Cyber-attacks target 20 ministries, agencies

October 31, 2011

Underscoring how hackers have remained a step ahead of Japan's computer security experts, viruses have infected dozens of computers in cyber-attacks against at least 20 ministries and agencies, sources told The Asahi Shimbun.

However, no vital information has been leaked, government officials said.

In many of the attacks, e-mails from senders pretending be legitimate ministry staff members have been sent to authorities carrying attachments that, if opened, immediately infect the user's computer with a virus.

Several overseas offices of the Foreign Ministry have received the fake e-mails since June, causing infections of dozens of computers. The true identities of the senders remain unknown.

"None of our confidential information has been leaked because such information has been stored on the server that cannot be accessed from outside," a Foreign Ministry official said.

The Defense Ministry has also received virus-infected e-mails in 2006 when a large number of computers at the ministry received e-mails from a sender falsely claiming to be the defense minister.

Other ministries have been targeted. At the Shikoku Regional Development Bureau of the Ministry of Land, Infrastructure, Transport and Tourism, a male employee in his 50s opened an attachment in a e-mail that infected the office's server system with a virus.

The bureau, fearing that the IDs and passwords of its 3,000 staff members may have been stolen, changed all of the passwords and took other preventive action.

Employees' computers were infected in a similar manner at the Financial Services Agency, the Japan Fair Trade Commission, the Ministry of Economy, Trade and Industry and the Cabinet Secretariat, the sources said. All ministries and agencies have warned their workers not to open suspicious e-mails.

The sources also said relatively "minor" attacks have targeted the internal affairs ministry, the Justice Ministry, the Finance Ministry, the science ministry, the health ministry, the agricultural ministry, the Environmental Ministry, the Cabinet Legislation Bureau, the National Personnel Authority, the Cabinet Office, the Imperial Household Agency, the National Police Agency and the Consumer Affairs Agency.

Last week, officials revealed that hackers infiltrated the Lower House server computer and stole information from about 480 lawmakers and their aides. Earlier, some of Japan's biggest defense manufacturers revealed that their computer systems were attacked.

In 2001, Japan set up the Cyber Force team comprising technical computer security experts under the National Police Agency. It was Japan's first safeguard against the theft of digital information.

The task force, which monitors on an around-the-clock basis for unauthorized access to government offices, was formed after several websites of ministries were unlawfully changed.

Since 2004, the team has expanded its targets for monitoring to power companies, traffic systems and about 1,000 corporations and facilities.

However, hackers have become increasingly sophisticated.

Until the early 2000s, hackers generally sent large-volume data repeatedly or randomly to spread virus-infected e-mails over the Internet. Around 2006, however, they started attacking specific targets for information theft.

The more focused approach was apparently used in the recent attacks against the Lower House's server system and the Foreign Ministry. However, the NPA's Cyber Force did not detect the attacks because the system mainly looks for large volumes of e-mails, the agency said.

Software to prevent the new style of cyber-attack will not be developed soon, according to the NPA.

In 2008, the Defense Ministry established the Command Control Communication Computers Systems Command of the Self-Defense Forces to thwart cyber-attacks. It can detect attempts of unauthorized access, data theft and other shady activities, even if new types of viruses are used, the ministry said.

The Defense Ministry plans to create another new anti-hacker system to provide cross-division monitoring for attacks within the ministry.

In addition, the ministry will cooperate in such efforts with the U.S. Defense Department, which formed the Cyber Command team last year to protect freedom in cyberspace of the United States and its allies.

The Defense Department said cyberspace was the fifth area of a constant battle, following the ground, air, sea and space.

However, cyber-attacks are not interpreted as military attacks under international laws or by the international community. Therefore, only the NPA--not the Defense Ministry--can play a major role in investigating cyber-attacks, even if they have originated outside of Japan, a ministry official said.

When trying to track down the perpetrators of a cyber-attack, Japanese police often find the activities were made from a third-person's computer or an overseas server network to keep their identities unknown.

When the NPA and other organizations were hit by cyber-attacks in September 2010, police found that the server the hacker used was located in China.

Through the International Criminal Police Organization, Japan asked China to provide information on usage histories of the server to move the investigation forward. But Beijing only responded, "We do not have such records."

  • 1
submit to reddit
Police and major companies cooperate to prevent cyber-attacks in April 2009. (Asahi Shimbun File Photo)

Police and major companies cooperate to prevent cyber-attacks in April 2009. (Asahi Shimbun File Photo)

  • Police and major companies cooperate to prevent cyber-attacks in April 2009. (Asahi Shimbun File Photo)

More AJW