Tokyo Denies Major Military Cyber Attack

Tokyo Denies Major Military Cyber Attack

Japan’s Defense Ministry has denied reports that it was targeted by a sophisticated state-backed cyber-attack which may have compromised an internal military network.

An unnamed public affairs official at the ministry told Bloomberg on Monday that it's forced to deflect cyber-attacks every day, but that the new report isn’t accurate.

The highly regarded Kyodo News had claimed that a possibly state-backed intruder managed to gain an initial foothold by infiltrating computers at the National Defense Academy and the National Defense Medical College back in September.

They were then able to penetrate the Defense Information Infrastructure network, which links Self Defense Force (SDF) facilities.

Even worse, the report claims that the attackers were able to take advantage of a security loophole to pivot from the internet-connected part of the network to a nominally separate intranet.

The unnamed sources told the newswire that the incident forced the ministry and SDF to issue an internet ban while they investigated.

The Defense Ministry’s denial carries less weight given that it refuses to comment on such attacks anyway as it could compromise security further.

Mike Ahmadi, global director of Critical Security Systems at Synopsys, claimed government agencies are ironically among the most exposed on the global stage.

“Despite expending resources on cybersecurity, governments are generally unaware of the staggering number of vulnerabilities found in the software running on both modern and legacy systems, and any attempt to force software providers to be held accountable at any level is met with strong resistance by a software industry that has long been accustomed to EULA [end user license agreement]-based exemptions,” he argued.

“Additionally, the lack of metrics to empirically determine the distribution of resources throughout cybersecurity practice areas leaves most agencies guessing when it comes to determining both needs and effectiveness of their activities in managing security."

Source: Information Security Magazine