Yu Inamura, President, Japan Counter Intelligence Association
Chinese military hackers
infiltrated Japan’s top-secret network
On March 7, the Washington Post reported a shocking incident in which hackers from the Chinese People’s Liberation Army continuously infiltrated the “top-secret” network of Japan’s Ministry of Defense.
According to the paper, in 2020, General Paul Nakasone, director of the NSA and the US Cyber Command, and others rushed to Japan to explain the situation to the then Defense Minister, but the situation did not improve and the Chinese military continued to infiltrate until 2021. Therefore, the U.S. proposed support for Chinese malware countermeasures and other measures, but the Japanese side was wary of the involvement of “other countries’ militaries” in their own defense system and agreed that Japan would let private companies evaluate the vulnerability of their systems and study and collaborate on countermeasures.
Chinese military hackers were said to have targeted information on Japan’s defense plans, defense capabilities, and military deficiencies.
The 2020 incident.
Why was it reported now?
By the way, why was an incident that occurred in 2020 reported now?
It is thought that there are two reasons: Japan’s problems and the U.S.’ intentions.
While the U.S. has long pointed out the fragility of Japan’s cyber defense capabilities, Japan urgently needs to improve its cyber defense capabilities, including those of its Ministry of Defense, and the government has decided to increase defense spending to 2% of GDP by FY2027, but public opinion was very much against this.
Under these circumstances, it is possible that the U.S. dared to spread a negative story from this incident to Japanese society to confront serious issues, thereby encouraging Japan to continuously improve its cyber defense capabilities.
Or, they may have grown numb to Japan’s posture and are, in a sense, issuing a warning.
A Defense Ministry official said, “I assume that the timing of the news is meaningful. It may be a warning to Japan or a boost to Japan’s back.
This may be the intention of the U.S., which feels threatened by the current situation in Japan, its ally.
Would the U.S. and other friendly nations be willing to share classified information with Japan if Japan’s top-secret defense network had been infiltrated and Japan had failed to recognize it until other nations pointed it out to them? It is unlikely that Japan will ever be able to join the Five Eyes (a framework for sharing classified information among the five English-speaking countries of the United Kingdom, the United States, Canada, Australia, and New Zealand).
Japan does not currently have a security clearance system, but we cannot help but lament the current state of affairs in Japan when we consider that other factors have been discovered that make Japan anathema to friendly nations.
The U.S. has been monitoring Japan.
monitoring Japan?
The Washington Post reports, “The Japanese government was aware that the United States was spying on its ally, Japan.
Was the U.S. really spying on Japan?
The U.S. is constantly conducting intelligence operations in the cyber domain against China.
If the U.S., while monitoring China, were to track down hackers on the Chinese side and become aware of suspicious activities, such as excessive access to Japanese defense systems, or if China were to become aware of intrusions into Japan by Chinese forces because China possessed information that China did not know (i.e., information leaks from Japan were confirmed), the U.S. would be able to use its own intelligence to determine whether or not China was involved in such activities. If the U.S. recognizes an intrusion into Japan by Chinese military forces, the U.S. would be able to ascertain this event by monitoring China, not Japan.
On the other hand, Chief Cabinet Secretary Hirokazu Matsuno has stated that “there is no information leak” regarding this incident, and it is possible that the U.S. monitored the Japanese system/network and ascertained this incident.
An official of a government-related organization, while revealing that the U.S. is monitoring Japan, said, “The U.S., which cannot fully trust Japan’s defense system, is probably ‘managing’ Japan in order to protect its own country.
One of the largest cyber attack forces in the world
Chinese Military Cyber Attack Force
China is said to have one of the world’s largest cyber attack forces, with more than 170,000 cyber troops, including “about 30,000 specialized attack troops.
In China, the intelligence agencies of the People’s Liberation Army and the Ministry of State Security of the State Council are responsible for external intelligence and cyber-attacks, while the security agencies of the Ministry of Public Security are said to be engaged in countering cyber-attacks against the Chinese domestic market.
In addition, there are “state actors” known as APT10 (famous for its attacks on NTT and Fujitsu) and APT17 (which attacked the Japan Pension Service and stole the pension information of 1.25 million people), which are cyber attackers working with Chinese state agencies.
While past Chinese cyberattacks have often been carried out by Chinese military units, remote control of Chinese hackers scattered around the world makes it easier for authorities to hide any trace of their involvement.
According to the New York Times, it was reported that malware was planted in infrastructure systems that manage power transmission and water supply in Guam, where there are US military bases. The U.S. government has determined that “Volt Typhoon,” a hacker group supported by the Chinese government, was responsible for this. The purpose of the cyber-attack was to develop the capability to conduct cyber-attacks on U.S.-Asian communications infrastructure in the event of a contingency, the report said. The possibility that Guam’s military infrastructure could be compromised in the future came as a great shock to those involved.
Also in Japan this year, the Cabinet Cyber Security Center (NISC), the command post for Japan’s cyber security measures, found that 5,000 emails, email addresses, and other information may have been leaked due to unauthorized access from outside, and within the government, the attack was most likely carried out by China The government believes that the attack was most likely carried out by China.
Here again, the vulnerability of Japan’s cyber defense capability is exposed.
On the other hand, China’s cyber attacks even take advantage of civilians.
In December 2021, nearly 200 groups and organizations, including the Japan Aerospace Exploration Agency (JAXA), suffered a large-scale cyber attack starting in June 2016. Investigative authorities have booked two Chinese nationals on charges of unauthorized creation and provisioning of private electromagnetic records for contracting and using a rental server in Japan under a false name, which was used in that series of cyber attacks.
One of the Chinese nationals referred for prosecution is a former international student named “Wang Jianbin.
Wang was asked to sign a contract for a rental server by a military woman belonging to the People’s Liberation Army’s cyber attack unit, Unit 61419 (4th Bureau of Technical Reconnaissance, 3rd Department). A former supervisor at a Chinese state-owned company where Wang used to work is said to have connected Wang with the woman. In this way, China is using civilians (people like Wang) to carry out cyber attacks through various kinds of manipulation activities.
The threat of cyber-attacks is not only in cyberspace.
not only in cyberspace.
In cyber-attacks, there are many cases where maneuvering in real space is interwoven.
For example, access to the Ministry of Defense and the Self-Defense Forces is strictly controlled, but what about the case of the Self-Defense Forces’ prefectural cooperation headquarters, which are located in a joint building with city halls? In a joint government building, security cannot be as tight as at a Ministry of Defense or SDF base.
In addition, there are methods to conduct similar operations by inserting USBs containing malware, bribing contractors and employees, and turning them into agents as spies in places that are relatively easy to penetrate, such as ministries and city halls.
In the past, Tesla of the United States has been the target of Russian hackers.
The Russian hackers contacted a Tesla employee they had met several years earlier via the messenger application “WhatsApp” and offered the employee cash in exchange for “planting a virus on the company network by opening malware attached to an email or inserting a virus-infected USB flash drive into a Tesla PC. The employee reported the incident to the FBI, and it ended in an unsuccessful attempt.
Thus, in order to prevent cyber-attacks, the challenge is not only to improve the cyber domain but also to improve overall security (we must not forget the “backdoor” problem via Chinese-made products).
In order to counter China, Japan and the U.S. are strengthening cooperation between the U.S. military and the Self-Defense Forces, among other measures. In the future, the major issue will be to strengthen each security, such as improving cyber defense capabilities, including the urgent issue of securing cyber personnel, and the handling of Japan’s confidential information (security clearance), in order to share confidential information between Japan and the U.S. This incident poses a serious challenge to Japan.
(Yu Inamura, Representative Director, Japan Counter Intelligence Association)
