On February 12, 2024, a series of bomb threat emails purportedly from an individual named "Takahiro Karasawa" targeted government agencies and schools across the Philippines, causing widespread fear and temporary shutdowns, although these threats were later determined to be hoaxes.
The Philippine National Police and the National Bureau of Investigation, with international cooperation from Japan's police attaché and other law enforcement bodies, are conducting an in-depth investigation into the incident, which has been linked to a complex web of cyber deception extending beyond Philippine borders.
The investigation traced the bomb threat emails to a hotel in Japan, highlighting the use of Japan-based or compromised servers to obscure the true source of the threats, suggesting an intricate connection to Japan and indicating the involvement of the Cybercrime Investigation and Coordinating Center (CICC) in the investigative process.
Undersecretary Jeffrey Dy revealed that this incident is part of a pattern, marking the third series of bomb threats under the alias "Takahiro Karasawa" and emphasizing international collaboration in the investigation, particularly with Japan-CERT, to address these cyber threats.
The alias "Takahiro Karasawa" was previously used by a 24-year-old Chinese student in Taiwan for similar bomb threat hoaxes, suggesting a pattern of disruptive cyber activities with potential geopolitical implications and raising questions about the involvement or implied approval of Chinese authorities in such operations.
Philippines responds to bomb threat hoaxes
Unmasking Takahiro Karasawa
At a glance
On February 12, 2024, a disturbing series of bomb threat emails targeted various government agencies and schools throughout the Philippines, inciting fear and leading to temporary closures and heightened security measures. The sender, who identified himself as "Takahiro Karasawa," claimed expertise in bomb-making and threatened the detonation of high-performance explosives in key Philippine government buildings. These threats, which bore an anarchistic message, were later debunked as hoaxes after thorough investigations by local police forces revealed no evidence of any actual threat.
The sender's message ominously ended with "Power to a voiceless voice," a statement that led to the suspension of classes and government operations in affected areas.
Despite the fear and disruption caused, investigations by the Philippine National Police quickly determined that these bomb threats were unfounded. The National Bureau of Investigation (NBI) has been tasked with conducting a deeper investigation into these incidents in collaboration with Japan's police attaché and other international law enforcement bodies, given the suspect's apparent connections to Japan.
In a swift response to bomb threat hoaxes across the Philippines on February 12, 2024, the DICT traced the source to a hotel in Japan, implicating the alias "Takahiro Karasawa." Investigations revealed a complex cyber deception with ties to a Chinese student known for similar hoaxes in Taiwan. This case, involving international cooperation with Japan's CERT and law enforcement, highlights the global challenge of cybercrime and the importance of vigilance and international collaboration in cybersecurity efforts.
Adding a significant twist to the narrative, Undersecretary Jeffrey Dy provided valuable insights into the investigation's direction and its international implications. Usec Dy confirmed that the bomb threat emails were traced back to a hotel in Japan, suggesting a complex web of cyber deception that extends beyond Philippine borders. He elaborated on the investigative process, highlighting that the Cybercrime Investigation and Coordinating Center (CICC) had been actively involved in unraveling the case.
Undersecretary Jeffrey Dy provided further context to the investigation, emphasizing the complex international dimensions of the case. According to Usec Dy, the detailed analysis of the email exchange servers used by "Takahiro Karasawa" suggests a deliberate use of Japan-based servers, or possibly compromised servers, to mask the true origin of the threats. "Based on the technical evidence gathered, including the specifics of the email exchange server utilized by the alias Takahiro, it's clear that there's a connection to Japan—whether through the use of a Japan-based server or a compromised server acting on behalf of the email sender," Usec Dy explained. He further detailed the collaborative efforts with the Japan-Computer Emergency Response Team, emphasizing the submission of detailed incident reports on the bomb threats received over the past year. Usec Dy added that this marks the third series of bomb threats under this alias, prompting a coordinated response with Japan-CERT and a comprehensive investigation by the CICC. Usec Dy's revelations underscore the Philippine government's commitment to international cooperation in cybercrime investigations, highlighting the complexities of cyber threats in a globalized context.
DICT Undersecretary for Infostructure Management, Cybersecurity and Upskilling Jeffrey Ian C. Dy said the DICT leads the charge in uncovering the origins of cyber threats, showcasing the agency's pivotal role in international cybercrime investigations. DICT experts bridge technological insights with global cooperation, highlighting the country's commitment to safeguarding national security against evolving cyber threats.
The backstory of "Takahiro Karasawa" grows even more intricate upon uncovering its link to a 24-year-old Chinese student in Taiwan known as Zhang. Upon searching the web about Takahiro Karasawa, an article from the Taipei Times shows that Zhang previously used this alias in a series of bomb threat hoaxes that disrupted public safety and transportation within Taiwan. The Taipei Times further said that these actions, which remain unaddressed by Beijing despite requests for cooperation, suggest a deeper layer of geopolitical manipulation, potentially indicative of "gray-zone operations."
The report continued that Zhang's ability to perpetuate these hoaxes from within China, despite the country's stringent internet controls, raises questions about Chinese authorities' tacit approval or involvement. This historical context adds a layer of complexity to the current situation in the Philippines, suggesting that using the "Takahiro Karasawa" alias in bomb threat hoaxes may be part of a larger pattern of disruptive cyber activities with potential state-level implications.
As the NBI, the PNP Anti-Cybercrime Group, and the DICT-CICC, in coordination with international partners, dig deeper into this investigation, the Philippine government advises the public to remain vigilant and proactive in reporting suspicious activities. This incident reflects the challenges of cybercrime in the digital age and the importance of international collaboration in addressing security threats that transcend national boundaries.