ASIA NEWS NETWORK
WE KNOW ASIA BETTER
Tokyo not certain TPP talks data was compromised
Publication Date : 08-01-2013
Questions have been raised about the Japanese agriculture ministry's explanation that it was unable to confirm traces of a leak of confidential documents related to sensitive trade negotiations, despite evidence showing its official computers had been remote-controlled for the transmission of compressed data.
Other administrative organisations that had experienced similar situations said their information was stolen based on "traces of a leak."
More than 3,000 pieces of information, including more than 20 top-secret documents on the Trans-Pacific Partnership (TPP) free trade pact negotiations, are suspected to have been stolen by outsiders. Information security experts said it is unacceptable for the Agriculture, Forestry and Fisheries Ministry not to call the situation a leak.
According to ministry sources, a cyber-attacker suspected of stealing the information searched for "TPP" and other keywords to collect relevant documents by remotely controlling computers at the ministry.
The stolen data was gathered on a single PC and compressed into a .rar file for easy transmission to a remote server.
The sources said most of the compressed data had been deleted by the attacker when the ministry discovered the breach.
Such files were used in many past information leak cases since large amounts of data can be easily transmitted in the format. In a 2011 case of an information leak from a US systems company, a cyber-attacker is believed to have also used the format.
The farm ministry told The Yomiuri Shimbun it was unable to confirm traces of an information leak. But information security experts said it is the norm to regard it as an information leak if data is found to have been compressed into .rar format and then deleted.
Other government organisations in similar situations confirmed leaks.
The Japan Nuclear Energy Safety Organisation officially announced in May that some of its documents may have been stolen after files on information on the Fukushima No 1 nuclear power plant crisis, including the status of the reactors and the spread of radioactive material, were found to have been gathered and compressed into .rar files.
"[That] made us conclude information might have been leaked," an organisation official said.
In November 2011, the Internal Affairs and Communications Ministry announced at least 20 of its computers had been infected with a Trojan horse virus. The ministry made the announcement two days after the infection was found.
An official of the Internal Affairs and Communications Ministry said it deemed it highly likely information was stolen at the time it detected the virus.
A Trojan horse virus was also used in the cyber-attack on the agriculture ministry.
In cyber-attacks against the Japan Aerospace Exploration Agency, which announced the possibility of information leaks in January and November last year, an employee's personal computer was found to be infected with a virus.
Since communication records also showed the PC had accessed a suspicious server, the agency said it announced the case as it was clear data was stolen, although the content could not be confirmed.
The agriculture ministry insists there is a low possibility that information was stolen, but has failed to show the basis for the assertion.
Worries about national interests
Takayuki Sugiura, president of Tokyo-based information security company NetAgent Co., said the farm ministry should consider itself lucky it was even able to find traces of data compression.
"There are few cases in which such traces are discovered. Believing it is more likely data was stolen, the ministry should study server communication records and other records," Sugiura said.
"Still, it is very rare in a normal system to completely ascertain whether data were stolen. The ministry should've taken measures to cope with a leak as soon as it found traces of data compression," Sugiura said.
Crisis management expert Tatsumi Tanaka said it is best to assume "what might have leaked" is "what did leak" in looking at information-related crisis management.
"Saying a 'leak was not confirmed' gives the public no sense of security. Information is a public asset. National interests will be harmed, too, if Japan loses the confidence of other countries because of such an attitude," Tanaka said. "The agriculture ministry's explanation gives no confidence."