Universities the weak link when hackers strike Japan

Nikkei -- Sep 18

Overseas hackers are thought to have made off with information on Japan's maritime strategy in a March attack on specific people at national universities, which a Nikkei survey has found to be growing targets for their relatively lax security and sensitive knowledge.

An attacker posing as a Cabinet Office staffer attached to a government council on ocean policy emailed malware-laced files to professors at targets including the prestigious University of Tokyo and the Kyushu Institute of Technology. At least one apparently took the bait and opened a file, making possible the theft of information.

The council was formulating Japan's basic plan on ocean policy, which guides the nation's defense of outlying islands and development of maritime resources. It also includes representatives from the Self-Defense Forces; the Japan Business Federation lobby, or Keidanren; and heavy machinery builder IHI.

A China-based hacking group is suspected of playing a part in the attack. There are concerns that the incident could prompt further attacks using fraudulent information and targeting core government institutions.

Overseas groups appear to be increasingly attacking specific targets at Japanese national universities, which work closely with businesses and government but tend to have weaker security, the Nikkei survey suggests. The universities are counted on to improve the country's overall research capabilities. They also receive more in subsidies than private universities and fall under freedom-of-information legislation.

[Image: Information on Japan's plans for defending outlying islands may have been stolen in March's attack. (Courtesy of Japan Ground Self-Defense Force)] Information on Japan's plans for defending outlying islands may have been stolen in March's attack. (Courtesy of Japan Ground Self-Defense Force) Since fiscal 2015, when personal information on more than 1 million people was stolen in an attack on Japan's pension system, 87% of national universities responding to the survey said they had suffered network break-ins, and 34% had information stolen or work impeded as a result. Specific individuals were targeted at 20% of the schools.

Nikkei conducted the survey with Nikkei xTech, a specialist site under Nikkei Business Publications. Of 82 schools contacted, 48 answered, for a response rate of around 60%.