<<< Date Index >>>     <<< Thread Index >>>

[IP] [Japan] 4.6 Million DSL Subscriber Data Leaked?



Date: Fri, 27 Feb 2004 06:47:41 +0900
From: Japan
Subject: [Japan] 4.6 Million DSL Subscriber Data Leaked?
To: dave@xxxxxxxxxx


For IP if you wish

Please remove my name and email address -- just say "from Japan". This
is my take on the Softbank Data Leak. This story is too dangerous.

[Japan] 4.6 Million DSL Subscriber Data Leaked?

The Tokyo Metropolitan Police arrested three men on suspicion of
trying to extort up to 3 billion yen (U.S. $28 million) from
Softbank. The suspects claimed that they obtained DVD and CD disks
filled with 4.6 million Yahoo BB customer information. The two of the
suspects run Yahoo BB agencies which sells DSL and IP Telephone
services.

Last month, Softbank was contacted by the suspects who demanded
investment to their venture in exchange for the disks. Although the
company confirmed that a part of the customer data shown by the
blackmailers was that of real Yahoo BB customers, the company so far
has not admitted their whole customer data was stolen. The police and
Softbank will examine the data on the seized disks. It will take
several days before we know the exact scale of the leak. According to
Softbank, the stolen data includes name, address, telephone number,
and email. No billing or credit card information was leaked.

Also, it has been reported that the police in Nagoya arrested another
man who attempted to extort 10 million yen (U.S. $ 90,000) from
Softbank. The man sent the company email messages including the one
with 104 customer data and claimed to have over 1 million customer
information on floppies. He worked as a temporary customer support
personnel for Yahoo BB in the past and it was likely that he stole the
customer data while he worked for the DSL provider. The police
considers the Nagoya attempt is not related to the Tokyo case and the
sources of the data leak are different.

At this point, there is only speculation on how the customer data was
stolen. The data was not accessible from the public networks and
Softbank denied any intrusions to their computer networks from the
outside. It was likely to be an inside job. There might have been an
accomplice(s) in the company or its subsidiaries/affiliates. An
Softbank executive stated that there were over 100 people who could
log-on to the PCs connected to the customer database. The company is
in the process of cheking the log to find any suspicious access to the
data. (Although Softbank is a victim of hideous crime, I expect that
there will be a lot of scrutiny on the company's policy and practice
regarding data security and privacy protection.)

Although the both extortion attempts were foiled, the backgrounds of the
Tokyo suspects are disturbing. One of the Tokyo suspect is the leader
of a right-wing political organization. In Japan, the shady right-wing
groups are often a part of the organized crime(Yakuza gangsters) or
have a close tie with Yakuza. It is unthinkable that the 4.6 million
personal data fell into the hands of the underworld. The bogus
Internet bills from the use of dating and porn sites have become
social problem in Japan.(Even they have no idea of using those
services, some people send money when they receive a letter or email
from the collection agencies sounding like Yakuza-related. I am hoping
the suspects are just bluffing.)

The other two are the followers of a powerful religious group
affiliated with a major political party. According to some tabloids,
one of them was a former ranking member and was participated in the
wiretapping of the home of the communist party leader in some 30 years
ago (The communist party and the religious party were strongly
criticising each other then.). Although he was acquitted in criminal
courts, a civil trial acknowledged his involvement(like O.J.?).

The opposition parties are demanding the government to investigate the
unprecedented scope of the personal data theft and a committee in the
House of Representatives is considering to call Masayoshi Son, the
Softbank president to testify.

-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/