25/09 EDITORIAL: Work together to enhance Japan's defenses against cyber-attacks

2011/09/25

A number of Japanese defense contractors have been targeted by large-scale cyber-attacks from overseas.

Among those was Mitsubishi Heavy Industries Ltd., Japan's largest defense company, where some 80 computers and servers were infected with computer viruses. One was a remotely controlled program designed to leak internal information.

The incident appears to have been a "targeted attack," a type of hacking becoming increasingly common around the world. In such an attack, spyware or other malicious software ("malware") designed to collect information about users without their knowledge is implanted in the servers of specific organizations or individuals via e-mail.

The number of reported malware attacks has increased sixfold in the past four years, according to the Ministry of Economy, Trade and Industry. In the latest series of cyber-attacks against the defense industry, some 900 individual cases have been reported to the National Police Agency so far.

Given the scale and sophistication of the hacking, it is clear that the government and businesses need to take urgent measures to protect their computer systems.

Yet despite the long-known dangers involved in such targeted attacks, both the government and private companies have been alarmingly slow to respond.

One major factor behind the lag is the tendency among Japanese companies to avoid publicizing the fact they have been targeted by hackers, and to try dealing with cyber-attacks in secret instead.

This reluctance to report attacks to the authorities, due mainly to the companies' fear that such a revelation may weaken public confidence in them, has made it difficult for governmental entities and the police to get a clear picture of the problem.

Defense contractors are different from other companies in that they have access to classified information from Japanese and foreign militaries, even though they are part of the private sector.

Yet there is no provision that clearly gives the Defense Ministry or any other part of the government the legal powers required for an effective policy response. It is left to individual companies to protect their information networks.

Companies that have become victims of cyber-attacks should cooperate with police and the government in finding out how their systems were penetrated, and should use the experience to strengthen society's defenses against such intrusions.

Japan can learn a lot from the efforts of the United States, which has experienced various cyber-attacks against its government and private companies.

In May, the Defense Department launched an experimental system that allows the Pentagon and defense contractors to share confidential information concerning cyber-attacks.

Japan has started to take steps forward. In August, the National Police Agency began to operate a network to share relevant information with some 4,000 private-sector companies that could potentially be targeted by hackers.

Computer networks are indispensable not only for the defense industry, but also for many other industries, including financial systems and public transportation.

Unless effective measures to defend industries against hacking are established, society will remain seriously vulnerable to hacker attacks that can cause enormous damage.

With cyber-attacks becoming increasingly sophisticated, it is naturally important to develop the technologies and human resources needed to counter them. But it is also vital to establish a system that enables the swift sharing of information, underpinned by a powerful monitoring network.

The ability to immediately identify new hacking techniques or methods as they emerge can help prevent attacks and damage being done to a large number of victims.

The government should take the lead in efforts to expand necessary cooperation between the public and the private sectors, as well as between domestic companies and the international community.

--The Asahi Shimbun, Sept. 24

23/09 Japan PCs 'joined' ROK cyber-attacks

The Yomiuri Shimbun

At least two computer servers and a personal computer in Japan were among 746 computers in 70 countries that were used in extensive cyber-attacks in South Korea in March, the National Police Agency said Thursday.

The two servers are owned by small and midsize enterprises in Hokkaido and Kagawa Prefecture, respectively, while the personal computer is owned by a man in Tokyo.

The Hokkaido server and Tokyo computer were to have been found infected with viruses called "bot," which enables the sender to control other computers.

The server in Kagawa Prefecture was not infected with these viruses but was used in the attacks.

As servers and PC owners often fail to notice their machines have been infected with a virus, the NPA has urged computer owners and servers to tighten security measures.

The attacks affected 40 South Korean Web sites, including those operated by governmental organizations and financial institutions, the NPA said. The agency has been investigating Japanese servers and PC owners after receiving a South Korean request through Interpol.

For three days until March 5, Web sites of South Korea's Blue House presidential palace, military forces, Foreign Affairs and Trade Ministry, and securities companies suffered access problems because of denial of service, which occurs when an enormous quantity of data is sent simultaneously or over a short period of time.

According to the NPA, South Korean authorities located about 100,000 computers that had sent a huge quantity of data by analyzing communication history logs.

The authorities further located computers in 70 countries that directed these computers on when and what they would attack.

Three points of origin were detected in Japan.

The personal computer in Tokyo was connected to the Internet around the clock but did not have antivirus software installed, making it vulnerable to outside intrusion.

Those directing the cyber-attacks could face charges of forcible obstruction of business under South Korean law.

However, the owners of computers used in the attacks do not face charges as their computers were manipulated by others.

The NPA said North Korea is believed to be behind the attacks.

(Sep. 23, 2011)

21/09 Chinese used in MHI cyber-attack

The Yomiuri Shimbun

Chinese language was found in one of viruses used in the recent cyber-attacks on Mitsubishi Heavy Industries, Ltd., it was learned Tuesday.

A total of 83 servers and personal computers of the machinery maker have been infected with viruses in the cyber-attacks, which originated outside the company.

On a screen for an attacker to remotely control the infected PCs, simplified Chinese characters used in China were employed, sources said.

As the possible involvement of a person or people with deep knowledge of Chinese language is suspected, the Metropolitan Police Department now considers it an international espionage case. The MPD is investigating the case as a violation of the Law on the Prohibition of Unauthorized Computer Access, among other charges.

The viruses confirmed to have infected the MHI servers and PCs included a Trojan horse virus, which allowed senders to gain access to infected PCs. The sender can then transmit information from the infected machine to their computer.

According to the sources, an information security firm that copied and analyzed the virus discovered the simplified Chinese characters on screens used by the senders.

The Chinese characters include those for "automatic" (meaning automatic access), "catch" for the function to remotely control infected PCs, and two Chinese characters that mean "video" or "image," the sources explained.

As it would be very difficult for those who do not understand the Chinese language to control the virus, the MPD suspects involvement of a person or people well-versed in Chinese.

Regarding spear attacks, which target specific people or companies to steal information from them, the MPD analyzed 29 such e-mails reported between January and June. Of those, 14 had viruses forcing the infected PCs to access to servers in China.

However, a security specialist warned it is still not possible to conclude that China was involved in the attacks.

"The perpetrator or perpetrators may intentionally use Chinese to disguise the attacks as Chinese," said Prof. Motohiro Tsuchiya, an expert on information politics.

"However, the number of cyber-attacks from China targeting classified information have reportedly been increasing and the United States is also on alert. It is important for attacked companies to disclose the facts of attacks and share their experiences to allow others to share risk information," he said.

(Sep. 21, 2011)