Japan is latest victim in global military cyber espionage attacks
Largest weapons maker reports attempts on data about missiles, ships, planes
Japan's top defense contractor has confirmed a series of attempts to penetrate its data on missiles, submarines and nuclear power plants using spear-phishing messages carrying malware payloads had infected more than 80 servers as potential entry points.
Mitsubishi Heavy Industries (MHI) discovered the viruses on servers and desktop computers last month and said it had launched a full investigation.
It had not told government officials about the attack, however, as required by Japanese law.
Ministry of Defense spokesmen said they heard about the attack from the local media after it was leaked from anonymous source at MHI.
The Ministry of Defense has ordered Mitsubishi to have its security audited, a process the ministry will monitor and take over, if necessary according to Defense Minister Yasuo Ichikawa, who spoke at a press conference earlier today.
"It's up to the defense ministry to determine whether leaked information is important, " a Defense Ministry spokesman told Reuters. "A report should have been made."
Unlike in the U.S., where corporations have much greater latitude to choose when and whether to inform federal officials of attacks, Japanese manufacturers are required by law to inform the government of attempts at penetration.
Japanese Defense Minister Yasuo Ichikawa said at a news conference today that attackers did not crack into any sensitive information – which is probably just as reliably reassuring a statement as those made by nuclear-energy supervisors who said that the Fukushima nuclear plant was safe and relatively undamaged – during the day or so between the earthquake and tsunami March 11, 2011 and series of three massive hydrogen explosions that began a day later.
between the earthquake and massive explosion xxxxx –
Other reports claimed IP addresses may have been taken but didn't identify any other information that may have been compromised.
No one has claimed responsibility for the attacks which, in addition to the information they targeted, make them more likely to be attempts at espionage than sabotage.
Japanese investigators said they suspect the same Chinese hacking operations that have been successful in penetrating U.S. military and government sites.
One local newspaper reported that Chinese script had been found in one of the viruses, but there is, as yet, no public confirmation of that.
A Chinese foreign minister denied any involvement and repeated China's frequent claim to being more hacked against than hacking.
Even the BBC is aware enough of negative reactions to successful hacks on U.S. military computers to follow China's denial by pointing out that "'fear of the "cyber-dragon' is driving forward a fundamental re-think of US policy which is coming more and more to regard computer hacking as a potential act of war."
The attack followed the same relatively generic pattern as many penetrations of U.S. government computers: phishing messages aimed at specific individuals or any member of a department arrive in wave, urging recipients to open attachments or visit specific Web sites that deliver the malware payload.
Main targets for the attack included a shipyard in Nagasaki that manufactures destroyers, another in Kobe that builds submarines and parts for nuclear power stations and a third in Nagoya that builds missiles.
MHI also builds U.S.-designed F-15s and Patriot Missile batteries under license from U.S. firms.
A second contractor affiliated with MHI – an aircraft-parts maker called IHI Corp. – reported it had been receiving malware-loaded email for months but its security system had filtered them out.
Japanese media reports that some other Japanese web sites had been hit with DDOS attacks, reinforcing demands for greater security made by a government analysis that found holes in the security of some agencies, following an investigation inspired by attacks on U.S. firms including Lockheed Martin and others.
Japanese officials said it's the first instance they know of in which foreign entities have attacked Japanese web sites or data.
Read more of Kevin Fogarty's CoreIT blog and follow the latest IT news at ITworld. Follow Kevin on Twitter at @KevinFogarty. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.