The Defense Ministry and Self-Defense Forces were targeted by a sophisticated cyberattack in September that may have compromised the Defense Information Infrastructure, Japan’s internal military network, ministry sources say.
The attacker, possibly a state actor, initially penetrated the Ground Self-Defense Force’s computer system and likely stole some information, though the full scope of the theft remains unclear, the sources said Sunday.
The attacker took advantage of a security loophole, prompting the ministry to raise its cybersecurity alert level.
Most officials were mum on the attack, but a senior SDF official called it “a very serious situation.”
“We must quickly take measures to prevent a recurrence,” the official said.
At a news conference Monday, Deputy Chief Cabinet Secretary Koichi Hagiuda refused to discuss the matter, saying that doing so might give the hackers a better idea of government security measures.
The Defense Ministry faces cyberattacks on a daily basis, he added.
Masakazu Saito, a senior ministry official in charge of cybersecurity issues, declined comment.
According to the sources, the Defense Information Infrastructure, a high-speed high-capacity communication network connecting SDF bases and camps, was the focus of the hack.
The sources said the hacker or hackers appear to have gained unauthorized access to computers at the National Defense Academy and the National Defense Medical College, using them as a gateway to enter the GSDF’s computer system.
The Defense Information Infrastructure comprises a system connected to the internet and another used for information-sharing by insiders. While the two systems operate separately as a safeguard against computer viruses, they are not completely detached. The hacker is believed to have used the link between the systems to carry out the attack, the sources said.
One computer expert said the hacker must have been quite sophisticated, given the protective measures that were in place.
The incident prompted the ministry and the SDF to temporarily ban internal internet use.
The incident has sent shock waves through the ministry, which has made recent efforts to bolster measures precisely designed to prevent such attacks. These measures included the setting up of the Cyber Defense Group in March 2014 to monitor ministry and SDF communication networks around the clock. It also installed an advanced analysis device for cyberdefenses.
The September hacking “is an extremely serious problem that threatens national defense,” said Motohiro Tsuchiya, a professor of international relations at Keio University who is well-versed in cybersecurity.
If the attacker or attackers penetrated the nation’s enhanced defense system, it should raise suspicions that the attack was state-sponsored, Tsuchiya said, adding that China, Russia, North Korea and other countries that would benefit from stealing Japanese military secrets could be suspected.
“Cyberattacks are a form of spy wars,” he said, underscoring that people linked to the Defense Ministry and the SDF are constantly receiving malware in email from across the globe.
“It is not easy to completely prevent information leaks,” Tsuchiya said. “But it is necessary to double or triple their preventive measures, such as encrypting internal data, in case anything goes wrong.”
The cyberattack in Japan is just the latest of several that have humiliated countries around the globe. Cyberspace has widely been termed the “fifth battlefield,” after ground, sea, air and space.
It is believed that military forces in many countries are not only beefing up their cyberdefenses, but also refining their offensive capabilities. Such intrusions frequently occurr on the information networks of government organizations and military forces.
“Japan is not an exception,” a senior SDF member said.
There have been many cyberattacks implying national involvement. Last December a cyberattack in Ukraine caused a massive blackout that its security services blamed on Russia.
Ahead of this month’s U.S. presidential election, WikiLeaks published email from Hillary Clinton’s election campaign team. White House officials reportedly said there is growing evidence that Moscow is using the anti-secrecy group as a delivery vehicle for stolen messages and other information. Russia has denied any involvement.
Cybersecurity investigators often face difficulties finding clear evidence of the attackers, especially when they are sophisticated state actors who are well-versed in the best ways to cover their tracks.