Defense Agency investigates data leak

[InfoSec News <isn () c4i org>]

Forwarded from: William Knowles <wk () c4i org>

http://www.japantimes.co.jp/cgi-bin/getarticle.pl5?nn20020807a2.htm

The Japan Times
August 7, 2002  

The Defense Agency opened an investigation Tuesday into a suspected
case of blackmail involving data allegedly leaked through a
subcontractor hired to help develop a 1.1 billion yen computer network
for the Self-Defense Forces.

The data, which includes plans of the system's design and more than
10,000 Internet Protocol addresses on the network used by the Ground
Self-Defense Force and the Air Self-Defense Force, is believed to have
been taken from a software firm subcontracted by Fujitsu Ltd., the
developer of the system.

In late June, three to four men contacted Fujitsu on several occasions
to blackmail the company into buying back the data, the officials
said. They did not specify a price. According to sources close to the
case, one of the suspected blackmailers may be a former Self-Defense
Force member who had belonged to a unit in western Japan. On one
occasion, one of them claimed to be a "newphew" of a former Defense
Agency chief, they said.

After they reportedly threatened to sell the data elsewhere, Fujitsu
contacted the agency, which confirmed the authenticity of the data.

The IP addresses, which are used to designate each computer that can
log onto the system, could give enemies a way to hack into the
network. But Defense Agency officials said the theft poses little risk
to national security.

"Even knowing the IP addresses, it is not possible to enter the
system. Identification numbers and passwords are needed," a
high-ranking agency official said. "There should not be any problems
with security, but just in case, we have decided to change the
addresses."

The Defense Agency's computer network links computers at more than 200
bases and military facilities across the country. It is used to
exchange data on personnel changes and other information, the
officials said, adding that there are no defense secrets and military
information available on the network.

The stolen data, which also included details on several networks used
by the SDF, was apparently compiled by Fujitsu Ltd., the main
developer of the network. The leak occurred when Fujitsu subcontracted
some of the software development to another company, where the data
was allegedly stolen before Fujitsu could deliver the system to the
agency, the officials said.

According to the sources, Fujitsu handed computer discs holding the
stolen data to one of the subcontractor's employees. From there, it is
believed to have fallen into unsafe hands, the sources said.

The computer system was delivered to the Defense Agency late last year
and began operating in the spring.

Fujitsu officials said that overall, about 200 employees from 32
companies other than Fujitsu were involved in the project.

On Tuesday, Fujitsu filed a criminal complaint with the Kanagawa
Prefectural Police in the suspected blackmailing case.

Meanwhile, Chief Cabinet Secretary Yasuo Fukuda told reporters the
government is taking "all necessary measures" to deal with the case.

Asked about Defense Agency chief Gen Nakatani's responsibility in the
case, Fukuda said, "We have to know first to what extent the leaked
data had to be confidential. It is way too early to discuss his
responsibility."


 
*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.