CHINESE BEHIND HACKER ATTACKS ON JAPAN?
In September 2011, Mitsubishi Heavy Industries, Ltd. (MHI) came under cyber-attack by unidentified hackers who are believed to have stolen confidential data from run by the company, a major machinery maker and Japan’s largest weapons maker and producer of nuclear power plant equipment. [Source: Yomiuri Shimbun. September 21, 2011]
About 80 servers and computers at MHI factories, including those used to build state-of-the-art submarines, missiles and nuclear power plants, have been infected with computer viruses, according to the sources. Among the facilities targeted, according to Self-Defense Forces and MHI sources, were the company’s Kobe shipyard, which produces nuclear power plants and submarines, a Nagasaki facility that manufactures SDF destroyers and a factory is responsible for producing guided missiles used to intercept ballistic missiles, as well as rocket engines, essential for the promotion of space development.
Chinese language was found in at least one of viruses used in the attacks. The Yomiuri Shimbun reported, “The viruses confirmed to have infected the MHI servers and PCs included a Trojan horse virus, which allowed senders to gain access to infected PCs. The sender can then transmit information from the infected machine to their computer. According to the sources, an information security firm that copied and analyzed the virus discovered the simplified Chinese characters on screens used by the senders. The Chinese characters include those for "automatic" (meaning automatic access), "catch" for the function to remotely control infected PCs, and two Chinese characters that mean "video" or "image," the sources explained. As it would be very difficult for those who do not understand the Chinese language to control the virus, the MPD suspects involvement of a person or people well-versed in Chinese.
The attack on MHI is regarded as a spear attack, in which specific people or companies are targeted to steal information. There have been other such attacks. In 2009, a group of Chinese hackers launched “Night Dragon” attacks on Japanese energy companies stealing data on oil fields around the world and other information. In 2010, computers at Japan’s economy and trade ministry were infected with e-mail-sent viruses. Between 2009 and 2011, more than 170 spear e-mails were sent to the National Police Agency, at least of which are though to have originated in China.
The were other attacks on Japanese companies. An attack on Toshiba in July may have resulted in the leak of 7,500 customers information. The U.S. government expressed “concern” over the attacks. The Yomiuri Shimbun newspaper called the attacks in MHI an “act of war.”
Services to Japan’s National Police Agency website was temporarily interrupted between July 10 and July 11 2011 as the apparent number of users accessing the website surged to about 20 times the normal level. A month or so later the NPA said that more than 90 per cent of cyber attacks on its website carried out overnight on July 10 originated from Internet Protocol addresses in China. The findings came after the NPA determined that similar attacks on its website last September were mostly attributable to Chinese IP addresses. [Source: PTI, August 29 2011]
The NPA said there was writing on an Internet message board in China calling for attacks on the NPA website. The message referred to an incident in which Japanese Air Self-Defense Force fighter jets scrambled in response to the flight of a Chinese reconnaissance plane near the disputed Senkaku Islands, it said. The message board also had posts calling for the websites of Japan's Defense Ministry and Finance Ministry to also be targeted. The Finance Ministry website came under attack on the night of July 12, with some interruption to viewing of the site.
Fifty Viruses Found in Defense Contractor Mitsubishi Heavy Industries Computers
In October 2011, the Yomiuri Shimbun reported: “Computers at Mitsubishi Heavy Industries, Ltd., which was recently found to have been hit by cyber-attacks, had been infected with more than 50 viruses, it has been learned, rekindling concerns about the defense contractor's security measures. According to sources, one MHI computer was infected with as many as 28 different viruses, including one that has been publicly known as a risk for more than seven years. The company could have prevented some of the infections if antivirus software had been properly installed on its computers. [Source: , Yomiuri Shimbun, October 12, 2011]
According to the sources, MHI is analyzing 83 servers and computers found to have been infected with viruses. The machinery maker announced it had found cyber-attacks with eight types of viruses In September and October 2011. However, more than 50 types have been detected so far, the sources said. Among the 28 viruses that infected one MHI computer was Agobot, a type that allows an attacker to collect information from an infected computer. A virus alert about Agobot was issued in April 2004.
That particular computer was also hit by two other types--Gumblar, which alters Web sites and then infects computers used by the site's visitors, and SpyEye, designed to steal bank account numbers and passwords. Warnings about the two viruses were issued in December 2009 and July this year, respectively. Norihiko Maeda, a researcher at antivirus software company Kaspersky Labs Japan, said many of the viruses that hit the MHI computer could have been detected if antivirus software on the computer had been upgraded appropriately.
A computer of Nagoya Guidance and Propulsion Systems Works--an MHI group firm based in Komaki, Aichi Prefecture, that makes missile-related products--was infected in January when one of its employees opened a virus-carrying e-mail disguised as a New Year's greeting from an acquaintance, according to the sources. The e-mail's immediate source was reportedly a server in Taiwan. The virus was capable of creating another virus after infecting a computer. Because it was a type that antivirus software could not detect, MHI did not recognize the infection until September, after it was found to have been targeted by other cyber-attacks.
Information on a domestically developed air-to-ship missile may have been leaked in cyber-attacks on Mitsubishi Heavy Industries, Ltd., according to sources close to the case. The information on the Type 80 missile is suspected to have been leaked in one of the about 300,000 illegal accesses to the server installed at MHI's Nagoya Guidance and Propulsion Systems Works in Komaki, Aichi Prefecture, the sources said. [Source: Yomiuri Shimbun, October 13, 2011]
In November 2011, MHI announced its investigation had found "there had been no leak" of defense equipment information that was to be protected in line with its contracts with the Defense Ministry.
Infected Server Leaked Mitsubishi Nuclear Plant Data
On November 2011, the Yomiuri Shimbun reported: “Sensitive design and other information on nuclear power plants was leaked during cyber-attacks that targeted major defense contractor Mitsubishi Heavy Industries Ltd., it has been learned. According to informed sources, there are signs that data was transmitted outside the company's computer network from two servers infected by a virus during the attacks. Data from noninfected servers that had been covertly shifted to the infected computers also might have been leaked, the sources said. [Source: Yomiuri Shimbun, November 11, 2011]
Most of the leaked information involved design plans for nuclear plants and other equipment, leading some observers to believe the attacks were targeting civilian intellectual property. According to the sources, one of the infected servers stored information about defense-related equipment produced by MHI, while the other mainly held nuclear plant-related data. Information from both servers had been transmitted to external sites, although far more data had apparently been sent from the server storing the nuclear plant details.
The infected servers that transmitted data to external sites also stored information from clean servers. The hackers apparently used stolen passwords to shift data between the servers, the sources said. According to MHI, the company designed and constructed all 24 pressurized water reactors in Japan.
Mitsubishi and Kawasaki Heavy Industries Cyber-Attacked by the Same Hacker
The Yomiuri Shimbun reported: “Police increasingly believe the same hacker was responsible for the recent cyber-attacks on Mitsubishi Heavy Industries Ltd. and Kawasaki Heavy Industries Ltd. A computer virus found in the attack on Kawasaki Heavy Industries, which was sent by e-mail through a computer at the Society of Japanese Aerospace Companies (SJAC), forced infected personal computers to access a Web site in the United States, sources close to the issue said. Police have found that infected PCs at Mitsubishi Heavy Industries were made to access the same Web site. [Source: Yomiuri Shimbun, October 17, 2011]
The police suspect the hacker used the U.S. site as a so-called springboard, via which the attacker manipulated computer terminals from the outside. Springboards refer to PCs and computer servers used as communication relay points by cyber-attackers to prevent their originating port from being identified. In such attacks, PCs and other equipment with lax security are infected with computer viruses and operated unbeknownst to their owners In March, about 40 Web sites of South Korean government organizations and other entities were cyber-attacked, and PCs in Japan were used as springboards. This technique is often used across national borders.
According to the sources, Kawasaki Heavy Industries received e-mails whose senders posed as SJAC officials and member company employees at least three times from June to August. Police analyzed viruses hidden in the e-mails and found they contained programs that force infected PCs to access Web sites and exchange data. The police discovered the Web site involved in this case had an Internet protocol address registered in California.
The virus confirmed to have been used in the attacks against Mitsubishi Heavy Industries performed the same function. In addition to the California-registered site, infected computers had communicated with Web sites in Japan and other countries including China and India. The U.S. site was likely to have been infected with viruses and manipulated by someone from the outside, investigators said.
A hacker stole e-mail addresses from the Society of Japanese Aerospace Companies (SJAC), which lists executives of defense contractors as its directors, and then retrieved the contents of e-mails from Kawasaki Heavy Industries Ltd., the sources said. The culprit apparently did this by using a virus planted on the computer of an international telephone service company. Both Mitsubishi Heavy Industries and Kawasaki Heavy Industries are members of SJAC. [Source: Yomiuri Shimbun, October 16, 2011]
The sources said the e-mail used in the attack on Kawasaki Heavy Industries was sent in the evening of Aug. 26 under the name of a SJAC executive from a major electronics manufacturer. The e-mail was titled, "Prior distribution of documents," and included a file attachment called, "Comments on lump sum procurement." The text of the e-mail was mostly copied from an e-mail the executive actually sent to other officials about 10 hours before the fake e-mail was sent.
The Metropolitan Police Department and other concerned authorities assume the hacker aimed to spread the virus throughout the defense industry through SJAC. The police investigation found that the personal computer of one official who received the e-mail was infected with the virus. Some information was found to have been stolen, they said. Kawasaki Heavy Industries suffered similar attacks in June and July. In both cases, the hacker posed as an official of a company in Kanagawa Prefecture that manufactured aircraft parts.
The fake e-mail this time was sent via an international telephone service company in Chuo Ward, Tokyo. The police checked the company's computer and found it was infected with a computer virus and that it was used by the hacker to provide false identification. The police also found the company's computer had sent transmissions to the SJAC's server without the knowledge of the society officials. They found that the SJAC's computer had been infected with the virus a long time ago and assumed e-mail contents and other data had been stolen over the same period. A senior police official said, "The hacker targeted the industry association, which has inadequate security. We assume the hacker attempted to use it to spread computer viruses throughout the nation's defense industry." The SJAC has 91 member companies, including aeronautics- and space-related companies, and is supported by 49 other companies, such as trading firms importing defense equipment.
The New York Times reported: “The reports raised concern in Washington since the contractors, which included Mitsubishi Heavy Industries, produce advanced American-designed weapons systems like the F-15 fighter jet. American security officials have already had doubts about Japan’s ability to handle sensitive information since a Japanese Navy officer was arrested in 2007 for leaking classified data on the American Navy’s advanced Aegis radar system. Japanese officials have apparently struggled to identify the source of the earlier attacks, which came from servers scattered across several nations, including China, Hong Kong and the United States. However, the assumption here seems to be that they originated in China, especially after media reports that investigators had found digital traces that one of the screens used to begin the attacks was written in the simplified Chinese characters used in mainland China. China has strongly denied having a hand in the earlier attacks. [Source: Martin Fackler, New York Times, October 25, 2011]
Virus Infects Computers in Japan’s Parliament
In October 2011, Martin Fackler wrote in the New York Times: “Computers in Japan’s Parliament have been found to be infected with a virus, officials said, the latest in a series of mysterious cyberattacks that have raised concerns about the leakage of sensitive information. Personal computers used by three members of the lower house, as well as possibly a computer server, were infected by the virus, the top government spokesman, Chief Cabinet Secretary Osamu Fujimura, told reporters. Local media reports said the virus apparently had been used to hack into computers sometime in the past three months. The reports said log-in information and e-mails may have been stolen. [Source: Martin Fackler, New York Times, October 25, 2011]
Media reports said one of the three lawmakers opened an e-mail attachment that released the virus. Japanese officials gave no indication of who might have been behind the latest attacks, or what the hackers might have been after. He said that a full investigation of the latest breach is now under way. NHK reported: “Lower House officials say they were notified in late August that PCs connected to the chamber's computer network were infected with a virus. It was later found that PCs used by 3 lawmakers had been infected.
In November 2011, the Yomiuri Shimbun reported: “The computer virus used in recent targeted attacks against state-funded computers used by House of Representatives lawmakers also likely infected computers provided to members of the house of Councillors, it has been learned. The inbox of the mail address to which the virus transmitted information from the infected computers of lower house members also contained information linked to upper house members, according to informed sources. This suggests these upper house members' computers also were infected. [Source: Yomiuri Shimbun, November 3, 2011]
According to the sources, the virus sent to lower house members' computers was designed to have an infected PC transmit data to outside parties. One of the delivery addresses belonged to a free e-mail service offered by an Internet company in the United States. The in-box folder of this address contained several hundred e-mails sent in early August and later. The senders' mail addresses included those of two upper house members and one lower house member, the sources said. Other data apparently stolen by a hacker--likely to be message subjects or mail texts--was found in a coded form, the sources said.
A total of 700 computers loaned to upper house members are linked to the chamber's information network. Each member is allocated three PCs. On Oct. 28, three days after the infection of the lower house computers came to light, the upper house secretariat started urging its lawmakers to change their personal IDs and passwords. This was initially explained as being a precaution. While most messages found on the transmission and reception screen of the destination mailbox were written in Japanese, a simplified Chinese character meaning "transmission completed" also was found.
Japanese Government Computers Infected
In November 2011, the Yomiuri Shimbun reported: “Personal computers at the head office and local branch offices of the Internal Affairs and Communications Ministry have been infected with computer viruses and have repeatedly been accessed by servers abroad, according to the ministry. The ministry announced that 22 PCs have been infected. The incident is similar to recently revealed cyber-attacks targeting the House of Representatives, the House of Councillors and Foreign Ministry computers. [Source: Yomiuri Shimbun, November 6, 2011]
The viruses found in the internal affairs ministry's PCs are similar to ones found in the recent cases. Although the ministry was told of the possibility of infection in mid-September, it did not conduct a full investigation into the matter until late October, when the cyber-attacks on other government entities came to light.
According to the ministry, the virus apparently reached the computers via e-mails that were sent on the morning of July 28. E-mail titles include "Documents released by the [government's] emergency disaster relief headquarters" for the Great East Japan Earthquake. The sender's name was Japanese and the mail address belonged to a free mail service.The ministry said it was still investigating whether the sender's name was legitimate. It was also checking whether the contents of the attached file were the same as those of documents from the real disaster relief headquarters.
The 22 infected PCs were from about 10 divisions of the ministry, including two local bureaus. After analyzing one PC, the ministry discovered a Trojan horse virus, which allows a person to remotely manipulate a computer. It is believed an official opened an attached file, resulting in the infection. The infected PCs include one belonging to a senior-level division chief. The infected PCs were repeatedly accessed by servers in the United States, India and Taiwan, according to the ministry. The most-accessed PC was accessed about 150 times.
The Yomiuri Shimbun also reported: “Fujitsu Ltd. computer servers connected to a system used by about 200 local governments in Honshu and Kyushu came under a cyber-attack that temporarily disrupted some public online services, the company said. According to Fujitsu, massive amounts of data were sent to the Fujitsu-operated system for the local governments' online services from about 2 p.m. in what appeared to be a distributed denial-of-service (DDoS) attack. As a result, several servers connected to the system were disabled. This made it difficult to access the local authorities' Web sites and disrupted their online services, including applications for information disclosure and for using water systems. [Source: Yomiuri Shimbun, November 11, 2011]
Fujitsu disconnected the system from the Internet at about 7:30 p.m. and halted all connections with about 20 Internet protocol addresses that had sent the massive amounts of information. The local governments' online services resumed at about 1 a.m.. However, the system came under a second attack between 2 a.m. and 3 a.m. from other IP addresses, disrupting online services again. Normal services resumed after the attack ended and Fuji tsu recovered the service.
Japanese Embassies Hit by 'Backdoor' Viruses
In October 2011, the Yomiuri Shimbun reported: “At least dozens of computers used at Japanese diplomatic offices in nine countries have been infected with viruses since this summer, it has been learned. Many of the targeted computers were found to have been infected with a so-called backdoor virus, which allows a remote hacker to gain access and steal information. Cyber-attacks against the Japanese Embassy in Seoul opened a route by which a large quantity of diplomatic information could have been sent to an outside server, according to sources. [Source: Yomiuri Shimbun, October 27, 2011]
The Foreign Ministry has launched an investigation to find out how much damage it suffered, suspecting the infection was caused by so-called spear attacks targeting the ministry's confidential diplomatic information. According to the sources, the nine countries where the affected Japanese diplomatic offices are located include Canada, China, France, Myanmar, the Netherlands, South Korea and the United States. The ministry's investigation may reveal a greater number of affected offices and infected computers.
The Japanese Embassy in Seoul realized this summer that computers and other devices used by its staff had been infected by viruses including the backdoor virus. It was found that a route had been created to allow internal information to be sent to the outside, according to the sources. The computer virus in question provides a backdoor into a computer through which a hacker can secure remote access and obtain data to use or distribute outside. The virus is said to be often used in spear attacks, which target specific people or companies to steal information from them.
The Foreign Ministry handles diplomatic secrets in a closed system and other kinds of information in an open one, but even the open system includes a network that only allows authorized accesses by users with passwords and IDs. However, this network was found to have been infected through the attacks, according to the sources. An official at the ministry's Information and Communication Division admitted that the ministry was exposed to many spear attacks in May and June, some of which resulted in virus infections of some computers. "However, we responded appropriately every time we found a virus infection," the official added. "As the Foreign Ministry is a likely target of cyber-attacks, we have been cautious about security for our systems, particularly since the revelation of the MHI case.”
China Link Found to Virus Targeting Diplomatic Offices
Yomiuri Shimbun reported: “The computer virus used in targeted attacks against Japanese diplomatic missions overseas was designed to transmit identification data and other information from infected computers to two servers in China, it has been learned. One of the two servers in China is registered at a domain that was also used in cyber-attacks against online search giant Google in 2009-2010, sources said. This and other circumstantial evidence suggests the virus is part of international espionage efforts targeting classified Japanese diplomatic information. [Source: Yomiuri Shimbun, October 29, 2011]
According to sources close to the case, the virus is called "BKDR_AGENT.MOF." The virus can make infected personal computers transmit information, such as user IDs and Internet protocol addresses, to outside parties. The virus can also forcibly activate software programs on infected PCs.
Several servers were assigned as destinations for data transmissions caused by the virus, and at least two have been found to be located in China. The two servers are registered at rental domains administered by a Chinese company. The sources said one of the domains has been involved in numerous previous cyber-attacks, including the spate of cyber-attacks known as Operation Aurora that targeted about 30 companies between 2009 and 2010. Google was one of the companies attacked.
People who wish to use the domain must fill out an online application in Chinese. Most users of the domain therefore have knowledge of the Chinese language, the sources said. It has also been discovered that the virus is designed to direct infected computers to attach codes to its data transmissions, one of which is "mofa." MOFA is a common acronym for the Ministry of Foreign Affairs, the official name of the Foreign Ministry.
Creating such a virus requires detailed information about the ministry's information-processing systems, making it possible confidential information was leaked to the attackers. The experts said a group of hackers with superior skills and knowledge likely was involved in the attacks. [Source: Yomiuri Shimbun, October 28, 2011]
According to the sources, cyber-attacks were made on computers at Japanese diplomatic offices in such countries as China, France, South Korea, the Netherlands and the United States. The same type of purpose-made virus was reportedly found at all the offices. Analysis found the virus affects only the ministry's system and creates "backdoors" in the network, enabling the hackers to operate the infected computers and steal information. Furthermore, all the affected diplomatic offices had changed to the new network connecting the ministry and overseas offices.
Since fiscal 2009, the ministry has boosted the security of the LAN, including limiting access to the network. As of the end of last fiscal year, 65 of its 204 overseas offices had completed the steps. The ministry suspects the attackers obtained information about the new network and created the special virus. The "Stuxnet" virus is widely known for targeting specific computer systems and is believed to have aimed to cripple Iran's nuclear facilities. Because Stuxnet was minutely programmed based on secretly obtained information about those facilities, computer experts believe it was created in a project involving highly skilled engineers, suggesting the involvement of a nation.
Norihiko Maeda, a researcher at the anti-computer virus service firm Kaspersky Labs Japan, said: "The latest findings suggest that carefully prepared attackers may have targeted Japan's diplomatic information.
Cyber-attack 'Stole Secret Trade Info'
In January 2012, The Yomiuri Shimbun reported: “Highly confidential documents related to sensitive trade negotiations are suspected to have been stolen from computers at the farm ministry, government sources said. The sources said a cyber-attack originating overseas is thought to have obtained more than 3,000 pieces of information, including about 20 top-secret documents on the Trans-Pacific Partnership free trade pact negotiations. [Source: Yomiuri Shimbun, January 3, 2012]
Government investigators found evidence indicating that official computers of the Agriculture, Forestry and Fisheries Ministry had been remote-controlled by and communicated with a computer server abroad. Investigators believe the attack targeted documents made just prior to an Asia-Pacific Economic Cooperation summit meeting in November 2011 and before a Japan-U.S. summit meeting in April 2012. The attacker highly likely obtained diplomatic policy information, the sources said.
According to the sources, the suspected stolen material concerned internal ministry documents created from October 2011 to April 2012. One document created before the April 2012 meeting between then Prime Minister Yoshihiko Noda and U.S. President Barack Obama contained a draft statement on the TPP drawn up in conjunction with the Foreign Ministry that was to be incorporated into a joint statement issued by the two leaders. The document also contained a summary of remarks Noda was to make during the summit meeting, as well as his schedule in the United States.
Another document, made just before an APEC summit in November 2011 when it was suspected the government would announce it would join the TPP talks, described Noda's intentions on when to join the negotiations. More than 20 of the documents thought to have been stolen are considered highly confidential, the sources said, and included a road map outlining Japan's potential participation in the TPP talks and an analysis of the impact of postponing a decision.
The documents are believed to have been moved from a personal computer issued to an official in charge of the TPP and other international negotiations to another computer, where the data was compressed to make transmission easier. This computer then allegedly communicated with a server with an Internet protocol address in South Korea. The agriculture ministry's investigation found that the attacker apparently manipulated this South Korean server. The operations screen was displayed in the Korean Hangul alphabet.
'Anonymous' Hackers Attack Japanese Government Websites
June 2012, the Yomiuri Shimbun reported: “The international hackers group Anonymous has launched a series of cyber-attacks against Japanese government websites in an operation apparently triggered by the group's displeasure with the recent introduction of stiffer punishments for illegal downloads. The Finance Ministry suspended access to part of its website after it apparently was illegally accessed, and the Supreme Court's website also suffered disruptions, according to government sources. [Source: Yomiuri Shimbun, June 28, 2012]
According to a statement posted on the Internet, Anonymous declared it would carry out a "large attack" called "Operation Japan" on Japanese government organizations in response to the enactment of the revised Copyright Law on June 20 that made illegal downloads punishable by up to two years in prison. The group said the revised law would send many innocent people to jail.
The Finance Ministry found a document saying, "We are Anonymous" and "We do not forgive" had been inserted onto its website that provides information on nationally owned land lots. A regional office of the Land, Infrastructure, Transport and Tourism Ministry also came under a cyber-attack.
According to the ministry, an English message was found on a page displaying rainfall data on the website of the Kasumigaura River Office of the Kanto Regional Development Bureau in Itako, Ibaraki Prefecture, at about 9:10 p.m.. The ministry suspended operation of the website. The websites of the ruling Democratic Party of Japan and the major opposition Liberal Democratic Party were difficult to access, the sources said.
"Anonymous" is an Internet users group that insists on "freedom of the Internet" and conducts illegal protest activities such as hacking. Japanese companies such as Sony Corp. had been targeted by Anonymous, but this is the first time government organizations have come under attack.
A member of hacker group Anonymous has told The Yomiuri Shimbun it waged a series of cyber-attacks against government websites, and warned the attacks will continue until a law stipulating stiffer punishments for illegal downloading is revised or withdrawn. The hacker also claimed that Japanese were involved in the attacks, which have so far been limited to government-related websites. [Source: Yomiuri Shimbun, June 30, 2012]
The interview took place at an Anonymous website used for exchanging information concerning the "Operation Japan" attack. The hacker claimed to be one of the site's nine administrators who decide whether to attack and what the targets will be. Asked why the group launched the attacks, the hacker said, "the new law with the illegal downloads," a reference to the recent enactment of the revised Copyright Law that made illegal downloads punishable by up to two years in prison. Concerning further attacks, the member said: "We will continue for as long as this law still exists. Or, until it is changed.”
The member said Anonymous learned of the revision because "Stuff gets around. I am pretty sure there has been articles and such online." Asked whether news of the revision came from an inside source, the member said, "I don't think it came from an Anonymous member." Claiming that a law that sends people to jail for downloading a few pieces of music is unfair, the member said, "We decided something needs to be done." The member revealed that 200 to 300 members took part in the attack, and said some were based in Japan. "I am sure there is some [Japanese hackers involved]," he said.
The group decided to launch the cyber-attack because "They [the government] won't listen to any other ways," the member said. Asked what the group thinks about Japanese who were inconvenienced by the attack, the member said, "I don't know what to say." The attacks have also affected websites of the Supreme Court, the Democratic Party of Japan, the Liberal Democratic Party, the Kasumigaura River Office run by the land ministry's Kanto Regional Development Bureau, as well as the Japanese Society for Rights of Authors, Composers and Publishers (JASRAC).
Japanese Defensive Cyberweapon Development
In January 2012, the Yomiuri Shimbun reported: “The Defense Ministry is in the process of developing a computer virus capable of tracking, identifying and disabling sources of cyber-attacks, The Yomiuri Shimbun has learned. The development of the virtual cyberweapon was launched in 2008. Since then, the weapon has been tested in a closed network environment. [Source: Yomiuri Shimbun, January 3, 2012]
Cyberweapons are said to already be in use in countries such as the United States and China. However, in Japan there is no provision on the use of cyberweapons against external parties in existing legislation on foreign attacks. With this in mind, the Defense Ministry and Foreign Ministry have begun legislative consideration regarding the matter, according to sources.
The three-year project was launched in fiscal 2008 to research and test network security analysis equipment production. The Defense Ministry's Technical Research and Development Institute, which is in charge of weapons development, outsourced the project's development to a private company. Fujitsu Ltd. won the contract to develop the virus, as well as a system to monitor and analyze cyber-attacks for 178.5 million yen.
The most distinctive feature of the new virus is its ability to trace cyber-attack sources. It can identify not only the immediate source of attack, but also all "springboard" computers used to transmit the virus. The virus also has the ability to disable the attacking program and collect relevant information. Test runs in closed networks have helped the ministry to confirm the cyberweapon's functionality and compile data on cyber-attack patterns.
According to the sources, the program can identify the source of a cyber-attack to a high degree of accuracy for distributed denial of service (DDoS) attacks, as well as some attacks aimed at stealing information stored in target computers. In DDoS attacks, hackers send target websites enormous volumes of data, eventually forcing them to shut down.
Keio University Prof. Motohiro Tsuchiya, a member of a government panel on information security policy, said Japan should accelerate anti-cyber-attack weapons development by immediately reconsidering the weapon's legal definition, as other countries have already launched similar projects.
Text Sources: New York Times, Washington Post, Los Angeles Times, Daily Yomiuri, Times of London, Japan National Tourist Organization (JNTO), National Geographic, The New Yorker, Time, Newsweek, Reuters, AP, Lonely Planet Guides, Compton’s Encyclopedia and various books and other publications.
Last updated January 2013