Kalan's Blog

Software Engineer / Taiwanese / Life in Fukuoka

Current Theme light

This article is translated from Wikipedia, and is shared under the CC BY-SA 3.0 license.

Introduction

Although this incident happened in Japan, it seems to have similar implications for Taiwan. The ambiguous definition of the crime of obstructing computer use can easily become a tool for litigation. As a developer, I believe it is worth understanding. This article aims to share the case and does not encourage any malicious behavior that affects user operations.

Incident Summary

In March 2019, the Hyogo Prefectural Police searched the home of a female junior high school student on suspicion of posting links with malicious code on an electronic bulletin board, under the suspicion of "attempted unauthorized electromagnetic record supply" (不正指令電磁的記録に関する罪). Two men were also searched and sent for examination. On March 25, the Japanese Hacker Association started crowdfunding for the legal fees and litigation costs of the two men, raising a total of 7 million yen from 553 people. On May 29 of the same year, the two men received a non-prosecution disposition, and there were no victims in this case.

According to one of the men, the prosecutor believed that "for certain phone models, once the link is clicked, it may not be possible to close the screen, or it may require repair or the assistance of an expert, which violates the element of 'anti-intention' in the crime of computer virus." The argument for the "crime of unauthorized electromagnetic record supply" remained unchanged.

The defense lawyer from the Yokohama Park Law Office, who represented the two men, believed that the non-prosecution disposition was an attempt to confuse the public opinion, stating, "Although there was a crime, not prosecuting this time tries to confuse the public. Even though the prosecutor believes they are guilty, choosing a non-prosecution disposition in individual cases is a way for the prosecutor, as a legal professional, to avoid social criticism." The defense lawyer criticized the prosecutor for this.

Code

The program is the following JavaScript code:

for ( ; ; ) {
  window.alert(" ∧_∧ ババババ\n( ・ω・)=つ≡つ\n(っ ≡つ=つ\n`/  )\n(ノΠU\n何回閉じても無駄ですよ~ww\nm9(^Д^)プギャー!!")
}

window.alert can receive a specified string and display a dialog box with an OK button. After clicking the OK button, the dialog box can be closed. This program is an infinite loop, so after closing the dialog box, another dialog box will appear again. This behavior continues until the user closes the browser tab.

window.alert cannot execute any other processing until the dialog box is closed, so this program does not have any impact on the browser. Therefore, it is not a "browser crasher" but a "prank program."

For most PC browsers, simply closing the tab can stop this program. Moreover, current browsers have an option to "stop showing dialog boxes" if an alert appears more than once, which can stop the continuous popping up of dialog boxes.

Reactions

This incident has caused a significant reaction both domestically and internationally.

On March 5, 2019, Smiley Kikuchi, a Japanese comedian, wrote on Twitter under the assumption of cybercrime, "A first-year junior high school girl can commit a crime on the internet so easily, it feels like a game. How can adults prevent such a reality?" Many criticisms followed.

Later, he mosaic-ed a tweet from Hiroaki Takagi, a Japanese cybersecurity expert, and commented, "It's unreasonable to say that this is not a crime." This sparked another heated discussion on Twitter. The next day, he wrote on Twitter, "The Hyogo Prefectural Police and the court are already dealing with the case. If the prosecutor and the court determine it to be a false accusation, I am willing to apologize directly to the three defendants," in an attempt to calm the situation. He later deleted all related tweets.

On March 6, 2019, Brendan Eich, the creator of JavaScript, wrote on Twitter, "Netscape 4, ten years before the first version of Chrome, already allowed users to close an infinite loop in JavaScript. I have decided to be an expert witness in this case. This is not a computer virus and should not be treated as a crime." On March 9, the Electronic Frontier Foundation also tweeted, "An infinite loop is not a crime."

On March 8, as a protest against the police action, the original code was publicly released on GitHub with the goal of being arrested. The repository is named lets-get-arrested. When the Hyogo Prefectural Cybercrime Countermeasures Division was asked about this by NETIB-NEWS, they responded, "Can you say the same thing about your own child?"

Supplement and Personal Opinion

From this incident, it can be seen that the definition of the "crime of unauthorized electromagnetic record supply" is ambiguous, leading to many gray areas. Moreover, it is absurd to turn a browser-side infinite loop into a criminal charge.

In addition, the issues mentioned in lets-get-arrested in the article are quite amusing, and I think the criticisms are spot-on.

For example, someone asked how to get arrested in Japan, saying that when they were in Roppongi, they saw four very drunk people trying to cross the road, and one of them walked in the middle of the road and was honked at by a taxi. As a result, that person kicked the taxi in anger and went into a rage in the middle of the road. Later, a police car arrived, but the police seemed to do nothing and just left without making any arrests.

Someone asking how to get arrested in Japan on GitHub

The author replied, "Yes, writing an infinite loop in Japan is a more serious crime than kicking a taxi and going into a rage on the road."

Author's response

Prev

Integrate Sentry's Web Vitals into Slack.

Next

Toxic comments on the internet

If you found this article helpful, please consider buy me a drink ☕️ It'll make my ordinary day shine✨

Buy me a coffee

作者

Kalan 頭像照片,在淡水拍攝,淺藍背景

愷開 | Kalan

Hi, I'm Kai. I'm Taiwanese and moved to Japan in 2019 for work. Currently settled in Fukuoka. In addition to being familiar with frontend development, I also have experience in IoT, app development, backend, and electronics. Recently, I started playing electric guitar! Feel free to contact me via email for consultations or collaborations or music! I hope to connect with more people through this blog.