Missiles, submarines and yes, even nuclear power plants were targeted in a cyber attack launched against Japan’s premiere weapons maker, reports Al Jazeera. The victim: Mitsubishi Heavy Industries, which said today that a total of 83 of its servers and computers were infected by as many as eight separate viruses.
The Japanese government says it’s “not aware” of any sensitive information compromised in the attacks, though looking back at how things went down with Sony’s PlayStation Network in April, where tens of millions of PSN user accounts were breached, you may recall Sony using that line initially, too.
Japanese defense minister Yasuo Ichikawa said during a conference Tuesday the hackers hadn’t accessed anything important, but that MHI is now essentially in the hot seat—the weapons manufacturer will be instructed to check and double-check its security systems.
It sounds like there’s been a bit of a kerfuffle between MHI and the Japanese government over the way this all went down. The government learned of the attack—not from MHI, but from local media reports. MHI, a government contractor, is supposed to inform government ministers immediately in view of an informational breach.
“It’s up to the defense ministry to decide whether or not the information is important. That is not for Mitsubishi Heavy to decide. A report should have been made,” said a defense ministry spokesman, speaking to Reuters.
The attacks were reportedly conducted using spear phishing techniques, which—that they succeeded at all in today’s hacker-flush “you-ought-to-know-better” climate—is somewhat remarkable. Spear phishing involves contacting (usually through email) individuals directly, pretending to be a trustworthy party and requesting security information, say someone’s password or authentication credentials.
Haven’t we learned yet that transmitting secure information through clear text mechanisms like email is never, ever alright, as in “for anyone from any walk of life, period”?