Slashdot Mirror

← Back to Stories (view on slashdot.org)

Japan Will Stage Mock Cyberattacks

Posted by Zonk on from the boyscout-motto dept.

freaktheclown writes "Japan is set to start staging mock cyberattacks on various companies as precautionary exercises. According to the article: 'Japan will conduct nationwide exercises next year to prepare effectively for cyberattacks on computer networks. Mock cyberterrorists will simulate attacks on computer networks of businesses and government organizations to discover vulnerable areas, the Yomiuri Shimbun reported Wednesday. Participants in the exercises will include financial institutions, communications companies and Internet service providers, as well as the central government and local governments.'"

28 of 99 comments (clear)

  1. Let the war games begin... by It+doesn't+come+easy · · Score: 4, Interesting

    If you are developing your own cyberattack techniques, here's your chance to test them while "hiding in plain sight".

    --
    The NSA: The only part of the US government that actually listens.
    1. Re:Let the war games begin... by Jerry+Coffin · · Score: 5, Insightful
      If you are developing your own cyberattack techniques, here's your chance to test them while "hiding in plain sight".

      Doubtful. Though it's not explicitly stated in the original article, for a test like this to be at all meaningful, the attackers and attackees will compare notes very carefully at the end of the test to help the attackees harden their servers against whatever attacks worked. Any other attacks during the test are likely to be examined in even more detail, by more skilled specialists, than usual.

      --
      The universe is a figment of its own imagination.

      --
      The universe is a figment of its own imagination.
  2. Radioactive Reptiles? by Anonymous Coward · · Score: 3, Funny

    So how many radioactive reptiles does it take to bring down a server?

  3. Yay Japan. And Thanks... by blunte · · Score: 5, Insightful

    This is great. I hope we learn something important from observing this, and frankly I'm glad we (US) aren't having to pay for it.

    --
    .sigs are for post^Hers.
  4. Re:Smokescreen. by Jerry+Coffin · · Score: 5, Informative
    This is the perfect smokescreen for some 'renegade' Chinese to do some real damage.

    Nonsense. Next time you might try RTFA instead of hurrying so much to get in an early post. If you'd read it you'd realize that the intent is to set up mirrors of the real machines, and the scheduled attacks will be against the mirrors. Any attack against the real machine will look just like it always would.

    --
    The universe is a figment of its own imagination.

    --
    The universe is a figment of its own imagination.
  5. Why "Mock" by Anonymous Coward · · Score: 5, Funny

    Whenever I need to test my new firewall installation, I just open up an IRC session or post a Usenet post (containing my IP address) saying something like "Hi there, I'm a researcher for Microsoft/SCO/Natalie Portman/George Bush and I've been watching you all and you are all lamers"
    Then I just wait for the attack to begin.

    (although, when I say I'm working with Natalie Portman, most of the attacks seem to come in on port 79 for some reason...)

    1. Re:Why "Mock" by aicrules · · Score: 2, Insightful

      While I'm pretty sure you were being sarcastic...you wouldn't want to do this because if this type of attack is successful you may actually lose something.

    2. Re:Why "Mock" by aicrules · · Score: 3, Insightful

      For smaller companies and websites, yes, that's a fine way to test. Especially when you would otherwise not have resources to do so. However, a financial institution would be committing business and legal suicide to allow something like this to happen. If a hacker were successful, that means they compromised security around some VERY sensitive and important information. And once it's compromised...why not steal billions of dollars? Or sell personal information from the accounts you find?

      It really doesn't work well for those types of scenarios.

    3. Re:Why "Mock" by temojen · · Score: 2, Insightful

      They want to simulate attacks by a skilled and clandestine attacker, not the noisy fumbling of script kiddies, perhaps?

    4. Re:Why "Mock" by b1t+r0t · · Score: 4, Funny
      Whenever I need to test my new firewall installation, I just open up an IRC session or post a Usenet post (containing my IP address) saying something like "Hi there, I'm a researcher for Microsoft/SCO/Natalie Portman/George Bush and I've been watching you all and you are all lamers" Then I just wait for the attack to begin.

      Do you also tell them your IP address is 127.0.0.1?

      --

      --
      "Open source is good." - Steve Jobs
      "Open source is evil." - Microsoft
    5. Re:Why "Mock" by JVert · · Score: 2, Informative

      He's just testing his firewall installation, its not put into production yet so the attackers can flame away. He just needs to make sure is real hive is not too close to the honeypot.

    6. Re:Why "Mock" by 'nother+poster · · Score: 3, Funny
      And many years ago.

      Come get some

    7. Re:Why "Mock" by trick-knee · · Score: 2, Funny

      > it's the finger port

      ew, gross.

  6. Smoking heap of server by The+name+is+Dave.+Ja · · Score: 2, Funny

    Company: Somebody set up us the bomb
    Government: HAHAHAHAHAHA
    Company: You killed kenny.somecorp.com.jp! You bastards!

    Maybe they're trying to stimulate hardware sales.

    --
    There are 10 kinds of people in the sig
    Smart people like me who understand binary.
    Those who don't. ...and 8 others - we'll call them 'undecided'.

  7. Hello, I'm about to attack you. by N8F8 · · Score: 5, Interesting

    I wonder if this is your typical test where only the strongest points are tested. Will hackers cold-call targeted businesses pretending to be admins verifying passwords?

    --
    "God fights on the side with the best artillery." - Napoleon, Marshal of France - speaking truth to power
  8. MocK? by redelm · · Score: 3, Interesting
    What is a mock attack? One without deadly payload? How can that be done with cyberattackes when the attack is frequently without payload other than reproduction? Or rather, the volume of the attack is the payload.

    These are either full attacks (perhaps cancellable) or they will lead to false confidence (IMHO more an American than a Japanese trait).

  9. Follow up by raider_red · · Score: 5, Funny

    To follow up the mock cyber-attacks, Japan will then undergo a mock giant robot attack, which will be followed by Godzilla drills.

    --
    It's good to use your head, but not as a battering ram.
    1. Re:Follow up by cryptochrome · · Score: 4, Funny

      This will test the readiness of Japan's angst-ridden teenage boys and scantily-clad schoolgirl assassins.

      --

      ---If you can't trust a nerd, who can you trust?

  10. We can start now! by Ced_Ex · · Score: 3, Funny

    Just post up a link on slashdot to any of the companies needing a test.

    --
    Live forever, or die trying.
  11. Tentacle rape? by hoggoth · · Score: 3, Funny

    Do these mock attacks include agents dressed as multi-tentacled demons attempting to rape the women?

    --
    - For the complete works of Shakespeare: cat /dev/random (may take some time)
  12. Are you sure it works? Of course! How do you know? by ngr8 · · Score: 4, Interesting

    In my days in big financial services tech hell, I was on the Disaster/Recovery planning committee. If the plan could not be really tested, it was fantasy hoping for good luck.

    The test cases weren't only terrorism - just what would happen if we had a steam explosion, the building was sprayed with asbestos, and the NYPD and FD put yellow tape around it.

    In Peopleware, Tom DeMarco tells of the job interview... "We need a juggler. Can you juggle?" "I'm great!" "Burning Logs?" "No problem!" "Animals?" "No problem-o!" "You've got the job!" "Don't you want to see me juggle?"

    So the idea of something that resembles live-fire testing is a very good idea. Intrusion testing, auditability (even open book audits as in "we're gonna ask you this, uber-geek!")is not perfect; however, I remember speaking with smug black frocked dotcommers who built systems that couldn't scale etc. etc.

    Ok. I think I'm gonna get some of that spray-on hair now and sort punch cards. But a test (if not completely lame)is a critical part. If the thing fails, do it again. If it passes the test, make the test harder. Fight dirty when you test - it will make for better results when the stuff hits the fan for real.

    --
    Verizon: Latin for "poor rural service".
  13. Oh, it's very easy... by Stormwatch · · Score: 5, Funny

    Just post your targets at Slashdot, and we will simulate a DoS attack.

    --
    Circumcision is child abuse.
  14. Cyberattacks, extra wasabe & ginger by digitaldc · · Score: 2, Informative

    An increasing number of companies and government offices have experienced cyberattacks. In one such case, kakaku.com, Japan's largest Web site specializing in product comparison information for consumer goods, had to be shut down temporarily after its code had been tampered with. ---------
    Sounds like they need to secure their code first, then they can perform mock attacks.
    On a side note, Kakaku.com sounds like a pr0n site

    --
    He who knows best knows how little he knows. - Thomas Jefferson
  15. In other news by BushCheney08 · · Score: 5, Funny

    US Will Mock Staged Cyberattacks

    --
    Be a real patriot: Question authority. Think for yourself. Formulate your own conclusions.
  16. How to jam cell phone comm by Rac3r5 · · Score: 2, Interesting

    Simple, just send 165+ text messages in less than a minute..

  17. Re:Yay Japan. And Thanks... by Alpha_Traveller · · Score: 2, Insightful

    Who says we're not paying for it?

    A) We're "paying for it" by not simulating our own right away and experiencing it ourselves.
    B) We're sitting by while someone else gets experienced hardened professionals out of it while we sit and watch.
    C) We're hoping they'll share information with us about the attacks and precautions taken. Do you really think they'll share everything? Hell no.

    My presumption is that we've been invited, but you never really know how much the US will be permitted to see or to participate.

    --
    "Love is like pi - natural, irrational, and very important." (Lisa Hoffman)
  18. all your networks are belong to us! by zixel · · Score: 4, Informative

    Original publication: http://www.yomiuri.co.jp/dy/national/20051005TDY01 003.htm They should definitely try social engineering techniques too. There was article [http://www.pacifict.com/Story/%5D written by a former Apple catractor that details how he worked on the graphing calculator app for a year without being an employee. Where I work, you just have to mention an employee's name and someone will assume that you work there. Of course I do work at Starbucks, but whatever [not really, I'm mean really not really].

  19. mock time wasting by ecumenical_40oz · · Score: 4, Funny

    I am currently staging a mock time-wasting drill in my office. The goal is to find out what would happen if an employee here were to spend all morning looking at slashdot instead of working. Will I be caught? Stay tuned for the results!