The national press have covered each new development in detail. Police have felt pressure and responded with uncharacteristic speed.
In December the NPA offered ¥3 million (US$32,000) for information about the individual behind the high jinks, its first-ever reward for a hacker. The agency's wanted posters, ever-present in Japanese train stations and post offices, usually feature a blurry image of a hooded figure, snipped from security camera footage, with a list of crimes and birthmarks. But the hacker poster was something new - its only picture is a pair of cartoon hands on a laptop, followed by a long block of text detailing technical skills including C# programming and the use of a "Syberian Post Office," a tool for making online postings anonymously.
Earlier this month, before the latest arrest, the NPA released an "emergency program" for battling cybercriminals, specifically mentioning its failures in the hacking case as motivation. New measures include police officials "joining hacking communities" and forming relationships with hackers to glean information, as well as figuring out how to peg criminals who use tools like Tor.
It is still unclear if police have their man in Katayama, though officials have said they possess irrefutable proof. He has steadfastly denied being the mastermind behind the cyberattacks, citing his lack of ability as proof.
"If you compare the skills of the 'actual criminal' and Katayama, it's obvious he is far more talented than Katayama. It is clear if you look at Katayama's abilities that he is not the criminal here," the suspect's lawyer told reporters.
The program used to take control of remote computers and post threats online, "iesys.exe," was custom-built in the C# programming language, and has been painstakingly analyzed by authorities. The Tokyo Metropolitan Police Department has taken the rare step of posting detailed descriptions of the software, including the classes and variables used in its source code.
"Detailed information about this virus has been made public with the intention of encouraging the public to provide further information about it," reads a special section of the department's Web page devoted to the virus.
Once it had infected a computer, the software hid in the background and periodically checked free online bulletin boards on a Japanese portal, "livedoor," for commands from its controller. These included instructions to turn keylogging on and off, upload and download files, and post messages to other bulletin boards.
Authorities have discovered multiple versions of the Windows program in the wild, according to reports, and those who have analyzed them say they are complex and unique. Security firm Trend Micro has rated the code's "damage potential" as high, and says users must manually modify their computers' registries to get rid of it.
Sign up for Computerworld eNewsletters.