Skip navigation

Tag Archives: information security

I’ve had this post on the backburner for a while, and it’s amazing how much relevant news has passed through. However, a couple of days ago I opened up Google Reader (great RSS reader, people) and I found this gem:

Japan to keep secrets from officers with foreign spouses: report
Wed Jun 27, 2:02 AM ET

TOKYO (AFP) – Japan’s navy plans to move officers married to foreigners away from posts with access to military secrets after sensitive data was leaked through an officer with a Chinese wife, a report said Wednesday. […]

The move is aimed at protecting military secrets in the wake of an embarrassing leak of confidential information on the US-developed high-tech Aegis combat system, the conservative daily said.

About 150 officers out of a total of 40,000 are married to foreign nationals, according to the daily. Of them, 100 are Chinese, it said. […]

A 33-year-old petty officer allegedly obtained confidential data on the Aegis system without authorisation. […]

The leak came to light after the officer’s Chinese wife was arrested in January for a visa violation.

However, an unconfirmed newspaper report later said the leak may have occurred by accident when the officer was swapping pornography over the Internet. […]

I had a Japanese acquaintance who swore blind that Japan’s military ills were because of the scourge of the zainichi (ethnic Koreans/Chinese largely born and bred in Japan), particularly the Koreans. For him, the reason the US did not share much technology with the US was because Japan coddled these zainichi who had ties to their motherlands. Now, while there is some truth to his opinion once you get over the xenophobic overtones, I think the main reason that the SDF and Japanese defence industry is kept at bay by the Americans is simple: they do not know how to handle information security!

The main culprit in all this, also suggested in the article above, is Winny, a Japanese peer-to-peer filesharing programme. Rod over at RDV Live from Tokyo reported on a Yomiuri article that stated the programme was implicated in 27 breaches since 2002 within the GSDF alone! I found a copy of the article and present it for your pleasure:

Winny linked to more GSDF data breaches

The Yomiuri Shimbun
Jan. 9, 2007

Members of the Ground Self-Defense Force have inadvertently allowed information to be exposed in 27 cases via the Winny file-sharing program installed on their personal computers between fiscal 2002 and the end of October, sources close the GSDF said Monday.

In addition to the 27 cases, four other cases have previously been brought to light.

The Defense Agency has not released information about any of the data breaches, including what had been disclosed, the sources said.

In four cases, information was exposed after the agency announced measures in April to prevent further incidents.

The information leaks have brought to light lax informational security controls on information the agency had put in place, despite the fact it was to be upgraded to a ministry Tuesday.

According to the sources, GSDF members were involved in security breaches related to Winny once in fiscal 2002, three times in fiscal 2003 and another three times in fiscal 2004, but the number of incidents jumped to 20 in fiscal 2005.

In fiscal 2006, four such security breaches have been confirmed, the sources said.

The information leaks did not include classified documents, but in eight cases, documents, including training data containing sensitive information capable of impeding the execution of plans were disclosed.

Furthermore, data on general operations and personal information, such as lists of GSDF members and related organizations that were compiled and used by individual members, as well as photos were exposed.

Following the February revelation of information leaks on Maritime Self-Defense Force destroyers, the agency immediately procured about 56,000 computers for use by SDF members and prohibited members from using their own computers to handle SDF data.

An agency official said the agency’s revelation that information had been exposed could result in more people searching for–and perhaps finding–compromised materials on the Internet, heightening the danger such information could be found and maliciously used.

The leak of information about the Ballistic Missile Defence project and the Aegis systems aboard MSDF Kondo-class vessels has the US worried:

Japan defense leak “serious problem”: U.S. forces
Fri Jun 22, 3:45 AM ET

TOKYO (Reuters) – The leak of data on the missile defense system Japan shares with Washington is a “serious problem,” and both nations must work together to improve security, the U.S. forces commander in Japan urged on Friday. […]

“The stated position of the U.S. government and the U.S. military is that this is a very serious problem,” Bruce Wright, the commander of U.S. forces in Japan, told a news conference.

“The United States remains very committed to working with our Japanese counterparts to make sure … the impact of the leaked information is understood, and together how to improve our operational security and specifically improve the operational security of the Japan Self-Defense Forces, working on it together.” […]

While the US sees Japan as an ally that still doesn’t pull its weight (although this appears to be slowly changing), an ally unwilling to aid its security guarantor through collective defence, and an ally that cannot keep its secrets, Japan will never be treated as an equal in the relationship. That is why Congressman Honda managed to kick up a fuss over the comfort women, and that is why there are fewer and fewer people around to stick up for Japan. It is also the US that is pushing Japan to get the legislation in place to shore up the sieve-like qualities of Japan’s SDF. The US wants to help, it has vested interest in doing so, but one wonders how much it can take. That is not to say that the end of the alliance is nigh, but rather that Japan is doing little more than pushing the US away (as seen in the abduction issue, among others)

The SDF Law marks defence leaks as a crime, but only since 2001. All leaks are bad, but one wonders about this latest method to fix the holes. Rather than a blanket security policy regarding foreign wives, why are the SDF vetting them? While in the top article the SDF is quick to refute the claims that it is a blanket ban, one wonders if it is so far fetched… Either way, they’d be much better off controlling their IT security ahead of discriminating against those with relationships with foreigners, yet they will never listen. The outsider is always easier to blame.