[ISN] Defense Agency investigates data leak

From: InfoSec News (isnat_private)
Date: Thu Aug 08 2002 - 01:08:06 PDT

  • Next message: InfoSec News: "[ISN] Flaw discovered in Symantec firewall"

    Forwarded from: William Knowles <wkat_private>
    The Japan Times
    August 7, 2002  
    The Defense Agency opened an investigation Tuesday into a suspected
    case of blackmail involving data allegedly leaked through a
    subcontractor hired to help develop a 1.1 billion yen computer network
    for the Self-Defense Forces.
    The data, which includes plans of the system's design and more than
    10,000 Internet Protocol addresses on the network used by the Ground
    Self-Defense Force and the Air Self-Defense Force, is believed to have
    been taken from a software firm subcontracted by Fujitsu Ltd., the
    developer of the system.
    In late June, three to four men contacted Fujitsu on several occasions
    to blackmail the company into buying back the data, the officials
    said. They did not specify a price. According to sources close to the
    case, one of the suspected blackmailers may be a former Self-Defense
    Force member who had belonged to a unit in western Japan. On one
    occasion, one of them claimed to be a "newphew" of a former Defense
    Agency chief, they said.
    After they reportedly threatened to sell the data elsewhere, Fujitsu
    contacted the agency, which confirmed the authenticity of the data.
    The IP addresses, which are used to designate each computer that can
    log onto the system, could give enemies a way to hack into the
    network. But Defense Agency officials said the theft poses little risk
    to national security.
    "Even knowing the IP addresses, it is not possible to enter the
    system. Identification numbers and passwords are needed," a
    high-ranking agency official said. "There should not be any problems
    with security, but just in case, we have decided to change the
    The Defense Agency's computer network links computers at more than 200
    bases and military facilities across the country. It is used to
    exchange data on personnel changes and other information, the
    officials said, adding that there are no defense secrets and military
    information available on the network.
    The stolen data, which also included details on several networks used
    by the SDF, was apparently compiled by Fujitsu Ltd., the main
    developer of the network. The leak occurred when Fujitsu subcontracted
    some of the software development to another company, where the data
    was allegedly stolen before Fujitsu could deliver the system to the
    agency, the officials said.
    According to the sources, Fujitsu handed computer discs holding the
    stolen data to one of the subcontractor's employees. From there, it is
    believed to have fallen into unsafe hands, the sources said.
    The computer system was delivered to the Defense Agency late last year
    and began operating in the spring.
    Fujitsu officials said that overall, about 200 employees from 32
    companies other than Fujitsu were involved in the project.
    On Tuesday, Fujitsu filed a criminal complaint with the Kanagawa
    Prefectural Police in the suspected blackmailing case.
    Meanwhile, Chief Cabinet Secretary Yasuo Fukuda told reporters the
    government is taking "all necessary measures" to deal with the case.
    Asked about Defense Agency chief Gen Nakatani's responsibility in the
    case, Fukuda said, "We have to know first to what extent the leaked
    data had to be confidential. It is way too early to discuss his
    "Communications without intelligence is noise;  Intelligence
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Thu Aug 08 2002 - 03:46:17 PDT