Mitsubishi Heavy Industries, Ltd. (MHI) Hit by Cyber-Attacks; Data Stolen

The Daily Yomiuri - September 20, 2011

Mitsubishi Heavy Industries, Ltd. (MHI) has come under cyber-attack by unidentified hackers who are believed to have stolen confidential data from defense- and nuclear power-related facilities run by the major machinery maker, sources familiar with the case said.

About 80 servers and computers at MHI factories, including those used to build state-of-the-art submarines, missiles and nuclear power plants, have been infected with computer viruses, according to the sources.

"We are investigating all the facts of the case," an MHI spokesman said.

The servers and computers in question were apparently penetrated from outside the company, and there are indications that some confidential information has been stolen from the machines.

MHI reported the incident to police after concluding that its servers and computers had been targeted by what are known as spear attacks, the sources said.

The latest revelation is the first of its kind to be made in connection with cyber-attack on the nation's defense industry, according to observers.

The attacked facilities are eight manufacturing bases and research centers run by MHI in various parts of the nation, as well as its head office in Tokyo. They include MHI's Kobe Shipyard & Machinery Works in Kobe; its Nagasaki Shipyard & Machinery Works in Nagasaki; and its Nagoya Guidance & Propulsion Systems Works in Komaki, Aichi Prefecture.

According to Self-Defense Forces and MHI sources, the Kobe shipyard produces nuclear power plants and submarines, while the Nagasaki facility manufactures SDF destroyers. Meanwhile, the Komaki factory is responsible for producing guided missiles used to intercept ballistic missiles, as well as rocket engines, essential for the promotion of space development.

In mid-August, MHI discovered some of its servers had been infected with computer viruses, and the company asked an Internet security company to investigate.

Of about 80 servers and computers determined to have been infected, the security firm analyzed several servers used to store nuclear power- and defense-related data first and foremost. The analysis uncovered a leak of information about MHI's computer system, while also discovering data previously stored on a certain server had been transferred to another. Some data files may also have been stolen, according to the sources.

MHI has confirmed its servers and computers have been infected by at least eight viruses, including some Trojan horse programs. By infecting target computers with Trojan horse viruses, hackers can operate affected computers from outside, sneaking looks at the devices' screens and sending information stored in these computers to outside computers.

Some other viruses could enable hackers to eavesdrop on people near infected computers using the computer microphones. They also could operate cameras attached to target computers, monitoring the area around the cameras. Some programs can obliterate all traces of hacker penetration on targeted computers, making it impossible to determine what kind of damage they may have caused to MHI servers.

The security firm and others affected by the latest cyber-attacks fear MHI servers and computers may have been subject to infection before August. This means confidential data may have been stolen from MHI for a much longer period. The security firm is hurrying to analyze where the attacks on the MHI servers and computers originated.

http://www.yomiuri.co.jp/dy/national/T110919004416.htm