Japanese Defence Ministry raises concerns about cyber breach at Mitsubishi Heavy

A cyber attack in August on Japan's biggest defence contractor, Mitsubishi Heavy, may have jeopardised data on military aircraft and other equipment.

Warwick AshfordWarwick Ashford is chief reporter at Computer Weekly. He joined the CW team in June 2007 and is focused on IT security, business continuity, IT law and issues relating to regulation, compliance and governance. Before joining CW, he spent four years working in various roles including technology editor for ITWeb, an IT news publisher based in Johannesburg, South Africa. In addition to news and feature writing for ITWeb’s print publications, he was involved in liaising with sponsors of specialist news areas on the ITWeb site and developing new sponsorship opportunities. He came to IT journalism after three years as a course developer and technical writer for an IT training organisation and eight years working in radio news as a writer and presenter at the South African Broadcasting Corporation (SABC).

View all articles by Warwick Ashford >>

[email protected] 020 8652 8505 

A cyber attack in August on Japan's biggest defence contractor, Mitsubishi Heavy, may have jeopardised data on military aircraft and other equipment, according to Japanese media reports.

The data on aircraft development on one server was transferred to another server, probably because of a virus at the time of the cyber-attack, but it has not been confirmed that the transferred data also left the company, the report says, citing sources close to the Defence Ministry.

In the attack. Mitsubishi's computer network came under a major online assault in which 45 servers and 38 computers were infected with more than 50 types of viruses at 11 locations in Japan, including a plant that builds missiles and aircraft engines.

The malware included a Trojan horse that ordered the data to be sent somewhere outside the company, the reports said.

Other reports have said that information on nuclear power plants may also have been stolen by the hackers.

"As cyber attacks have become more sophisticated, and their perpetrators more organised, firms holding data on critical national infrastructure are finding themselves increasingly targeted," said Ross Brewer, vice president and managing director of international markets at log management firm LogRhythm.

Thomas Rid, an expert in war studies at Kings College London, claims that the lack of a lethal act of force precludes cyber attacks from being categorised as warfare, but the Mitsubishi Heavy data leak seems to contradict this as it involves equipment ordered by Japan's defence ministry.

"This is something that could have significant consequences for armed forces on active duty. Specific nuclear power plant data could also be used offensively against any country that integrates them as part of its national grid," said Brewer.

Mitsubishi Heavy has been unable to clarify exactly what data was leaked.

"This is revealing, as guardians of sensitive data should have protective monitoring systems in place that can identify any data that has been compromised," said Brewer.

By monitoring and analysing 100% of log data generated by the IT estate, he said organisations can increase the odds of detecting attacks when they occur, and their ability to respond in the aftermath.

Read more on IT news in your industry sector