FacebookTwitterLinkedIn

Japan Looking to Adopt Defensive Malware

Various Japanese news outlets reported that the Japanese Defense Ministry has adopted policies to enable the creation and maintenance of cyber-weapons in the form of malware. Japan is the latest country to announce that to formally recognize that it owns and develops cyber-weapons along with the US, UK, and Germany. According to the Japan Times the malware, which is to be created by a private company and the malware will be able to break into a computer system, hoping such a computer virus could work as a deterrent against cyber attacks. The malware is intended to be used as a defensive measure only according to government officials.

This announcement comes as part of the Japanese Defense Ministry plan to enhance its defensive capabilities beyond the ground, marine, and air domains but adopting both cyber and outer space as new areas requiring defensive expansion. Compared with other nations Japan is perceived to be lagging behind in its capability in addressing cyber threats. In order to readdress this, the ministry is looking to increase the number of personnel in its cyberspace unit to 220 from 150. This number is still considered small when one compares it to other countries with 6,200 personnel in the United States, 7,000 personnel in North Korea and 130,000 personnel in China according to data collected by the ministry.

According to an article published by ZDNet.com, a source believes the malware could be completed by the end of the fiscal year. Some critics have questioned whether developing malware to deter foreign actors is perhaps foolish. Countries like Israel, China, Russia, North Korea, and Iran develop malware to be deployed aggressively, would these sates be deterred by defensive malware? Another scenario to consider is other states targeting Japan in order to steal defensive malware. This view is not without real-world scenarios. The US, a country with vast arrays of cyber weapons has come under increasing attack by Russian and Chinese state actors in order to steal these cyber weapons.

This is also not the first time Japan has attempted to develop a cyber arsenal. In 2012 the Japanese Government commissioned Fujitsu to develop “search and destroy” malware. The development of the malware was the result of a three-year 2.3 million USD project that also involved developing tools capable of monitoring and analyzing the sources of hacking attacks. This project found mixed results, one of the reasons for this is that tracing the source of cyber-attacks is notoriously difficult, mainly because attackers routinely hide behind botnets and anonymous proxies to launch attacks, such as denial of service assaults. The malware reportedly developed by Fujitsu is designed to trace connections back to their controlling hosts before disabling them. Getting this right is a far from a trivial process and the potential for collateral damage, even before hackers develop countermeasures, appears to be considerable.

japan looking to adopt defensive malware

One of the problems faced by the 2012 project will also hamper the new project, with that been Japanese law. The law currently prohibits offensive responses in retaliation to cyber-attacks, another potential problem but one that's easier to resolve perhaps by updating current laws. The current prohibition has more to do with post-Second World War agreements that restrict Japanese military capabilities than local laws against the creation of malware. This hurdle has been decreased significantly as the government recently passed legislation allowing National Institute of Information and Communications Technology (NICT) employees to hack into citizens' IoT devices using default or weak credentials, as part of an unprecedented survey of insecure IoT devices. It is conceivable that more legislation could be passed to decrease this obvious hurdle to Japan.

Israel Chooses a Different Response to Cyber Attacks

On May 6, the Israel Defence Force confirmed via social media that it had successfully bombed a building housing Hamas cyber operatives in response to a cyber attack launched by Gaza’s ruling militant group over the weekend. The twitter post stated that

“Following our successful cyber defensive operation, we targeted a building where the Hamas cyber operatives work. HamasCyberHQ.exe has been removed,”

The Times of Israel learned from Israeli officials that the cyber attack took place on Saturday and its goal was “harming the quality of life of Israeli citizens,” but the exact target was not disclosed. Officials said the attack was not particularly sophisticated, but no other information was made public as Israel is allegedly concerned that it might reveal details about its cyber capabilities to Hamas. While not confirmed by the IDF, numerous sources believe that Hamas has had the ability to hack Israeli drones.

This response is considered a first for the IDF, however, responding with brute force to cyber-attacks has been done before. In 2015, the United States claimed it had killed a top Islamic State hacker, British-born Junaid Hussain, in a drone strike in Syria. Threats of responding to cyber attacks using brute force are not uncommon either with the US threatening to counter cyber-attacks with nuclear weapons in what was a display of bravado and complete lack of sense. Such threats may become more common as in 2016 the North Atlantic Trade Organization (NATO) officially announced that “cyber” will become an official battleground for its members, which means that cyber attacks on one country will trigger a collective military response from the entire alliance. This statement effectively broadens NATO’s area of operations to include cyber after land, sea, and air. When this is read in conjunction with the organisation's Article 5 dictates that any attack on one of its members is to be considered an attack on all, and the response should come from all. Until now, this has meant military assaults via air, sea, and land can now perceivably include a cyber attack.

▼ Show Discussion

About the author:

Karolis Liucveikis

Karolis Liucveikis - experienced software engineer, passionate about behavioral analysis of malicious apps.

Author and general operator of PCrisk's "Removal Guides" section. Co-researcher working alongside Tomas to discover the latest threats and global trends in the cyber security world. Karolis has experience of over five years working in this branch. He attended KTU University and graduated with a degree in Software Development in 2017. Extremely passionate about technical aspects and behavior of various malicious applications. Contact Karolis Liucveikis.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal