IT-illiterrate Police of Japan Bust Coinhive as Virus

Do you know Coinhive, a online JavaScript miner of Monero? This web service is developed to intend to allow ad-free browsing, and is expected to become a new way to monetize your contents, such as blogs, photos, or arts.

To our surprise, however, a web designer in Japan, who has installed Coinhive to his website, has faced a summary indictment - a legal process for miner crimes - by Kanagawa Prefectural Police for acquisition and storage of electromagnetic records by unlawful operations. That is, police of Japan consider Coinhive as a kind of malware!

What happened to him?

In September of last year, He, online under the name of Moro (ja: モロ), read an article introducing Coinhive, and installed it to his web service for testing. A month later, he was pointed out on Twitter that he should get his user's approval to run Coinhive on their browsers, but he found he couldn't implement the system of approval due to the high cost. Nowadays Coinhive provides AuthedMine, which enables visitors to choose if they allow or disallow miner to calculate for mining with opt-in screen, but it didn't yet at that time, so he decided to remove Coinhive from his site.

Sadly, his Monero balance didn't reach the minimum of withdrawal, so he didn't get any money.

In February of the next year, all of a sudden, he was raided and investigated by the Cyber Crime Control Division of Kanagawa Police. Next month he was sent the case to the prosecutors office, and was sentenced to a fine of 100,000 yen (approx. $900).

Why is Coinhive a Malware in Japan?

The post, Story of being raided about cryptocurrency mining (Coinhive) in his blog says, and as I previously noted, using Coinhive is considered as a crime of acquisition and storage of electromagnetic records by unlawful operations.

The provisions concerned of Penal Code of Japan are translated below (unofficially by me):

[Crimes of creation and provision of electromagnetic records by unlawful operations]
Article 168-2 (1)
A person who, for the purpose of execution on a computer of another person, without justifiable grounds, creates or provides one of the following electromagnetic records or any other records shall be punished by imprisonment with work for not more than 3 years or a fine of not more than 50,000 yen.
(i) An electromagnetic record which doesn't behave as intended, or which gives unlawful operations of behavior as unintended, when another person uses a computer.
(ii) Except for the case provided for in the item (i), an electromagnetic record or any other record that the unlawful operations of the same item are written.

[Crimes of acquisition and storage of electromagnetic records by unlawful operations]
Article 168-3 (1)
A person who, for the purpose prescribed for in the paragraph (1) of the preceding Article, without justifiable grounds, obtains or stores one of the electromagnetic records listed in each item of the same paragraph shall be punished by imprisonment with work for not more than 2 years or a fine of not more than 30,000 yen.

He writes about this judgment of the police in the blog as below:

The police says “it's illegal that controlling another person's computer without their permission (or giving them premonition),” but as you see, their legal interpretation is very rude: they do never take account of “unlawful operations.”

Along their interpretation, not just the services of AdSense, Analytics and Optimization, but also any other JavaScript codes in the world will be illegal. Plus, “premonition”, which they insist I give to viewers, can have multiple meanings by each person's internet literacy.

Moreover, if the police can file this by “a summary indictment”, it means they can judge the various things of “rudeness” I said above [TN: ignored “unlawful operations”, multi-meant “premonition”, etc.] nearly on their own authority.

We can find a couple of problems from this. First of all, the police of Japan is just an organization of enforcement of administration, not a judicial organ, so especially in Japan, which adopts Nulla poena sine lege (legality principle), they must not judge the nation by their own interpretation.

Second, if they were to be allowed to investigate over strict Nulla poena sine lege in some degree, their knowledge and judgment of IT are completely irrelevant. There are a great number of JavaScript programs in the world controlling other's computers without their permission. Let's take an example of this.

http://www.police.pref.kanagawa.jp/

Yes, this is the website of Kanagawa Police. When I visited here, my browser loaded and executed 5 JavaScript codes, but the website didn't seek my consent to doing that at all!

Even though the second file listed in Developer Tools was made by them, other 4 files are still from Google unintendedly, which I couldn't get any premonition.

Don't get me wrong - I definitely don't want to say Google is a suspicious developer. However, as the police regard JavaScript codes unconsensually controlling computers as viruses, they must NOT use these JavaScript programs of their own and Google's without permission.

Ridiculous? Agree. But unfortunately this has already happened in actuality.

Does it absolutely come under an electromagnetic record by unlawful operations?

There is a security researcher raising a clearly reasoned objection. He is Hiromitsu Takagi, a lead researcher of National Institute of Advanced Industrial Science and Technology.

He expounds why Coinhive doesn't come under that Article in his blog as follows:

• If Coinhive behaved as unintended, according to the minutes of Legislative Council, the issue would be whether it gave unlawful operations.
  • The Ministry of Justice says in About the crimes of the so-called computer viruses: “it is supposed to be determined whether the operation is unlawful or not, from the point of view of social admissibility, in accord with the functions of the program.”
  • (i) Professor Ishii stated in his paper: it's needed not only the behavior as unintended but also the substance that can be a menace to internet security.
  • (ii) Professor Sonoda commented in the newspaper article: it's hard to say Coinhive is socially admissible.
  • Mr. Takagi says:
    • As for (i), Coinhive does NOT either destroy a computer or steal information.
    • And as for (ii), even if it really so, not the users, but the developers of it, who's planning to spread it widely, should be accused of a crime of creation of virus, like the case of Tidbit.
  • So he concluded Coinhive is not the program giving unlawful operations.
• He also argues it does not even behave as unintended.
  • According to the minutes of Legislative Council, it should be considered whether to be as unintended from the point of view of damage to social reliability of computers, so the behaviors based on basic processing don't meet as unintended, even if users don't perceive them.
  • When we're viewing websites, it's naturally common our computers use CPU on some level.
  • So calculation by Coinhive with CPU also is one of the behavior based on basic processing, which means Coinhive doesn't behave as unintended.

Although Prof. Sonoda added, “For fear of considering as illegal, we can only explain ourselves to users and seek their consents,” Mr. Takagi complements that was just a generality of defense, and he continues:

Although it's true the actions with the consent don't constitute a crime, it's not necessarily true the actions without the consent does constitute a crime... However this reasonable logic doesn't seem to hold good to the investigation of Kanagawa Police this time.

Incompetent, Ignorant Police

From Moro's post and Mr. Takagi's post, this time Kanagawa Police seem:

• to put Moro under control for many hours,
• to investigate him as though they deny his personality,
• to try many times to force him to speak words of soul-searching,
• to make him experience the pressure of socially eliminating of him,
• to, at last, delete all data of his PC, including OS.

It's precisely diabolical! How atrocious! But unfortunately this seems to have happened in actuality.

Why did they do such horrible things, like unleashing sarin in a train? The possible reason is they have to use their power of authority, in order to complement their extremely lacking knowledge of IT.

Did you know 5 false charges of the PC remote control case in 2012 (written in Japanese)? At that time, at least 5 computers were remotely controlled, and then the police arrested the 4 wrong person, including 1 nonage... Yes, it was exactly Kanagawa Police that wrongly arrested an innocent boy! They could NOT catch out the real culprit until he provoked the police and gave several clues. Moreover, the police is pointed out the possibility that they squeezed a confession out of that innocent boy, although they've denied.

Another example that Mr. Takagi takes is the case of Okazaki Municipal Chuo Library in Aichi, or the case of Librahack. In this case, a user sending lots of web requests to the library was arrested for fraudulent obstruction of business, but the underlying cause was failure of the search software of the library developed by Mitsubisi Electric. This wasn't by Kanagawa Police, but that means other police of Japan as well as them have lack of IT knowledge.

Moro's post says the policemen of the Cyber Crime Control Division copy-pasted with a pop-up menu opening by right-click, and they were unable to distinguish HTML head tag from header tag.

Moreover, when we visit the website of Kanagawa Police (already shown above), we find their site not SSL-enabled. To our surprise, it's not just theirs, but also Metropolitan Police Department's.

Disappointingly, even after about 6 years passed since the PC remote control case, police of Japan still remain incompetent and ignorant on IT.

Public organizations in the hands of private anti-virus software distributors

Say, if the police have no knowledge, who's taking the initiative in removing Coinhive from Japan?

We could take some clues from back issues.

The issue of Nihon keizai shimbun (Nikkei) dated December 10, 2017 said about Coinhive as follows:

• it's feared to compromise personal information,
• it uses about 100% of your CPU, and,
• there're a concern about altering it for identity theft.

Other newspapers, such as Mainichi or Yomiuri, reported similarly: “Coinhive will cause to break your PC and get out your information.”

As you can test it on coinhive.com, it can be set up so as not to use the entirety CPU of your computer. However high the level of the estimated CPU usage the website operators set it up to is, it's completely incorrect they report as if all Coinhive would use 100% of CPU. Also, It's clear from its source code it doesn't steal any personal information.

Additionally, about the third item listed above, “Any programs can be altered for identity theft, and even any unaltered programs can be used for that, so this sentence is all meaningless,” Mr. Takagi indicated.

There is a mastermind behind these fake reports; that's Trend Micro Incorporated. In each issue previously noted, Katsuyuki Okamoto, a security evangelist of Trend Micro, appeared.

When Mr. Takagi inquired of a reporter for Nikkei why they wrote there were a concern about altering Coinhive for identity theft, they answered, “because a security specialist explained like that.” They didn't show who did that for privacy reasons or something, but we can easily infer from the newspapers Mr. Okamoto did.

The most breaking report was the article of Sankei, saying “Coinhive is the source of money of the North Korea”, followed by AbemaTIMES reports, “it's terrible, forced-mining.”

In AbemaTIMES post, Mr. Okamoto said, “You are in danger of making your PC infected by malware, or of being redirected to a phishing website.” How horrible his Coinhive was!

Why did they do like this? The reason is very simple. Mr. Takagi points out:

After all, to cut a long story short, the more anti-virus software distributors frighten people, the more they can make money. They foment everything as “a cyber crime” this way, and advertise their products are able to solve these.

So in this Moro's case, as you can see, there's even a small probability the police asked Trend Micro for help on investigation.

That is, we can say both the mass media and even the police in Japan are managed only for the benefit of some private companies, such as Trend Micro.

Why “a summary indictment”?

By the way, why was Mr. Moro filed by a summary indictment? As a matter of fact, there is a snare: the police can create a fait accompli that is “Coinhive users are to face charges” or “Coinhive is illegal because it's a malware” - we usually call that “judicial precedents.”

Japan follows the statutory law system - almost similar to but a little different from the case law system in the U.S., so once the police establish a precedent convenient to them, they become able to make a mass arrest. Well, it's dictatorship by the police!

However you must NOT lose hope. If the police choose the way of summary indictments, there surely is a reason: they (and the prosecution) think they have no chance of winning a court victory - but it's unnecessary they fight a legal battle of summary indictments!

So when we face a summary indictment, what can we do? The answer is: make an objection and bring it into court! If we challenge them, they can't fail to dismiss that case - because they can't get the case. In fact, when an online casino user facing a summary indictment of crimes of gambling made an objection, the public prosecutors decided not to prosecute him.

Fortunately for us, Mr. Moro is also making preparations for objection against this case. I'll be wholeheartedly supporting him.

Things getting worse...

Things is now getting worse while I'm writing this. According to the Sankei report on June 14, the police of 10 prefectures, including Kanagawa and Aichi, have arrested 3 men and have given prosecutors the files on 13 men.

Mr. Moro quoted the famous “First they came for...” in his blog.

First they came for the Socialists, and I did not speak out—
Because I was not a Socialist.

Then they came for the Trade Unionists, and I did not speak out—
Because I was not a Trade Unionist.

Then they came for the Jews, and I did not speak out—
Because I was not a Jew.

Then they came for me—
And there was no one left to speak for me.

Now they're coming for the crimeless Coinhive users - why don't we speak for them?