Cyber-attackers could have stolen defense contractor's passwords

October 08, 2011

Passwords for servers at defense contractor Mitsubishi Heavy Industries Ltd. (MHI) may have been stolen during a wide-ranging cyber-attack.

The Kobe Shipyard and Machinery Works, which builds submarines, and the Nagoya Guidance and Propulsion Systems Works, which makes missile-related products, were among installations compromised in the attack, which was reported to the Metropolitan Police Department on Sept. 30.

In total, 45 servers and 38 personal computers at 11 of MHI's facilities were infected with viruses.

An analysis of a virus used in the attack suggests the perpetrators used simplified Chinese characters, which are used in mainland China, according to sources connected to the investigation into the incident.

The servers, which were apparently used for sales work, were infected with a virus that included keystroke-logging code, raising the possibility that hackers may have discovered passwords and accessed part of the company's sales information. Some of the compromised computers contained information on defense equipment ordered by the Defense Ministry.

However, MHI has not yet found any evidence that information on its operations or products was actually leaked.

The Metropolitan Police Department has started an investigation into suspected illegal access and other violations. According to an information security company, the computers were likely compromised when users opened infected documents.

The ministry conducted a survey of about 100 defense-related firms after the attack and did not discover any leak of confidential information. However, there is a possibility that the MHI cyber-attack was not isolated.

A spokesman for Mitsubishi Electric Corp. said a computer had been infected with a virus when a file attached to an e-mail message was opened. IHI Corp., which builds destroyers, and Kawasaki Heavy Industries Ltd., which produces submarines, also received e-mail messages containing viruses and reported those cases to the National Police Agency earlier this year.

The Defense Ministry itself may also have been targeted by hackers, with officials receiving fake e-mail messages in the name of real colleagues in recent years. In September 2010, the ministry website was hit by denial-of-service attack that directed a huge amount of traffic at its servers and slowed down communication speeds.

The attack on MHI has highlighted the vulnerability of defense contractors handling sensitive information, but the Defense Ministry insists that those firms must be responsible for their own security.

"At the end of the day, companies handling defense secrets must be responsible for information management on their own," a senior Defense Ministry official said.

The Defense Ministry asks companies handling defense secrets to establish in-house rules for information management and use a separate computer network for sensitive information when contracts are concluded. It also demands that contractors promptly report suspected leaks when they occur.

MHI did not report the cyber-attack on the grounds that there was no evidence that information had in fact been leaked.

Yasuaki Hashimoto, of the National Institute for Defense Studies, said both the government and the private sector should beef up their security.

"In Japan, cyber-attacks are considered Internet crimes that fall under the jurisdiction of the police. The Defense Ministry has not come to the fore," Hashimoto said.

  • 1
submit to reddit
Mitsubishi Heavy Industries Ltd.'s Kobe Shipyard and Machinery Works (Asahi Shimbun file photo)

Mitsubishi Heavy Industries Ltd.'s Kobe Shipyard and Machinery Works (Asahi Shimbun file photo)

  • Mitsubishi Heavy Industries Ltd.'s Kobe Shipyard and Machinery Works (Asahi Shimbun file photo)

More AJW