2ch Chronicle/Deanonymization Incident

From Wikibooks, open books for an open world
Jump to navigation Jump to search

On August 26, 2013, personal information (including credit card data) was leaked from 2channel Viewer, 2ch's premium membership service. This led to the embarassing deanonymization of various individuals, as well as exposing them to identity theft. The crisis rocked the Japanese Internet, and many major celebrities, bloggers, and typical normal users had their scandalous post history uncovered.

2ch Front Page Announcement

N.T.Technology, inc was a victim of a cyber attack earlier today. Some data for customers was compromised. Your data may have been compromised. The security hole has been fixed, and is safe to use again.

17,651 paid accounts and 146,217 trial accounts in total were leaked. All credit card numbers, names, addresses and email addresses associated with these leaked and are available publicly.

A further 40,000 trip codes and mail addresses were leaked. 2 months of posting data from 6/15 – 8/10 was leaked, affecting all posters.

2ch’s management acknowledged the actual hack occurred on the 20th, but they only realised 5 days later when the pilfered data started to surface in public. “Fortunately” 2ch conducted very little checking of the personal information it collected, allowing signups with false data and various prepaid digital cash – a relief to the more circumspect users

We are now preparing for the fix.

Please accept my apology for your inconvenience.

Jim Watkins, Chairman of N.T.Technology, inc. English Translation by Sankaku Complex
Leak Incidents

The light novelist Hikaru Sugii apologized on his blog, after it was discovered that he made several posts smearing people on 2channel, such as his close-buddy novelists and a publisher — using such terms as “crap generator,” “compulsive liar,” “mental illness” and so on — all while overly praising himself and his novels.

The leaks held email addresses with company domain names. Many major newspapers and TV stations were on the list. It is no surprise the media searches 2channel for juicy gossip, but many of their comments went beyond journalistic research. Under the protection of anonymity, many users on company accounts also posted recommendations of their products while harshly criticizing their competitors.

A popular blogger of 2channel summaries, shut down his blog after confessing he had been trolling several threads.

The real names of both a college assistant professor and a junior high school teacher who had anonymously posted about some kind of sexual obsessions were also identified.

Events[edit]

Further information: wikipedia:ja:2ちゃんねる個人情報流出事件

To raise funds, 2channel had a premium 2channel Viewer service, which provided extra services, made the freshest thread archives available, and gave users access to the popular News4VIP (a random board akin to /b/). 2channel processed and stored all credit cards themselves rather than relying on a secure third party payment system. 2channel predated the popularization of PayPal and it's clones, and the administration probably held a desire to keep user data out of the hands of contractors, who would be vulnerable to Japanese government subpoena.

Unfortunately, on August 26, 2013, a poster named `さっしーえっち MwKdCUj7XWlQ` anonymously uploaded leaked full name, address, phone number, email address, and credit card information from 2channel Viewer to Onion (Onion Channel) via the Tor Network.

Impact[edit]

This crippling security breach unleashed waves of lawsuits against 2channel, a loss of confidence in the treasured anonymity of the website, and the wholesale destruction of 2ch's longtime dedicated userbase. While credit cards could be cancelled, identities could not be unleaked.

Revelations[edit]

The first revelation was the discovery that some Matome blogs were actually manufacturing drama during slow news days.

Another bombshell revelation was that 2channel's staff had to collect complete user data and tripcodes (for comment history) of it's core userbase for tax purposes, which was beyond ordinary IP logs. This ended the thin veneer of anonymity on the site, and it's most prolific commenters would never dare approach the community again.

The most important effect was the loss of a stable source of income for 2channel. As a result, 2channel would undergo strange behavior to stay afloat.