CloudSecurityWorkspace

Nuclear And Military Data Taken In Mitsubishi Hack

Tom Jowitt is a leading British tech freelance and long standing contributor to TechWeek Europe

Google + Linkedin Subscribe to our newsletter Write a comment

Highly sensitive military and industrial data was stolen from Mitsubishi when it was hacked in the summer

The perils of a well organised cyber-attack have been underlined once again, after highly sensitive data relating to Japan’s military and critical infrastructure was reportedly stolen.

In September, Mitsubishi Heavy Industries confirmed that its computer network had been breached by cyber-attackers in August. The attack hit approximately 45 servers and 38 computers, which were infected with malware at 10 facilities located throughout Japan, and at Mitsubishi’s Yokohama headquarters.

Mitsubishi is Japan’s largest defence contractor, and it apparently discovered that at least eight different pieces of malware, including data-stealing Trojans, were used in the 11 August attack.

Damaging Attack

At the time, the firm was criticised for not reporting the security breach to Japan’s Defence Ministry until a month later, when details emerged in the media.

Mitsubishi was unable to say what data had been compromised in the August attack, but it did assure Japanese authorities that it had taken appropriate measures to safeguard all military information.

Now it seems that the cyber attack was very successful indeed, after the Asahi Shimbun news service reported that sensitive information concerning vital defence equipment – such as fighter aircraft, helicopters, as well as nuclear power plant design and safety plans – was apparently stolen. The agency quoted “sources close to the company”.

Mitsubishi Heavy Industries makes warships, submarines and other defence-related equipment in Japan. Although the Japanese constitution prohibits the company from exporting weapons, there are exemptions for companies that are working with other countries on joint research and development of anti-missile defence systems.

The contractor works with Raytheon to make weapons such as surface-to-air Patriot missiles and AIM-7 Sparrow air-to-air missiles, and with Boeing to supply parts for 787 Dreamliner jets and F15J fighter jets.

Outside Forces

Asahi Shimbun cited an internal investigation as the ultimate source of the information. The report apparently found signs that the information had been transmitted outside the company’s network. It said there was a strong possibility that outsiders were involved.

Its sources also said that a further investigation into dozens of computers at other locations found evidence that information about defence equipment and nuclear power plants had been transmitted from those computers to external destinations.

It is a well known face that defence contractors are prime targets for cyber-attacks.

For example a number of defence contractors in the United States have already been hit by cyber-attackers, including Lockheed Martin, L-3 Communications and Northrop Grumman. Unknown attackers have also breached Department of Energy’s Oak Ridge National Laboratory.

In July the Pentagon confirmed that a foreign government was behind a March cyber-attack against US military computers that led to 24,000 files being stolen from a defence contractor.

State Sponsored?

So who is conducting these cyber-attacks? Western governments often point the finger firmly at China, but China strongly denies involvement.

Last week Major General Jonathan Shaw, the head of the Ministry of Defence’s cyber-security programme, said that hacking by foreign governments and corporations is regularly putting companies out of business, costing the British economy £27 billion a year.

In August video footage appeared to show Chinese military systems hacking a US target. F-Secure chief research officer Mikko Hyppönen spotted the video footage of the alleged hack during a Chinese military TV documentary. The offending video was quickly replaced with other material.