Nagano gov't hackers easily infiltrate 'Big Brother' network

[InfoSec News <isn () c4i org>]

Forwarded from: William Knowles <wk () c4i org>

http://mdn.mainichi.co.jp/news/20031216p2a00m0dm004000c.html

Mainichi Shimbun
Japan
December 16, 2003

Hackers could access private data held in the controversial resident 
registry network with a simple connection, data released by Nagano 
Prefecture has shown.

Tests by the prefecture to infiltrate the system found that access to 
private information on residents was accessible with local area 
network (LAN) connections, both from within and outside local body 
offices.

"(The network) is in a dangerous situation in which personal 
information can be stolen," specialists hired by the prefecture wrote 
in an evaluation of the access tests.

The tests were carried out between September and November this year in 
the Nagano Prefecture towns of Shimosuwa, Hata and Achi. Attempts to 
infiltrate the system were made using a computer through three 
different connections: from outside local body offices with a LAN 
connection, from within the offices with a LAN connection, and through 
the Internet.

In Shimosuwa, a wireless LAN card available in stores was used from 
outside government office buildings to successfully gain access to the 
names of people and other personal data.

Infiltration into the Big Brother system was also made in Achi through 
a LAN connection with the government office buildings, allowing them 
to control communication servers.

Sources familiar with the network said controlling the communication 
servers would make it possible to access the nationwide server 
controlled by the Local Authorities Systems Development Center by 
pretending to be a legitimate user. This would allow hackers to search 
for and view personal data on residents nationwide.

Part of the tests also reportedly showed that it was possible to 
falsify personal data in the network and send it to servers 
nationwide.

The tests were carried out over a period of 3 1/2 days and were not 
detected.

Attempts made to access the resident register network in Hata through 
the Internet failed under the security system that was in place.

Minister of Public Management, Home Affairs, Posts and 
Telecommunications Taro Aso countered the Prefecture's claims of 
weaknesses in the system by saying its essential firewall had not been 
broken and that other local bodies were not affected.

Nagano Prefectural officials said attempts to infiltrate the firewall 
had not been made because it would break illegal access laws.

The Nagano Prefectural Government has been trying to hack into the Big 
Brother system in an apparent bid to use the results as the basis for 
justifying its withdrawal from the network.


 
*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
----------------------------------------------------------------
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
================================================================
Help C4I.org with a donation: http://www.c4i.org/contribute.html
*==============================================================*



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.