LOOSE LIPS (2): Experts say social media can put defense systems at risk

January 07, 2013


Editor’s note: Yasuyuki Sasaki, who contacted a Maritime Self-Defense Force member who posted personal opinions and unpublished information about his missions on his Twitter and Facebook accounts, talked with experts about the potential risk of social media on defense systems.

* * *

Social networking services could be a treasure-trove of personal information for cyber-attackers seeking a backdoor into a nation’s defense systems, experts say.

A senior Self-Defense Forces officer said social media, particularly Facebook, could help hackers identify potential targets to penetrate defense network systems based on personal information registered on their accounts.

In a practice known as profiling, hackers would go through the postings of the individuals and their friends to examine their behavior patterns and relationships with other people, according to the officer.

“Attackers could send a friend request from an account in which they disguise themselves as a graduate of the National Defense Academy,” the officer said in Tokyo in early November.

Next, attackers could attempt to obtain the official-use e-mail address to send a virus as an attachment to the target individual, according to the officer.

Takao Hirayama, chairman of Symantec Japan Research Institute Inc., who previously served in the MSDF, showed a report that a U.S. defense contractor submitted to the U.S. Congress.

According to the report, a senior U.S. Defense Department official said a Chinese private-sector cyber-attack team downloaded 20 terabytes of data from the Non-classified Internet Protocol Router Network (NIPRNet), the U.S. military’s logistics control system, in 2006.

The U.S. military uses the system, which controls supplies and fuel, in contracting with private-sector suppliers. It is linked with the Internet.

“What if this system were tampered with and supplies were suspended?” Hirayama asked. “The U.S. military would not be able to fight.”

The SDF also operates an open system connected to the Internet, similar to the NIPRNet, and a closed system, which is used for communications, weapons firing and other operations.

Hiroshi Ito, who heads information security company LAC Co.’s Cyber Security Laboratory and previously served in the Ground SDF, said a closed system is also at risk.

As an example, he cited a cyber-attack in September 2010, which disrupted the operation of 1,000 uranium-enriching centrifuges that Iran was allegedly using for developing nuclear weapons. A closed system was reportedly infected with a new virus called Stuxnet.

It is assumed that the virus first infected an open system and was then transmitted to the closed system via a USB port, according to Ito.

Many experts suspect that attackers identified individuals who inserted a USB device into the closed system as part of their operations through human intelligence gathering, which involves social media and other means.

“We can never rule out the possibility that a system can be compromised, however secure it may be,” Ito said. “We must understand that humans are the largest risk involved.”

  • 1
submit to reddit
LAC Co.’s Cyber Security Laboratory monitors a possible attack on a corporate client around the clock. (Shiro Nishihata)

LAC Co.’s Cyber Security Laboratory monitors a possible attack on a corporate client around the clock. (Shiro Nishihata)

  • LAC Co.’s Cyber Security Laboratory monitors a possible attack on a corporate client around the clock. (Shiro Nishihata)

More AJW