There’s been quite a bit of talk recently about “cyberthreats” to the US. Back in April, Defense Secretary Ash Carter unveiled a new US strategy designed to combat a list of supposed “cyberadversaries” which include (of course) China, Iran, Russia, and North Korea. The Pentagon suggested that Washington may use “offensive” cyberattacks if necessary to “disrupt an adversary’s military related networks or infrastructure so that the U.S. military can protect U.S. interests in an area of operations.”
As it turns out, the US did just that five years ago when Homeland Security tried to deploy a computer virus against North Korea’s nuclear program, an effort which ultimately failed due to, as Reuters puts it, “the extreme isolation of [Pyongyang’s] communications systems.”
More recently, the US implicated Chinese hacker spies in a scheme purportedly designed to steal US military secrets from Penn State’s engineering department and “Russain crime syndicates” were blamed for an IRS breach.
As far as Washington’s allies are concerned, Japan is onboard with PM Shinzo Abe and President Obama striking a cybersecurity alliance when Abe visited the capital in April. In a speech to Congress, Abe had the following to say about Chinese hacking: “[We cannot] simply allow free riders on intellectual property.”
In the latest cyber drama, we learned on Sunday that Japan Pension Service staff computers were hacked and 1.25 million cases of personal data were compromised in the process. Reuters has the story:
Japan’s pension system has been hacked and more than a million cases of personal data leaked, authorities said on Monday, in an embarrassment that revived memories of a scandal that helped topple Prime Minister Shinzo Abe in his first term in office.
Japan Pension Service staff computers were improperly accessed by an external email virus, leading to the leak of some 1.25 million cases of personal data, the system’s president, Toichiro Mizushima, told a hastily called news conference.
He apologized for the leak, which he said involved combinations of names, identification numbers, birth dates and addresses.
For some, the incident brings back bad memories:
Public outrage over botched record-keeping that left millions of pension premium payments unaccounted for was a major factor in a devastating defeat suffered by Abe’s Liberal Democratic Party in a 2007 election for parliament’s upper house.
And a bit more color from The Japan Times:
The data were leaked when agency employees opened an attached file in their email containing a virus.
Japan Pension Service President Toichiro Mizushima apologized for the leak and said affected people will be given new pension ID numbers.
“We feel an extremely grave responsibility over this,” Mizushima told a hastily arranged news conference.
“We will make the utmost efforts not to cause trouble to our customers”..
Mizushima said the fund reported the attacks to the Metropolitan Police Department on May 19. He refused to elaborate on the type of computer virus or whether the attacks came from within Japan or abroad, citing the ongoing police investigation.
Of the 1.25 million cases, some 52,000 involved the theft of pension IDs, names, birth dates and addresses, while another 1.17 million involved the leak of just pension IDs, names and birth dates. In the remaining 31,000 cases, just pension IDs and names were stolen.
We will now await the official announcement wherein Japanese officials will say that their investigation suggests the attack originated in China. Stay tuned.
