Initial Disclosure Date: Jul 4, 2012

Malicious actors used the email sending form on the website of the Yamagata Prefectural Government and Police Department and Kagoshima Prefectural Government to flood them with 11,000 suspicious emails to Yamagata on June 28 and 16,000 emails to Kagoshima on July 2. No municipal government in the Yamagata prefecture has received similar emails. Yamagata is the first prefecture that faced this kind of email avalanche to the government and police. According to an investigate source in Yamagata, this case is probably not done by Anonymous because the method is totally different from Anonymous cyber-attacks and website defacing.

On June 28, the Yamagata Prefectural Police Department and Prefectural Government announced that their mail boxes to answer questions and requests from residents had received about 7,000 and 4,000 suspicious emails respectively. The Police intermittently received the messages between 01:19am and 05:02am, whereas the Prefectural Government intermittently received between 01:28am and 02:29am on June 28. The Cyber Crime Control Office under the Police’s Consumer & Environment Protection Division is investigating the attribution on suspicion of forcible obstruction of business, finding out if there is any relevance to the recent cyber-attacks on Japanese government websites including the Ministry of Finance.

The subjects of the messages to both the Police and Prefectural Government had random symbols and alphabets and they did not make any understandable words. Actors typed only random symbols in their email address box. There was a difference between messages to the Police and Prefecture, too. As far as the Police confirmed, each of the messages to the Police contained over 100 characters/symbols. Yet, each of the messages to the Prefecture had only 10 to 20 characters/symbols and sometimes included Hiragana, which is not seen in the emails to the Police.

Back in September 2010 right after the Chinese fishing boat rammed two Japan Coast Guard vessels near the Senkaku Islands, Chinese hackers listed up their potential targets including the website of the Yamagata Prefectural Government. They launched DDoS attacks on the websites of the Ministry of Defense and National Police Agency, causing access difficulties.

Between 00:25am and 06:28am on July 2, the Kagoshima Prefectural Government received about 16,000 suspicious emails to their mail box, which is connected to the request form on the website. This form allows subscribers of Kagoshima Prefecture’s public relations magazine, “Graph Kagoshima,” to re-register their personal information such as their name and address. An official who came in after 8am found the emails on that date. The website has got no damage so far. The Prefectural Government has not been able to find out the intension and suspect the possibility of a kind of cyber terrorism. The Prefecture consulted with the police to investigate the case.

All of the emails were sent from the same foreign IP addresses but the senders have not been identified yet. The Prefecture is investigating the attribution. The senders typed “1” in all of the boxes for name and new/old address. Since the Prefecture already took a countermeasure, this mail box for “Graph Kagoshima” has not received suspicious emails anymore as of 1pm on July 3.

Nevertheless, several other request forms on the Prefectural Government’s website administered by different divisions started to send out one to a few messages per hour to the prefecture’s mail boxes after 08:46am on July 2. These emails also contain random characters and symbols, and the subject includes several “Mr.” The divisions still receive such messages as of 1pm on July 3.

Sources:
Yamagata News Online, “Kenkei to ken ni 1man 1000tsu no hushin meru gyomubogai yogi de sosa [The Prefectural Police Department and Government received 11,000 suspicious emails --- The police investigates the case on suspicion of forcible obstruction of business],” June 29, 2012,
http://yamagata-np.jp/news/201206/29/kj_2012062901581.php
Yomiuri Shimbun, “Hushin meru 1man cho! Tacashi Anonymous mukankei ka [Over 10,000 suspicious emails! But probably Anonymous is not involved],” June 29, 2012,
http://www.yomiuri.co.jp/national/news/20120629-OYT1T00066.htm
Asahi Shinbun, “1man 6sen ken, Kagoshima ken HP ni hushin meru saiba tero ka [The website of the Kagoshima Prefectural Government received 16,000 suspicious emails --- possibly cyber terrorism],” July 2, 2012,
http://www.asahi.com/digital/internet/SEB201207020025.html
Minaminihon Shimbun, “Kagoshima-ken homupeji ni hushin meru 1man 6sen tsu [The website of the Kagoshima Prefectural Government received 16,000 suspicious emails],” July 3, 2012,
http://www.373news.com/modules/pickup/index.php?storyid=41545
Nishinihon Shimbun, “Kagoshima-ken homupeji ni hushin meru 1man 6sen tsu [The website of the Kagoshima Prefectural Government received 16,000 suspicious emails],” July 3, 2012,
http://www.nishinippon.co.jp/nnp/item/310771

• * Each company name, an organization name, and a brand name are a trade name of each company and each organization, or a registered trademark.