NHK 'Digital Tattoo' Episode 1: IT Technology & Law
The IT technologies and legal procedures featured in the NHK Saturday drama “Digital Tattoo” are, of course, somewhat dramatized and simplified for television, but they are indeed used in real-life situations for reputational risk management.
The highlight of the first episode is probably the scene where the identity and address of “Lunar Eclipse Mask”, who made a death threat against the protagonist YouTuber Taiga (played by Mr. Koji Seto), are revealed on an anonymous message board. In this article, we will explain the IT technologies and legal procedures introduced in the first episode, focusing on this scene.
The Identity of ‘Lunar Eclipse Mask’ and the ‘God’s Eye’ Administrator
“When I analyzed the images posted by ‘Lunar Eclipse Mask’, I found images with the same wallpaper… Look.”
“Oh, the mask (hanging on the wall of the room) is the same.”
“This guy’s handle name is Jesus. He runs an anonymous blog called ‘God’s Eye’.”
NHK Saturday Drama ‘Digital Tattoo’ Episode 1
Taiga, a YouTuber, searches for fragments of information on the internet to identify the ‘Lunar Eclipse Mask’, who is making death threats against him on an anonymous bulletin board. This is not purely an IT technique or a legal measure, but a method called ‘social engineering’, which involves ‘exploiting human psychological weaknesses and mistakes in behavior to obtain personal secret information’. In reality, it is one of the important means to solve incidents on the internet.
In the drama, the wall (the wall where the mask is hanging) which is the background of the photo uploaded by ‘Lunar Eclipse Mask’ matches the wall of the room of the ‘God’s Eye’ administrator, which is uploaded in the anonymously run blog ‘God’s Eye’. From this, it is clear that ‘Lunar Eclipse Mask’ = ‘God’s Eye Administrator’.
The behavior of this ‘Lunar Eclipse Mask’, that is, the act of ‘including a distinctive part of one’s room (the mask) in the background of the photo uploaded to the anonymous bulletin board’ is a bit ‘careless’, but in actual crime-solving situations, there are not a few cases where the ‘culprit’ is identified based on similar careless behavior.
Investigation of the whois Information of the “God’s Eye” Administrator
“So, I looked up this guy’s domain with @whois, but as expected, it was anonymous.”
As above
Next, Taiga attempts to identify the operator of “God’s Eye” based on the assumption that “Lunar Eclipse Mask = God’s Eye Operator”. The first step was to investigate the whois information related to the domain of God’s Eye.
Custom Domains and Whois Information
“God’s Eye” was a site operated using a so-called custom domain. When acquiring a custom domain, the domain acquirer must register their address and name in a database called “whois” and make it public to the world.
For more information on identifying the administrator of a custom domain, please refer to another article on our office’s website.
https://monolith.law/reputation/whois[ja]
Whois information can be verified using web services for reference, such as “ANSI Whois”. In the drama, Taiga used a fictional web service called “@whois” to conduct a similar investigation.
What is an Anonymous Domain Registration Service?
However, there is also something called an anonymous domain registration service in this world. This is a service provided by custom domain sellers, or so-called domain registrars, for people who want to acquire a custom domain but do not want to make their address and name public.
In the case of domains registered using this service, the information registered as whois information is not the information of the individual who acquired the domain, but the information of the domain registrar. Therefore, even if you refer to the whois information, you cannot obtain the information of the domain registrant.
Analyzing the Allocation ID Information of “God’s Eye” Access Analysis
When identifying the operator of an anonymous site on the internet, even if there is no information within that site (let’s call it Site A), you can:
- First, find other sites (let’s call it Site B) operated by the same person as Site A
- Investigate whether the operator’s name and address can be identified on Site B
These are possible measures. If Taiga determines that there is no information found within “God’s Eye” (Site A), he will next search for other sites (Site B).
Access Analysis Service and Allocation ID
“So, when I checked the access analysis tool of his homepage, I found out the allocation ID. When I searched for his ID using ExDB, I ended up on a site of a VTuber named Tomochin.”
As above
What Taiga used as a “key” here is the allocation ID of the access analysis service. Access analysis services often provide allocation IDs for each user to meet needs such as “I operate multiple sites and want to comprehensively check the access information of each site on the access analysis service”.
For example, our firm uses “Google Analytics”, which can be said to be the de facto standard of access analysis services. The code for “Google Analytics” that our firm embeds is:
gtag(‘config’, ‘UA-42806097-2’);
It means something like this.
This means “the second site of the user ‘UA-42806097’. In other words, by reading this code, you can make the following hypothesis:
The operator of Monolith Law Office operates at least one other site, “UA-42806097-1”.
Investigation by “SpyOnWeb”
The site “SpyOnWeb” investigates and records the “Google Analytics” ID for each website on the internet.
By using this service, for example, you can obtain information such as a list of sites operated by the user “UA-42806097”.
The site “UA-42806097-1” is the personal site of our firm’s representative lawyer.
In the drama, Taiga uses this method with a fictional web service called “ExDB”, and discovers that the same allocation ID as “God’s Eye” (Site A) is also posted on the site of VTuber “Tomochin” (Site B). Therefore, it is highly likely that the operators of these two sites are the same.
Identifying Affiliate ID, Name, Address, and Bank Account
Next, Taiga investigates whether it is possible to identify the operator of Site B. What caught his eye was the fact that “Tomochin’s site has affiliate advertisements.”
Personal Information of Site Operators and Affiliate Advertisements
“However, this site has affiliate advertisements.
As above
(omitted)
To receive this advertising fee, it is necessary to register a bank account, and the user must apply with their name and address.”
In simple terms, affiliate advertisements work in such a way that “when a user viewing the site clicks on a banner, etc., the affiliate reward is transferred to the site operator’s bank account.”
Therefore, in order to use affiliate advertisements, the site operator must provide their personal information, at least their bank account, to the provider of the affiliate service.
Consequently, by analyzing the affiliate advertisements (or more precisely, understanding the affiliate network and investigating which company is ultimately transferring money to B’s operator’s bank account), it is possible to find out “which company has the bank account information (and other personal information) of B’s operator.”
Once this information is known, all that remains is to have the company disclose the information of the B operator (i.e., the A operator). However, this disclosure request is not easy. For the company, this information is the personal information of their client, and they are reluctant to disclose it to the general public (or their lawyers). Taiga decided to ask for help from the double protagonist, lawyer Iwai (Mr. Katsumi Takahashi), and suspended the investigation at this point.
Disclosure Request by Bar Association Inquiry (Article 23 Inquiry)
“But they won’t tell me if I ask. That’s where the uncle comes in. If the uncle has a lawyer’s qualification, he can get the information through an Article 23 inquiry.”
As above
Lawyers have a privilege, so to speak, that only they can use, which is the Bar Association Inquiry, also known as the “Article 23 Inquiry”. This is a system where the lawyer does not make a disclosure request to the company as an individual, but requests the Bar Association to make a disclosure request in the name of the Bar Association.
https://monolith.law/reputation/references-of-the-barassociations[ja]
Taiga asked lawyer Iwai to take on this case and conduct a Bar Association Inquiry (Article 23 Inquiry) for the case. This inquiry was successful, and lawyer Iwai was able to identify VTuber Tomochin (operator of B) = “God’s Eye” operator (operator of A) = Lunar Eclipse Mask.
Click here for a detailed explanation of “Digital Tattoo[ja]“
Summary
Of course, in reality, it is rare to use such a large combination of measures, and it is also rare for all the measures taken to be successful.
However, in the actual scene of reputational damage control, it is extremely important and indispensable to identify site operators in a certain “hybrid” method that combines IT technology and legal measures.
That’s why reputational damage control is quite difficult unless you are well versed in both IT and law.
Category: Internet