Initial Disclosure Date: Jan 20, 2014

It is believed that a major Japanese publisher, KADOKAWA’s website (http://www.kadokawa.co.jp) was compromised between 0049JST on January 7 and 1307 JST on January 8, 2014. During that time, approximately 10,000 accesses were made to the website in total. A non-KADOKAWA employee emailed the company to notify the possibility of the hacking around 1100 JST on the 8th. KADOKAWA had its outsourced company to maintain its server to start investigation at 1130 JST. The contractor confirmed the incident, fixed the issue at 1307 JST, and finished taking security procedures at 1642 JST on January 8.^(footnote:1)

According to a Symantec Official Blog dated January 14th, the culprit exploited five vulnerabilities of the website such as Java and Adobe Flash Player and lured website visitors to two malicious fake online banking websites which host Gongda Exploit Kit in order to steal their ID and passwords. One of them is a local Japanese bank probably because its security level is not as robust as major banks. The Symantec blog did not identify what is “a major Japanese book publisher and distributor” is at that point.^(footnote:2)

At 2118 JST on January 16, NHK News reported that the hacked website belongs to KADOKAWA.^(footnote:3) After that, KADOKAWA finally released an online apology and report about the incident at 2300 JST. The company insisted that they had not confirmed any leak on personally identifiable information as of January 16th.^(footnote:4) However, the press release did not explain what kind of damage malware infection would bring.^(footnote:5) KADOKAWA’s Public Relations says that the culprit hacked the server, not stealing the FTP password.^(footnote:6)

The Public Relations admitted that it was problematic to take nine days to release the fact after the incident and the company should have issued a warning at much earlier timing.^(footnote:7) Since it is becoming more difficult to prevent cyber-attacks, it is more important to enhance capabilities to respond to such attacks and recover from damages.

Sources:

1. Nikkei Trendy Net, “Kadokawa no Website kaizan jiken de akirakaninatta ‘hakka no nerai ha Nihon-jin’ [The hacking incident of the KADOKAWA website revealed that the hackers had targeted Japanese people],” January 17, 2014,
   http://trendy.nikkeibp.co.jp/article/pickup/20140117/1054600/
   Mikami Hiroshi, “Kadokawa saito kaizan, 1 shukan kohyo sezu [KADOKAWA did not release the fact that its website had been hacked for a week],” Yomiuri Shimbun, January 17, 2014,
   http://www.yomiuri.co.jp/net/security/goshinjyutsu/20140117-OYT8T00410.htm?cx_thumbnail=07&from=yolsp
2. Symantec Official Blog, “Popular Japanese Publisher’s Website led to Gongda Exploit kit,” January 14, 2014,
   http://www.symantec.com/connect/ja/blogs/web-gongda
3. NHK News, “Kadokawa HP kaizan etsuran-sha kansen no osore [KADOKAWA’s website was compromised and those who accessed it could have been infected by malware],” January 16, 2014,
   http://www3.nhk.or.jp/news/html/20140116/k10014544561000.html
4. KADOKAWA, “Heisha homupeji kaizan ni kansuru owabi to gohokoku [Apology and notification about the incident to have compromised our website],” January 16, 2014,
   http://ir.kadokawa.co.jp/topics/20140116_security-kdkw.pdf
5. Ichiro Yamamoto, “KADOKAWA no saito kaizan hodo ni kanjita iwakan ha nannandeshoka [Why did I find it uncomfortable with news reports about the hacking incident of KADOKAWA], Yahoo! JAPAN News, January 17, 2014,
   http://bylines.news.yahoo.co.jp/yamamotoichiro/20140117-00031714/
6. Nikkei Trendy Net, “Kadokawa no Website kaizan jiken de akirakaninatta ‘hakka no nerai ha Nihon-jin’ [The hacking incident of the KADOKAWA website revealed that the hackers had targeted Japanese people],” January 17, 2014,
   http://trendy.nikkeibp.co.jp/article/pickup/20140117/1054600/?P=2
7. Nikkei Trendy Net, “Kadokawa no Website kaizan jiken de akirakaninatta ‘hakka no nerai ha Nihon-jin’ [The hacking incident of the KADOKAWA website revealed that the hackers had targeted Japanese people],” January 17, 2014,
   http://trendy.nikkeibp.co.jp/article/pickup/20140117/1054600/?P=2

• * Each company name, an organization name, and a brand name are a trade name of each company and each organization, or a registered trademark.