Fujitsu is reportedly working on a malware designed to track and disable systems behind a cyber-attack for the Japanese government.
Fujitsu is reportedly working on a cyber-weapon for the
Japanese government designed to track and disable the sources of cyber-attacks,
according to a Japanese newspaper.
Japan's Defense Ministry has commissioned Fujitsu to develop
a virus capable of tracking, identifying and disabling the systems being used
by cyber-attackers, the Yomiuri Shimbun
reported Jan. 3. The Defense Ministry's Technical Research and Development
Institute awarded the three-year project, which reportedly has a $2.3 million
price tag, to Fujitsu in 2008.
The project includes both the virus and a system to monitor
and analyze cyber-attacks, according to Yomiuri. The virus has already been
tested in a "closed network environment" to test the capabilities
without it accidentally being released into the wild, anonymous sources told the
Yomiuri said Fujitsu declined comment, citing client
confidentiality. The company did not respond to requests for comment from eWEEK.
The malware under development is designed to trace
connections to identify where the cyber-attack is originating from, as well as
all the "springboard" computers being used to launch the attack,
Yomiuri said. It reportedly has the ability to collect relevant information
from the attacking system and disable the malicious program, halting the attack
in progress. It appears to be the most effective in tracking back the sources
of distributed denial of service (DDoS) attacks as well as some types of
attacks aimed at stealing information from compromised systems.
The idea of tracking down the source of attacks and taking
active steps to halt an attack is an increasingly popular concept as
organizations shift away from passive defenses. For example, Israel-based
Radware offers "counter-attack" capabilities in its Attack Mitigation
System to help organizations fight off distributed denial of service attacks.
Many anti-DDoS systems focus on just increasing the
organization's ability to "absorb" the attacks and try to outlast the
attackers, Carl Herberger, vice-president of security solutions at Radware,
told eWEEK in an earlier interview. Radware, in contrast, relies on various
tools that make it harder for the attacker to sustain the campaign and cause
them to abandon the fight, he said.
Counterattacks are ways to neutralize the attacking tool in
a passive, non-intrusive way. Techniques include applying sophisticated filters
that slow down the malicious traffic hitting the organization's servers or just
adding some lag time when attacking systems try to establish a connection,
according to Radware. These steps would result in the attack taking longer to
complete, or even cause the attacking program to time out or crash, thus
"exhausting" the attacker into quitting the campaign, Herberger said.
By that measure, Fujitsu's attempt to automate the process
by disabling the malicious program on the attacking system itself appears to be
Under Japanese law, the military is restricted from
launching cyber-attacks, and this new cyber-weapon is also limited by a law
that bans anyone from developing computer viruses. The Defense and Foreign
Ministries are reportedly discussing possible legal changes, according to
"When you're trying to gather digital forensic evidence
as to what has broken into your network, and what data it may have stolen, it's
probably not wise to let loose a program that starts to trample over your hard
drives, making changes," Graham Cluley, a senior technology consultant at
Sophos, wrote on the Naked
Security blog. Cluley questioned the ramifications of another application,
even if it is a "good virus," running on another person's computer.
However, a Defense Ministry official downplayed the tool's
offensive capabilities, telling Yomiuri that the technology was developed for
defensive use, such as identifying which terminal within the Japanese
Self-Defense Forces was initially targeted.
The Japanese government was hit by several attacks in 2011. Mitsubishi
Heavy Industries, the country's largest defense contractor, was infected by an information-stealing
Trojan attack in September that successfully stole sensitive information. Several
computers belonging to several members of Japan's parliament were also
compromised by a malicious email over the summer.