Forgot your password?
typodupeerror
Security The Military News

Japan's Largest Defense Contractor Hacked 96

Posted by samzenpus
from the show-me-the-secrets dept.
wiredmikey writes "Mitsubishi Heavy Industries Ltd, Japan's largest defense contractor, has been a victim of a cyber attack, according to a report from the company. The company said attackers had gained access to company computer systems, with some reports saying the attacks targeted its submarine, missile and nuclear power plant component businesses. According to The Yomiuri newspaper, approximately 80 systems had been infected with malware at the company's headquarters in Tokyo, as well as manufacturing and research and development sites, including Kobe Shipyard & Machinery Works, Nagasaki Shipyard & Machinery Works and Nagoya Guidance & Propulsion System Works. 'We can't rule out small possibilities of further information leakage but so far crucial data about our products or technologies have been kept safe,' a Mitsubishi Heavy spokesman told Reuters. 'We've found out that some system information such as IP addresses have been leaked and that's creepy enough,' the spokesman added."
This discussion has been archived. No new comments can be posted.

Japan's Largest Defense Contractor Hacked

Comments Filter:
  • by lecheiron (2441744) on Monday September 19, 2011 @10:58AM (#37441656)
    that must explains it.
  • by Karmashock (2415832) on Monday September 19, 2011 @11:02AM (#37441764)

    Letting hackers half way into your system especially when you're dealing with state sponsored hacking groups or corporate espionage is not a horrible idea so long as you make it work for you.

    After all even though they're in your systems you have have an opportunity to log them in a way that you don't if they're just scrapping on the outside. Build a multi-tiered defense and let them get all the information that you don't actually care about. For example... promotional information and publicly released data. You can also have dummy files thrown around with garbage data filled in rather then the real specs. Have fun with it. But the really secret stuff... consider not having that on the network at all. If you're talking about top secret information... maybe that calls for an armed courier.

    • by Dunbal (464142) * on Monday September 19, 2011 @11:04AM (#37441836)
      Congratulations you have (re)invented the Honey Pot [wikipedia.org].
      • Oh, I'm sure someone else has had similar ideas. I just think these should be applied systemically when protecting high profile systems.

        Have the outer defenses strong enough to ward off all the casual attackers and then just let the more dangerous guys in so you can track them rather then letting them learn the limitations of your system let them think they evaded detection.

    • by Anonymous Coward

      Better yet, have engineers design flaws into the "valuable" information that would go undetected until the devices self-destruct while in use. A few metric to imperial conversion errors is all it takes.

      • by JoshuaZ (1134087) on Monday September 19, 2011 @11:27AM (#37442396) Homepage
        There are allegations that the US did just that to the Soviet Union during the cold war. See http://www.zdnet.co.uk/news/it-strategy/2004/03/01/us-software-blew-up-russian-gas-pipeline-39147917/ [zdnet.co.uk].
      • by X0563511 (793323)

        That worked so well for all of us when those Chinese capacitors started exploding (and kept exploding) for fucking years...

    • by erroneus (253617)

      Except that is not how it works.... nice dream though.

      I am not going to comment any further than this, but I have considerable inside knowledge of this situation and the things which enable it to happen.

      That said, many people already know some of the reasons this has happened from previous news stories. When the lights come on in your head, you will know what I'm talking about.

      • Sadly I'm not in your esteemed in crowd so I have no idea what you're talking about.

        Care to share or are you having fun being mysterious?

        • Not quite so certain what Parent is being mysterious about. However Grandparent's idea of the soft and chewy outside is a terrible misinterpretation of defense in depth.

          You own some of the less valuable folks, you own some of the less valuable data, now you can send authentic looking emails from real coworkers to people on the sensitive side.

          Not that their recon isn't already doing this, some of the emails they use are very convincing.

          Advanced Persistent Threats know a lot about their targets before they ev

          • email servers wouldn't be chewy... that's the sort of thing that would be in the castle keep. Though obviously you'd want to fragment the system by department so the advertisement department wouldn't compromise something else... as an example.

        • by erroneus (253617)

          To be less mysterious, I don't want to say anything that might compromise my employment.

    • Be sure to include some encrypted files with obscure names. The encrypted data can either be disinformation, or publicly available info, or random garbage, but the encryption and intriguing names will waste some of their time.

      • Exactly. Let robber into the vault and let him walk away with a sack... he doesn't have to know he's carrying bundles of newspaper clippings.

      • Be sure to include some encrypted files with obscure names. The encrypted data can either be disinformation, or publicly available info, or random garbage, but the encryption and intriguing names will waste some of their time.

        Kim Kardashian_nkd_wedding.zip.rar.exe.app

    • A little exercise can firm up that soft perimeter for you.

      • My suggestion is that it be intentionally soft at least in appearence. The notion would be that it wouldn't be that hard to get in. Hard enough maybe to keep out the casual or inexperienced hacker. But not so tough as to give a pro a headache. But at the same time you set it up so that while it doesn't forbid little tricks to get in it has a disproportionally sophisticated detection and logging system. So it notices when there is an intrusion even if it isn't stopping it. I think that would help the securit

  • by John Pfeiffer (454131) on Monday September 19, 2011 @11:07AM (#37441880) Homepage

    I was hoping someone had gotten out technical documents of bipedal weapons platforms, or powered armor, or SOMETHING. :(

    • by ddxexex (1664191) on Monday September 19, 2011 @11:16AM (#37442112)

      This was a defense contractor they hacked.

      If they wanted Gundam, they would have hacked a contractor for the ministry of agriculture...

      • by tlhIngan (30335)

        This was a defense contractor they hacked.

        If they wanted Gundam, they would have hacked a contractor for the ministry of agriculture...

        Daily Planet (a Canadian science magazine show on Discovery Canada) had just a segment last week...

        http://watch.ctv.ca/clip531934#clip531934 [watch.ctv.ca]

        What I can't believe is how they just danced around the whole "it's a mech" term. It's amusing to watch in its own right as the host just refuses to call it what it is.

        Oh yeah, it has guns, too! And yes, it's from a company that makes fa

        • > Oh yeah, it has guns, too!

          Rubber ball cannons. They don't count as "weapons" though.

          • by Calydor (739835)

            Fill each little rubber ball with some unstable nitroglycerine or other explode-on-impact chemical and I assure you it's a weapon. Get shot in the face by one as-is and you'll call it a weapon, too.

      • The ministry of agriculture is not in charge of Gundam. The Gundam ministry is in charge of Gundam.
    • I was hoping someone had gotten out technical documents of bipedal weapons platforms, or powered armor, or SOMETHING. :(

      I was also hoping that Mitsubishi had went from Zero to Heero as well ...

    • by DarthVain (724186)

      They did though it was mostly useless having been designed for 15 year old girls to pilot... The uniforms were also rejected due to the probability of lawsuits...

  • by elrous0 (869638) * on Monday September 19, 2011 @11:16AM (#37442114)

    Chinese defense contractors announced today that they have made a series of tremendous advancements in submarine, missile, and nuclear power plant component technology.

    • Chinese defense contractors announced today that they have made a series of tremendous advancements in submarine, missile, and nuclear power plant component technology.

      @elrous
      Exactly. At first I thought this might have been stuxnet accidentally spread to Asia. But already it is starting to look like it may have been a separate, highly targeted attack. Guess which country hates Japan and has the capabilities to carry out cyber warfare? Hint: it's not North Korea (though North Korea does hate Japan).

  • by PJ6 (1151747) on Monday September 19, 2011 @11:17AM (#37442136)
    looks like a job for Section 9
  • How many times does this have to happen before these businesses realize they should not be on the internet... period. You're either inside the building, or your not logged in. It's that simple.
    • by Rogerborg (306625)

      "The" building? What, you think Mitsubishi is one single big building containing all of its global employees, development, admin, sales and support? And that none of them need to be able to communicate with anyone outside. You know, their customers? Is that really what you think? That it's "that simple"?

      Pause. Apply brain. Type.

      • You clearly have no idea how enterprise networks work. I said "The internet" You can have a GLOBAL network and not have it connected to the internet. getting into this network requires you to be inside "The building" or any number of buildings owned by the business.
        • by JamesP (688957)

          Yeah, sure. For 10x to 100x the cost.

          Of course, they can use a VPN. Of course, they are too smart to do that.

          What, in turn, makes someone have an external connection to the Internet so that they can do their work. Oops.

          They are 'stuck' with an MS stack of course.

    • Don't know about Mitsubishi, but a lot of organizations do try to keep as much of their really sensitive material off of the internet as possible, but at the end of the day you cannot expect to design and manufacture a submarine from end-to-end in a single physical location. Where it makes sense you can run your own fiber, but that can get real expensive real quick. At the end of the day compromises must be made(and of course never, ever trust anything to Windows, but that seems to be a lesson people just
      • by hjf (703092)

        (and of course never, ever trust anything to Windows, but that seems to be a lesson people just don't get)

        And you cannot expect to design a submarine from end-to-end using Linux either...

        • by drinkypoo (153816)

          Only if you're building a new type of submarine, because then you're going to need to write new tools. If you're the government you could force the tool vendors to develop the new ones for Linux. Some vendors are moving that way anyway due to interest, e.g. cadence tools ported to Linux when IC designers started sitting at them instead of X terminals... all those potential seats!

          • Japanese are renowned for stuff that "just works" maybe they were running an Apple stack all the way down, Japan loves them. You can make a sub end-to-end in Apple stuff, right?

          • by jackbird (721605)

            If you're the government you could force the tool vendors to develop the new ones for Linux.

            CATIA and Solidworks are sold by a partnership of IBM and a huge French aerospace conglomerate. If Linux-champion IBM hasn't ported them (especially since they are supported on a few non-x86 UNIX variants), you can bet there's a good reason.

            Oh, you want NX / I-DEAS instead? Well, then you just need to convince Siemens to roll over for you.

            Or do you want to slum it and use something by Autodesk? The day they releas

      • by X0563511 (793323)

        Where it makes sense you can run your own fiber, but that can get real expensive real quick.

        Why would you do that? You can send the traffic through the internet just fine. You just have to use a secured VPN.

  • I'm just picturing Godzilla, sitting at a computer in a basement somewhere...

    • I'm just picturing Godzilla, sitting at a computer in a basement somewhere...

      Between surfing the 'net for dragon porn.

  • It is Tamaribuchi Heavy Manufacturing Concern who merged with Matsumura Fishworks a while back. They're the ones who make Mr. Sparkle.

  • 'We've found out that some system information such as IP addresses have been leaked and that's creepy enough,' the spokesman added."

    Er, what?

    nslookup www.mhi.co.jp
    Server: UnKnown
    Address: 10.0.1.1

    Non-authoritative answer:
    Name: www.mhi.co.jp
    Address: 202.228.55.2

    I must be missing something. I'm sure a little digging would turn up their production network FQDN if it's Internet facing (which it apparently is).

    • by Anonymous Coward

      Maps of network internals can turn up routable unsecured devices like printers, APs with old firmware, that forgotten server in that closet etc. that can be used to harvest login credentials or exploit the network further if the devices are trusted.

      • Maps of network internals can turn up routable unsecured devices like printers, APs with old firmware, that forgotten server in that closet etc. that can be used to harvest login credentials or exploit the network further if the devices are trusted.

        True. My old workplace networking division was searching for where the internal infection of Conflicker was coming from.

        I re-told them about the wonder of nmap ("Huh? What's that?" @_@) that I had mentioned briefly (and was obviously ignored and forgotten) and discovered the worm was coming from one of their internal web servers located in the same physical room as their office. And these were our network security guys who sold security systems. *sigh*

    • by robmv (855035)

      OMG!!! you published your DNS ip address!!!

    • by JamesP (688957)

      They probably hired their good friends, Sony Computer, to do the auditing for them...

  • by ThatsNotPudding (1045640) on Monday September 19, 2011 @01:10PM (#37444548)
    I find it hard to believe a spokesperson for a Japanese corporation used the word 'creepy', but hey; wire services are never wrong.
    • by X0563511 (793323)

      Probably a translation issue. I'm sure the word closer to the original meaning was 'unsettling'

  • How many wake-up calls like this do organizations the world over need before they start doing computer security right?

    Just had to get that off my chest.

  • by Anonymous Coward

    I worked for one of the Mitsubishi manufacturing companies in the US and this isn't a surprise. Security was never a focus. They acted like we were completely secure, yet any number of systems were in the proxy-bypass group. Add to that lackluster policies on updating AV and workstation security patches. Bet it sucks for my former co-workers today.

You can not get anything worthwhile done without raising a sweat. -- The First Law Of Thermodynamics

Working...