Pierluigi Paganini July 25, 2012

One of the biggest cyber threat is cyber espionage, it’s the sign of the technological era in which every devices surround has an intelligence component that could be exploited. Governments first, cyber criminal after, have discovered the great efficiency of malware used to steal sensible information to the victims, no matter if we are speaking of intellectual property or user’s personal data.

In the last couple of year the use of malware as cyber weapon has represented a great innovation in the warfare, Duqu and Flame represent the most important agents detected that have been developed with the intent to spy on foreign governments such as Iran.

Use of malware as spy tools has two great advantage:

• it allow to conduct covert operations in a long time stealing a great quantity of information from the victim’s host.
• similar agents are not so simple to link their creators differently from a military option that could be subject to penalty applied by worldwide community.

News of the day is the discovery of new cyber attack that has hit computer systems of Japan’s Finance Ministry.

The Ministry has uncovered the presence of a Trojan on its computers that lay undetected for almost two years, it is high probable that the malware has been deployed to steal confidential data starting from January 2010.

There is a great mystery around the clamorous discovery, the malware in fact has eluded all the protection systems and another strange particular is that its operation suddenly stopped after November 2011.

According The Japanese Times On Line the infection was reported to the ministry last week by a company it had commissioned to audit its computer security system and network. On a Total of more of 2000 computers checked at the ministry 123 were infected. The malware detected is a trojan used to gain the remote access on the victims and seems it has been spread as an e-mail attachment.

The ministry denied that confidential data had been leaked but hasn’t provided further details such as the departments infected, fortunately the infected pc was used by junior officials that don’t manage sensible information, meanwhile computers used by senior officials, including the minister, vice ministers and directors general, were not affected.

“It is not that the personal information that we have was widely leaked,” one official told reporters.

The evidence collected suggest that the Ministry was victim of a cyber attack maybe state sponsored, anyway there are no news regarding the authors of the cyber espionage operation.

Another factor that led to believe that the responsible of the attacks was an hostile foreign government is that the malware wasn’t detected by antivirus software installed on the computers, maybe because it has exploited  a zero-day vulnerability, and we have learned how much complex is this eventuality.

It’s not first time that Japanese Institutions is victim of a cyber attack, on January the country was hit by an escalation of offensive moved from China, some notable targets were the National Security of Japan and the Japanese parliament.

The intruders were able to have access to email and confidential documents of the room and this has made necessary an extraordinary meeting of the executive to respond to that considered a real emergency.

During the same period documents on military aircraft and nuclear power plants seems have been stolen in a series of cyber attacks on Japanese defense contractor Mitsubishi Heavy.  Mitsubishi Heavy declared in fact that last month that 83 computers at 11 of its facilities had been hit by cyber attacks but no leakage of information on products and technologies had been confirmed, that is a clear demonstration of a targeted strategy.

The Japan is considered one of the most technological advanced country and for this reason is subject of cyber espionage. Many foreign country are interested to intellectual property of its critical project , let’s remind for example the continuous attacks to Japan Aerospace Exploration Agency (JAXA) registered early this year, the institution is considered one of the most interesting target for state sponsored attacks and also in that occasion it was used a malware to leak confidential document.

Japan government is conscious of the risks related to the cyber threats and between the projects promoted to mitigate their effects there is also the development of a new “special” cyber weapon.

I used term special because the cyber weapon is for defensive purposes, a sort of active sentinel that will defend the Japan cyberspace form external attacks.

The project is ongoing with the contribute of Fujitsu firm. When the new application detects an intruder agent it try to follow it back to the source disabling every machine it encounters along the way, the goal is to arrest the spread of malware localizing the real attackers.

Last month government websites, including the ministry’s, were accessed by unauthorized users, Japan was hit also by hacktivist group of Anonymous during the #OpJapan against copyright law but is seems that there are no claim on the last attack.

The presence of malware is, in my opinion, the evidence that Japan is facing with a cyber warfare operation conducted in the time by a foreign government, consider that the number of cyber incidents is growing and despite the government’s attention on cyber defense, events like these should be a warning to all those governments still too far behind in the definition of an appropriate strategy to defend its cyber critical infrastructures.

Pierluigi Paganini