Yomiuri Shimbun October 26, 2011
Policemen stand guard in front of the Japanese embassy in Seoul on October 18, during a visit by Japanese Prime Minister Yoshihiko Noda. The Seoul embassy was among nine Japanese missions hit by a backdoor computer virus since the summer, it was learned Wednesday.
Photograph by: Jung Yeon-Je, AFP/Getty Images
TOKYO — At least dozens of computers used at Japanese diplomatic offices in nine countries have been infected with viruses since this summer, it has been learned.
Many of the targeted computers were found to have been infected with a so-called backdoor virus, which allows a remote hacker to gain access and steal information. Cyber-attacks against the Japanese Embassy in Seoul opened a route by which a large quantity of diplomatic information could have been sent to an outside server, according to sources.
The Foreign Ministry has launched an investigation to find out how much damage it suffered, suspecting the infection was caused by so-called spear attacks targeting the ministry’s confidential diplomatic information.
The revelation came soon after the nation’s defense industry and political nerve centre had come under cyber-attacks. About 80 computers at Tokyo-based major defense contractor Mitsubishi Heavy Industries, Ltd. were found last month to have been infected with viruses, leading the Metropolitan Police Department to investigate the case on suspicion that the Unauthorized Computer Access Law had been violated.
Earlier this week, state-supplied computers distributed to House of Representatives lawmakers for public business were found to be infected with viruses.
Now that confidential diplomatic information has also been found to have been at risk of being leaked outside, the government has an even greater need to work out countermeasures, observers said.
According to the sources, the nine countries where the affected Japanese diplomatic offices are located include Canada, China, France, Myanmar, the Netherlands, South Korea and the United States. The ministry’s investigation may reveal a greater number of affected offices and infected computers.
The Japanese Embassy in Seoul realized this summer that computers and other devices used by its staff had been infected by viruses including the backdoor virus. It was found that a route had been created to allow internal information to be sent to the outside, according to the sources.
The computer virus in question provides a backdoor into a computer through which a hacker can secure remote access and obtain data to use or distribute outside. The virus is said to be often used in spear attacks, which target specific people or companies to steal information from them.
The Foreign Ministry handles diplomatic secrets in a closed system and other kinds of information in an open one, but even the open system includes a network that only allows authorized accesses by users with passwords and IDs. However, this network was found to have been infected through the attacks, according to the sources.
An official at the ministry’s Information and Communication Division admitted that the ministry was exposed to many spear attacks in May and June, some of which resulted in virus infections of some computers.
“However, we responded appropriately every time we found a virus infection,” the official added. “As the Foreign Ministry is a likely target of cyber-attacks, we have been cautious about security for our systems, particularly since the revelation of the MHI case.”
No confidential information has been leaked due to recent cyber-attacks against the Foreign Ministry, Chief Cabinet Secretary Osamu Fujimura said Wednesday.
Computers at the ministry’s headquarters in Tokyo and its overseas offices “have been receiving many targeted e-mail attacks since June” in an apparent attempt to steal diplomatic secrets, Fujimura told a press conference.
“The Foreign Ministry handles confidential information in a closed local area network,” he added, which is designed to prevent unauthorized access from the outside. “Therefore, no confidential information has been leaked (through these attacks).”