Spammers and hackers have been quick to exploit a reported 200 per cent surge in Internet usage recorded in Japan in the 24 hours after Saturday’s earthquake struck, averaging out to between 60 and 80 per cent, according to various sources.
Cybercriminals responded to the almost immediate shift in trending topics on the Twitter microblogging site, and started focusing their attentions on leveraging the Japanese disaster for purposes of scamming and phishing.
According to security firm Trend Micro, cybercriminals started ‘poisoning’ search engine results within hours of the disaster, pushing search engine users to infected legitimate sites, as well as freshly-registered new ones.
Trend Micro threat response engineer Norman Ingal says his team “saw blackhat search engine optimisation (SEO) attacks almost immediately after the earthquake affected Japan.”
Ingal adds: “We immediately monitored for any active attack as soon as news broke out. True enough, we saw Web pages that have been inserted with keywords related to the earthquake”.
Ingal noted that one of the active sites that we saw used the keyword ‘most recent earthquake in Japan’ that led to bogus antivirus programs. These programs pop-up scareware messages on unwitting users’ screens, telling them their computer is infected and requiring payment for ‘IT security software’ to get rid of the problem.
Spammers started to exploit interest in Japan’s tragedy by masquerading as charitable institutions and governmental organisations sending helpful emails to concerned Internet users. Within the first few hours of the earthquake and tsunami, researchers at security firm Symantec observed more than 50 domains with the names of either ‘Japan tsunami’ or ‘Japan earthquake’.
The situations is probably being exacerbated by the fact that many Internet novices are going online with the intention of making donations to aid agencies as soon as possible, and they may not be savvy to the extent of the scams already waiting to ensnare them.
“Do not be surprised to suddenly see an email message in your inbox marked as URGENT and pleading with you for ‘monitory help’ [sic], or a phishing mail urging you to donate to the rehabilitation of those affected by the quake and tsunami,’ warns Symantec security researcher Samir Patil. Internet users, he advises, should use prudence in finding out the genuine intent of email senders before they reach out or respond: “While our hearts go out to those grappling with this unprecedented catastrophe, we at Symantec urge users to be cautious about unscrupulous elements.”
Ironically, spammers activities were enabled by the fact that Japanese Internet connections remained operative despite damage to some 50 per cent of its undersea communications cables that normally carry IP traffic to and from the islands. The resilience is probably due in part to the Japanese government’s masterplan for the Internet – which dates back to the 1980s – when a ‘dense mesh’ was created, cantering on four Internet peering points – BBIX, JPIX, JPNAP, and NSPIXP-6 – all dotted in and around Tokyo.
This dense mesh allowed for multiple and redundant routes to exist on the Japanese national IP network, which meant that – apart from a general slowdown in the few hours after the initial quake – Internet users could continue to use Facebook, Twitter, and other local social networking services like Mixi.