[ISN] Nagano gov't hackers easily infiltrate 'Big Brother' network

From: InfoSec News (isn@private)
Date: Tue Dec 16 2003 - 03:35:45 PST

  • Next message: InfoSec News: "[ISN] N.S. calls for better security"

    Forwarded from: William Knowles <wk@private>
    
    http://mdn.mainichi.co.jp/news/20031216p2a00m0dm004000c.html
    
    Mainichi Shimbun
    Japan
    December 16, 2003
    
    Hackers could access private data held in the controversial resident 
    registry network with a simple connection, data released by Nagano 
    Prefecture has shown.
    
    Tests by the prefecture to infiltrate the system found that access to 
    private information on residents was accessible with local area 
    network (LAN) connections, both from within and outside local body 
    offices.
    
    "(The network) is in a dangerous situation in which personal 
    information can be stolen," specialists hired by the prefecture wrote 
    in an evaluation of the access tests.
    
    The tests were carried out between September and November this year in 
    the Nagano Prefecture towns of Shimosuwa, Hata and Achi. Attempts to 
    infiltrate the system were made using a computer through three 
    different connections: from outside local body offices with a LAN 
    connection, from within the offices with a LAN connection, and through 
    the Internet.
    
    In Shimosuwa, a wireless LAN card available in stores was used from 
    outside government office buildings to successfully gain access to the 
    names of people and other personal data.
    
    Infiltration into the Big Brother system was also made in Achi through 
    a LAN connection with the government office buildings, allowing them 
    to control communication servers.
    
    Sources familiar with the network said controlling the communication 
    servers would make it possible to access the nationwide server 
    controlled by the Local Authorities Systems Development Center by 
    pretending to be a legitimate user. This would allow hackers to search 
    for and view personal data on residents nationwide.
    
    Part of the tests also reportedly showed that it was possible to 
    falsify personal data in the network and send it to servers 
    nationwide.
    
    The tests were carried out over a period of 3 1/2 days and were not 
    detected.
    
    Attempts made to access the resident register network in Hata through 
    the Internet failed under the security system that was in place.
    
    Minister of Public Management, Home Affairs, Posts and 
    Telecommunications Taro Aso countered the Prefecture's claims of 
    weaknesses in the system by saying its essential firewall had not been 
    broken and that other local bodies were not affected.
    
    Nagano Prefectural officials said attempts to infiltrate the firewall 
    had not been made because it would break illegal access laws.
    
    The Nagano Prefectural Government has been trying to hack into the Big 
    Brother system in an apparent bid to use the results as the basis for 
    justifying its withdrawal from the network.
    
    
     
    *==============================================================*
    "Communications without intelligence is noise;  Intelligence
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    ----------------------------------------------------------------
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    ================================================================
    Help C4I.org with a donation: http://www.c4i.org/contribute.html
    *==============================================================*
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Tue Dec 16 2003 - 06:17:22 PST