, and they asked for the FBI’s help in tracking the mail. According to the Japanese media, the task force dispatched investigators to the U.S. on November 12, to speed up the information-sharing process.
Sources closes to the investigation say the FBI found a copy of the virus in a U.S. server that contains encoded information linking it to Katayama. There was also a careless mistake made in uploading the virus that allowed the route to be traced back to a computer Katayama had access to in Japan; this new evidence certainly doesn’t help Katayama’s case. However, considering Demon Killer’s ability to frame innocent people—nothing is conclusive.
Fake suicides, puzzles, and a game of cat and mouse—with a real cat
It appears that after Japanese police were dispatched to the U.S. that Demon Killer began to get nervous and tried to cover his tracks. On November 13, 2012, Demon Killer sent a message to the lawyer: “It’s been a long time. I made a mistake. It looks like the game is over. It would be unpleasant to be caught so right now I’m going to commit suicide by hanging myself.” The accompanying photo of a witch figurine with a computer cable, in the shape of a noose, wrapped around her got the attention of the police and the media. The tabloids were filled with speculation as to whether the Demon Killer had really killed himself.
He didn’t stay dead for very long.
On January 1 he sent a traditional Happy New Year’s message to the Japanese media, encouraging them to go for a big scoop.
On January 5, he sent the media new messages with a “puzzle for the coming spring” to solve. The task was to locate a cat on Enoshima Island, a popular tourist spot—a cat with a memory device in his collar that would yield clues about the criminal and his motives.
The police found a micro SD card on a cat’s collar the same day the message was sent. In the chip was the source code for the virus and buried in the source code was a message that said, “I was caught up in a crime and even though I was innocent, I had to drastically rearrange my life.” Police sources say, a security camera on Enoshima captured footage of a man resembling Katayama moving toward the cat. Further investigation of security cameras in the area revealed footage of a motorbike that allegedly belonged to Katayama, and this along with other information was used to get a warrant for his arrest. On background, an investigator said, “Due to the previous emails we were looking for someone who had been convicted for similar crimes in the past. Katayama was already a person of interest by January.”
The police also searched Katayama’s home Sunday to look for evidence that he had sent the January 5 email. They seized 10 computers from his home and are analyzing them. Several of the computers at the office where he worked were also found to have the TOR software installed. TOR is free software that is designed to protect Net privacy and make it difficult for others to track what websites you have visited or used. Demon Killer also discussed using TOR in his emails to the press. He may have failed to use TOR when uploading his virus to a U.S. server.
Police suspect Katayama used the PCs at his home or work to remotely access other computers and send more than 10 threats last year, either by posting them online or via email. It has also become apparent that if Katayama is the Demon Killer, he certainly may have had motives for making fools out of the police: revenge. According to the Mainichi newspaper, in 2005 Katayama was arrested for posting death threats online and convicted. The death threats pertained to what Katayama perceived as an insulting illustration of a cat. He was extremely unhappy with the sentence.
Katayama has been reported to be a huge cat fan, and he was a frequent visitor to Tokyo’s cat cafes, where customers can play with the cats that are kept as pets by the storeowners. This too seems to link him to the code-carrying cat on Enoshima.
All that being said, no one can be absolutely sure the Japanese police finally have the right man. Ochiai, the lawyer who was first contacted by Demon Killer, has replied to inquires from the press as follows: “I can’t help but feel a little unease. Is this really the criminal? Has there not been a mistake in identification? I hope the police diligently investigate. An arrest does not mean the real culprit has been caught. The police themselves have proven that point.”
