Slashdot Mirror

← Back to Stories (view on slashdot.org)

Japanese Man Arrested For Storing Malware

Posted by Soulskill on from the intent-to-distribute dept.

Orome1 writes "38-year-old Yasuhiro Kawaguchi is the first person in Japan to get arrested for storing malware on his computer after the upper house's Judicial Affairs Committee has confirmed the new anti-malware law passed by the Japanese parliament. The law considers the creation, distribution and storage of malware a crime punishable with up to three years in prison and a fine that could reach the sum of 500,000 yen ($6,200)."

18 of 84 comments (clear)

  1. Symantec? McAfee? by XanC · · Score: 5, Insightful

    Surely any "white hat" working against malware needs to store malware someplace, right? What a dumb law.

  2. From the article: "without a legitimate reason" by tepples · · Score: 5, Informative

    The article says the charge was "storing a computer virus without a legitimate reason". In this case, the suspect "told the MPD that he did it to punish people who use file-sharing software"; do you consider that "a legitimate reason"?

    1. Re:From the article: "without a legitimate reason" by gdshaw · · Score: 4, Insightful

      The article says the charge was "storing a computer virus without a legitimate reason". In this case, the suspect "told the MPD that he did it to punish people who use file-sharing software"; do you consider that "a legitimate reason"?

      I can think of at least two organisations that might.

    2. Re:From the article: "without a legitimate reason" by Opportunist · · Score: 2

      So what, I don't consider those organizations legitimate.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    3. Re:From the article: "without a legitimate reason" by Charliemopps · · Score: 2

      Yes.
      Information should not be illegal.
      I hate Malware as much as the next guy, but there are hundreds of ways they could have passed laws that would lead them to be able to arrest this guy without having to making certain types of code illegal.

    4. Re:From the article: "without a legitimate reason" by Opportunist · · Score: 2

      For myself? Yes. And I never broke a single one of them, every time I was close to it I managed to change them just in time.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    5. Re:From the article: "without a legitimate reason" by michelcolman · · Score: 2

      Possession was declared a crime because it destroys the market for CP. Otherwise, you could download (buy) as much CP as you liked and, if you got caught, just go "I did not make it, so I'm not to blame". Now most people will stay away from these sites since just having those pics in you browser cache could be enough to send you to jail. If nobody buys CP anymore, it destroys the incentive for people to create it.

      Of course some degree of common sense must be applied. For example, I once stumbled upon a child porn picture when browsing 4chan (after hearing outrage about some ISP blocking 4chan, just checking what all the fuss was about). In some places I technically could have been arrested for that, and put in jail if any trace of that unwanted image was left in some obscure cache location on my hard drive.

      Also, I think people went a little bit overboard when arresting people for a cartoon featuring Bart and Lisa Simpson having sex. That's just ridiculous.

  3. Re:Symantec? McAfee? by rbrausse · · Score: 2

    not dumber than cyber-crime law in other countries. politicans don't understand the whole computer/network thing

  4. Re:Symantec? McAfee? by Derekloffin · · Score: 3, Informative

    The summary is pretty poor (as usual). The article says 'The revised Penal Code, which was enforced July 14, bans storage of a computer virus for the purpose of infecting other computers.' I doubt Symantec or McAfee store for the purpose of infecting other computers.

  5. 2.5 years in prison for this? by Baloroth · · Score: 3, Interesting

    FTFA:

    Kawaguchi uploaded a file containing the virus, which was titled to suggest child pornography, to the Internet via the file-sharing software Share

    Well, normally I consider people who upload viruses via file-sharing software to be scum of the earth, but this guy seems like he was actually doing it for a moderately good cause. "Think of the children" is hella over used, malware is malware, and vigilante justice it questionable, but punishing this guy seems kinda weird, especially that strongly. Also, how the hell do they define "storing" malware? Technically, that could mean anyone infected is guilty, which is really scary.

    I'm sure it won't be abused, of course. /sarcasm

    --
    "None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
    1. Re:2.5 years in prison for this? by Lance+Dearnis · · Score: 2

      The problem is that if you're uploading something to infect people, there's a risk, for one, that it'll get out of control; and for second, that you might interfere with law enforcement efforts. If I pulled the same stunt here, and infected an FBI system with my virus, then who wouldn't expect them to come rip me a new one? If they wanted honeytraps set they'd do it themselves and get the laws written for it, because, they can shout "THINK OF THE CHILDREN" and get the permission to do it in a second.

      This guy might not be the best example of a conviction with the new law (It'd be nice to have one of the fake AV program writers get busted for it), but on the other hand, I'm glad to see such a law being put on the books and enforced. It's even got the exceptions for AV and anti-malware programs so that they won't get busted, or white hats. Sounds solid to me.

  6. Re:Symantec? McAfee? by sconeu · · Score: 2

    I doubt Symantec or McAfee store for the purpose of infecting other computers.

    No, their regular products do that quite nicely, thank you.

    --
    General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
  7. Re:* Confused * by Opportunist · · Score: 2

    The summary leaves out the important bits like with the intent to infect others.

    And while an infected computer would possibly spread that disease, it's certainly not intended by the computer's owner.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  8. Re:Symantec? McAfee? by Opportunist · · Score: 4, Insightful

    The German law is even actually dumber.

    If I understood the Japanese law correctly, you'd have to have some kind of intent to use that malware to infect other computers to break it. So far, so good. Personally, I don't see anything wrong with that by itself, creating, storing or distributing malware with the intent to infect should be punishable. I wonder how they want to discriminate between intentional and accidental spreading (after all, it could well be that he himself downloaded that somewhere and didn't even know it's malware), but if they find a way to actually identify the intent of someone, that law could actually do much good.

    The German "anti-hacker law" cannot. There is simply no angle or way this could possibly have any beneficial effect. Basically, what the law says is that a "hacking tool" is illegal. There may be an exception for good reason, so far nobody tested it. I actually cannot remember a case where it was used. And it's sufficiently ambiguous that a hex editor could be subject to it or a firewall that lets you configure the packets it replies with. But let's stay with nmap, hping and all the other "hacking tools" for a moment. These are very well known and quite powerful tools to check the security of a network, so they can be used to find weaknesses in it, hence they're hacking tools.

    And auditing tools. Why? Because auditors use exactly the same tools for an obvious reason: Everything you can use to find weaknesses in a network to break into it can also be used to find weaknesses in a network to fix and seal them. Unfortunately, the law makes little difference in intent. Because not the use, but the possession, is already illegal. And when I own a rifle with a scope, it doesn't make any comment yet on whether I go on a killing spree with it or whether I'm a hunter.

    Now let's ponder for a moment who gives a shit about a law that makes those tools illegal: An auditor, whose job and pretty much his career hangs on his police record being spotless, or a criminal who plans to commit a crime much more serious than "possession of hacking tools".

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  9. Re:Symantec? McAfee? by Anonymous Coward · · Score: 2, Funny

    it is some where alone the lines of breaking your own leg to prevent yourself from getting on a bike, because then you might have a nasty crash and hurt yourself

  10. Re:Symantec? McAfee? by realityimpaired · · Score: 2

    Technically, though, having a virus-infected PC is both storing and distributing viruses....

  11. Re:Symantec? McAfee? by Opportunist · · Score: 2

    But without intent. And someone who is clueless enough to collect active malware on his PC can credibly claim that there was no intention behind it.

    I dunno about your courts. Ours follow the logic of "don't assume malice if stupidity is enough of an explanation".

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  12. Re:Symantec? McAfee? by dindi · · Score: 2

    I ran servers for years and years as a sysadmin, now I run/develop for servers. From time to time this and that gets hacked, most of the time it is just attempts that leave some binaries, sources here and there. I always keep these to see what they do, how they do it and as a reference to any in-the-future attempts to see if a name, email or something pops up again from an older attack. I keep logs, hacked files packaged and usually password protected.

    This law is stupid! I 100% agree. Even writing malware is something legit if you do not distribute it. Be it a hobby, a profession, or whatever else.