Communications originating from online re-routing and anonymisation tool Tor, short for The Onion Router, should be blocked by internet service providers, according to the Japanese National Police Agency (NPA).
The declaration, reported by Japanese newspaper The Mainichi, comes after a series of threats were made online by someone known only by the pseudonym Demon Killer', whose use of Tor has made it impossible for the NPA to track him or her via their IP address.
Demon Killer left messages saying they intended to plant bombs in Japanese schools and nurseries. The NPA carried out four arrests in connection with the case, only to find the supposed culprits were in fact victims whose machines were being used as end points by the Tor network.
The agency report also highlighted cases where Tor had been used to post other murder threats online, as well as illegally access bank accounts and leak data stored by the Tokyo Metropolitan Police Department.
Consequently, the NPA has recommended that, in order to stop such abuses, IP addresses registered as being allocated at end points of Tor be blocked voluntarily by site administrators.
A spokesperson for online security and anti-malware vendor Malwarebytes said the NPA's decision was to be welcomed, but does not go far enough in trying to stop the anonymous remote hijacking of computers.
"Tor is just one of a number of ways to anonymise a proxy. Expert cybercriminals will find other methods to mask their IP address such as using an internet caf or a paid-for anonymising service," the spokesperson said.
"In addition, by labelling Tor as a cybercrime tool, Japan is failing to see the benefits the software has for consumers as a method to preserve their privacy while surfing online. In our world where your every click is logged and fed into statistical analysis systems, it is good to know your identity can be kept safe," they added.
The identity of the person behind the Demon Killer messages remains a mystery and the NPA is currently offering 3 million (20,000) for information leading to his or her arrest.
-
Cleo attack victim list grows as Hertz confirms customer data stolenNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
Lateral moves in tech: Why leaders should support employee mobilityIn-depth Encouraging staff to switch roles can have long-term benefits for skills in the tech sector
-
Capita tells pension provider to 'assume' nearly 500,000 customers' data stolenCapita told the pension provider to “work on the assumption” that data had been stolen
-
Gumtree site code made personal data of users and sellers publicly accessibleNews Anyone could scan the website's HTML code to reveal personal information belonging to users of the popular second-hand classified adverts website
-
Pizza chain exposed 100,000 employees' Social Security numbersNews Former and current staff at California Pizza Kitchen potentially burned by hackers
-
83% of critical infrastructure companies have experienced breaches in the last three yearsNews Survey finds security practices are weak if not non-existent in critical firms
-
Identity Automation launches credential breach monitoring serviceNews New monitoring solution adds to the firm’s flagship RapidIdentity platform
-
Neiman Marcus data breach hits 4.6 million customersNews The breach took place last year, but details have only now come to light
-
Indiana notifies 750,000 after COVID-19 tracing data accessedNews The state is following up to ensure no information was transferred to bad actors
-
Pearson fined $1 million for downplaying severity of 2018 breachNews The SEC found the London-based firm made “misleading statements and omissions” about the intrusion
