The United States expressed concern on Wednesday over recent cyber attacks on Japan’s largest defence firms, the latest in a series of security breaches that have fuelled speculation about Tokyo’s ability to handle sensitive information.
An online assault on defence contractors, including Mitsubishi Heavy Industries (MHI) which builds F-15 fighter jets, Patriot Missiles and other US-designed arms for Japan’s Self-Defence Forces, began in August but was revealed only last week, triggering reprimands by Japanese Defence Ministry officials over the arms manufacturer’s failure to inform the Ministry in a timely manner. The Nikkei business daily said that the IHI Corporation, which provides engine components for fighter jets, may also have been attacked.
The breaches threaten to undercut Japanese efforts at boosting cybersecurity in recent years. Karen Kelley, a spokeswoman for the American Embassy in Tokyo, said, “We are concerned by news reports of cyberattacks on select Japanese companies and will continue to monitor the issue… For every country, these kinds of intrusions have the potential for long-term negative impact and must be taken seriously.”
MHI said on Monday that its computer systems had been hacked into and that some network information may have been compromised, with 83 computers and servers at 11 locations, including its Tokyo headquarters, factories and a research and development centre accessed in the attack. However, details of the attack were still unclear, according to a MHI spokesman.
Japanese Defence Minister Yasuo Ichikawa said that he had not received any reports that any sensitive defence information has been stolen. He added that the location from where the attacks originated remained unclear. However, according to the Yomiuri Shimbun, a security company has disclosed that connections were made to 14 sites abroad, including at least 20 servers in China, Hong Kong, the US and India.
Report: U.S. Expresses Concern About New Cyberattacks in Japan (New York Times, 21 Sep 2011)
Report: U.S. govt concerned at hacking of Japan arms firms (Reuters, 20 Sep 2011)
The Yomiuri Shimbun has noted that “simplified Chinese characters used in China” were used in the attacks, according to its sources, leading to suspicions by the Tokyo Metropolitan Police Department (MPD) that a person or people fluent in the Chinese language to be involved. The MPD considers the investigation to be an international espionage case.
However, a security specialist cautioned not to jump to conclusions that China was involved in the attacks. “The perpetrator or perpetrators may intentionally use Chinese to disguise the attacks as Chinese,” Prof. Motohiro Tsuchiya, an expert on information politics, remarked. “However, the number of cyber-attacks from China targeting classified information have reportedly been increasing and the United States is also on alert. It is important for attacked companies to disclose the facts of attacks and share their experiences to allow others to share risk information.”
Report: Chinese used in MHI cyber-attack (Daily Yomiuri, 21 Sep 2011)
China has angrily denied its involvement in response to suggestions that it is behind these attacks. “The Chinese government has consistently opposed hacking activities. The law strictly prohibits this,” Chinese Foreign Ministry spokesman Hong Lei insisted. “China is one of the main victims of hacking … criticising China as being the source of the hacking attacks is not only baseless, it is also not beneficial for promoting international co-operation for internet security.”
The Kyodo news agency said that the websites of several government agencies had also been targeted over the weekend, and Japan’s national police agency added that recent online message boards had called for hackers to attack Japanese websites ahead of the 80th anniversary of the Mukden incident, a staged explosion manipulated by the Japanese imperial army that served as pretext for Japan’s invasion of China in World War 2.
Report: Japan anxious over defence data as China denies hacking weapons maker(Guardian, 20 Sep 2011)