Slashdot Mirror

← Back to Stories (view on slashdot.org)

Japan's Largest Defense Contractor Hacked

Posted by samzenpus on from the show-me-the-secrets dept.

wiredmikey writes "Mitsubishi Heavy Industries Ltd, Japan's largest defense contractor, has been a victim of a cyber attack, according to a report from the company. The company said attackers had gained access to company computer systems, with some reports saying the attacks targeted its submarine, missile and nuclear power plant component businesses. According to The Yomiuri newspaper, approximately 80 systems had been infected with malware at the company's headquarters in Tokyo, as well as manufacturing and research and development sites, including Kobe Shipyard & Machinery Works, Nagasaki Shipyard & Machinery Works and Nagoya Guidance & Propulsion System Works. 'We can't rule out small possibilities of further information leakage but so far crucial data about our products or technologies have been kept safe,' a Mitsubishi Heavy spokesman told Reuters. 'We've found out that some system information such as IP addresses have been leaked and that's creepy enough,' the spokesman added."

96 comments

  1. what the data security run by Sony? by lecheiron · · Score: 5, Funny

    that must explains it.

    1. Re:what the data security run by Sony? by antdude · · Score: 1

      "what the data security run by Sony?" sounds funny. :)

      --
      Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
    2. Re:what the data security run by Sony? by Anonymous Coward · · Score: 0

      Prease mod down framebait.

  2. A soft perimeter is a good thing. by Karmashock · · Score: 3, Interesting

    Letting hackers half way into your system especially when you're dealing with state sponsored hacking groups or corporate espionage is not a horrible idea so long as you make it work for you.

    After all even though they're in your systems you have have an opportunity to log them in a way that you don't if they're just scrapping on the outside. Build a multi-tiered defense and let them get all the information that you don't actually care about. For example... promotional information and publicly released data. You can also have dummy files thrown around with garbage data filled in rather then the real specs. Have fun with it. But the really secret stuff... consider not having that on the network at all. If you're talking about top secret information... maybe that calls for an armed courier.

    --
    I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
    1. Re:A soft perimeter is a good thing. by Dunbal · · Score: 5, Informative

      Congratulations you have (re)invented the Honey Pot.

      --
      Seven puppies were harmed during the making of this post.
    2. Re:A soft perimeter is a good thing. by Anonymous Coward · · Score: 1

      Better yet, have engineers design flaws into the "valuable" information that would go undetected until the devices self-destruct while in use. A few metric to imperial conversion errors is all it takes.

    3. Re:A soft perimeter is a good thing. by Anonymous Coward · · Score: 0

      Better yet, have engineers design flaws into the "valuable" information that would go undetected until the devices self-destruct while in use. A few metric to imperial conversion errors is all it takes.

      And how do you plan to keep track of the intentional mistakes? You only need to replace one or two people in the organization to forget about these deliberate mistakes, and the company will be producing devices that self-destruct.

    4. Re:A soft perimeter is a good thing. by JoshuaZ · · Score: 3, Informative

      There are allegations that the US did just that to the Soviet Union during the cold war. See http://www.zdnet.co.uk/news/it-strategy/2004/03/01/us-software-blew-up-russian-gas-pipeline-39147917/.

    5. Re:A soft perimeter is a good thing. by Anonymous Coward · · Score: 0

      Even if you have a multi-tiered system with strict policies not to take future product designs out of the most secure systems... it is a virtual certainty that someone has a copy of the top-secret designs on his internet-connected low-security desktop, because he needed it there to get his job done and working on the locked-down top-secret computers was driving him mad.

    6. Re:A soft perimeter is a good thing. by erroneus · · Score: 0

      Except that is not how it works.... nice dream though.

      I am not going to comment any further than this, but I have considerable inside knowledge of this situation and the things which enable it to happen.

      That said, many people already know some of the reasons this has happened from previous news stories. When the lights come on in your head, you will know what I'm talking about.

    7. Re:A soft perimeter is a good thing. by networkBoy · · Score: 1

      Worked fine for the CIA and oil pipeline specs "stolen" by the KGB...

      --
      whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
    8. Re:A soft perimeter is a good thing. by Wyatt+Earp · · Score: 1

      But they are creating slow cultural suicide with declining birth rates and an aging population without enough young workers to support the welfare system for the older generation.

      As for being more civilized, the acts committed by Imperial Japan across eastern Asia and the Pacific Rim really call that civilization into question.

      Please tell me how German civilization is superior to all other European cultures.

    9. Re:A soft perimeter is a good thing. by gstrickler · · Score: 1

      Be sure to include some encrypted files with obscure names. The encrypted data can either be disinformation, or publicly available info, or random garbage, but the encryption and intriguing names will waste some of their time.

      --
      make imaginary.friends COUNT=100 VISIBLE=false
    10. Re:A soft perimeter is a good thing. by gstrickler · · Score: 1

      A little exercise can firm up that soft perimeter for you.

      --
      make imaginary.friends COUNT=100 VISIBLE=false
    11. Re:A soft perimeter is a good thing. by Karmashock · · Score: 1

      You have to take the random anti american trolls in stride... we do... They're shambling zombies littering the post apocalyptic political wasteland that is their ideology. Scrapping around... medically dead... moaning for brains.

      Best you can do is stock lots of food and assume a defensible position. They'll burn themselves out eventually.

      --
      I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
    12. Re:A soft perimeter is a good thing. by Karmashock · · Score: 1

      Secret associations. There's the file and the modification to the file and back up hard copy unaltered files that will be consulted prior to doing anything. But if someone goes rifling through things why not make the crap convenient.

      I'm just saying you're not going to stop every intrusion. So why not plan for a successful intrusion to work for you. I wouldn't go so far as to give them bogus plans mostly because I don't want to give them even that much. I want to track the intrusion. Maybe make it easy to get in using some cheap tricks but make it so it's very very hard to get in without getting logged.

      Thus most attackers will get in feeling like it's easy... and little do they know the whole IT department just lit up like a christmas tree.

      Just an idea.

      --
      I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
    13. Re:A soft perimeter is a good thing. by Karmashock · · Score: 1

      They copied enough things bolt for bolt to earn that little treat.

      --
      I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
    14. Re:A soft perimeter is a good thing. by Karmashock · · Score: 1

      Not if you disable local file storage.

      We're moving towards cloud computing already and at the corporate level especially where security becomes that paranoid I think requiring everyone to RDP into a virtualized environment is entirely legitimate. So sure... it will be on their system... But their system will inherently not be low security if they access to those files.

      Come on, I thought this was site for IT wonks. :-)

      First rule of computer security is PHYSICAL security. You can have all the fancy encryption and passwords you like but most of that stuff is meaningless if they can get their grubby paws on the actual machine. So make that difficult by physically putting it in the server room as an aggregate of a larger library of virtualized personal desktop environments. Have fun trying to get at it in there.

      And then with appropriately anal firewall rules you can allow them access to the internet while not really compromising your internal network because everything sits behind so many layers of abstraction.

      --
      I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
    15. Re:A soft perimeter is a good thing. by Karmashock · · Score: 1

      Sadly I'm not in your esteemed in crowd so I have no idea what you're talking about.

      Care to share or are you having fun being mysterious?

      --
      I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
    16. Re:A soft perimeter is a good thing. by Karmashock · · Score: 1

      Exactly. Let robber into the vault and let him walk away with a sack... he doesn't have to know he's carrying bundles of newspaper clippings.

      --
      I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
    17. Re:A soft perimeter is a good thing. by ColdWetDog · · Score: 1

      Be sure to include some encrypted files with obscure names. The encrypted data can either be disinformation, or publicly available info, or random garbage, but the encryption and intriguing names will waste some of their time.

      Kim Kardashian_nkd_wedding.zip.rar.exe.app

      --
      Faster! Faster! Faster would be better!
    18. Re:A soft perimeter is a good thing. by Karmashock · · Score: 1

      My suggestion is that it be intentionally soft at least in appearence. The notion would be that it wouldn't be that hard to get in. Hard enough maybe to keep out the casual or inexperienced hacker. But not so tough as to give a pro a headache. But at the same time you set it up so that while it doesn't forbid little tricks to get in it has a disproportionally sophisticated detection and logging system. So it notices when there is an intrusion even if it isn't stopping it. I think that would help the security guys respond to and understand when they're having an intrusion. THey can also respond to it actively as opposed to responding in an automated way. So maybe they figure out something of the nature of this hacker from the logging. And then they either waste their time while the connection is traced through web of proxies. Or they actively give the hacker bad information. Maybe they see where he's looking and get ahead of him... and give him something they think he'll be attracted to but isn't a risk to the company.

      It's just an idea... Never mind me... Just seems the IT crew runs into problems because they get blindsided. And a system that made it more likely that they'd be actively engaged with an intruder would probably stop most of the data loss. But I could be wrong.

      --
      I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
    19. Re:A soft perimeter is a good thing. by Karmashock · · Score: 1

      Oh, I'm sure someone else has had similar ideas. I just think these should be applied systemically when protecting high profile systems.

      Have the outer defenses strong enough to ward off all the casual attackers and then just let the more dangerous guys in so you can track them rather then letting them learn the limitations of your system let them think they evaded detection.

      --
      I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
    20. Re:A soft perimeter is a good thing. by gstrickler · · Score: 1

      Whoosh.....!

      Lose your sense of humor???

      --
      make imaginary.friends COUNT=100 VISIBLE=false
    21. Re:A soft perimeter is a good thing. by X0563511 · · Score: 1

      Yea, I'm sure that perspective isn't biased at all...

      --
      For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
    22. Re:A soft perimeter is a good thing. by X0563511 · · Score: 1

      That worked so well for all of us when those Chinese capacitors started exploding (and kept exploding) for fucking years...

      --
      For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
    23. Re:A soft perimeter is a good thing. by Karmashock · · Score: 1

      I'm binary with stuff like that. My humor is on or off. Sorry... It has no dimmer switch.. I tend to switch it off when I get analytical and switch it on when I get bored.

      --
      I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
    24. Re:A soft perimeter is a good thing. by Tekfactory · · Score: 1

      Not quite so certain what Parent is being mysterious about. However Grandparent's idea of the soft and chewy outside is a terrible misinterpretation of defense in depth.

      You own some of the less valuable folks, you own some of the less valuable data, now you can send authentic looking emails from real coworkers to people on the sensitive side.

      Not that their recon isn't already doing this, some of the emails they use are very convincing.

      Advanced Persistent Threats know a lot about their targets before they ever make a move.

    25. Re:A soft perimeter is a good thing. by Biff+Stu · · Score: 1

      So they stole the plans from PG&E?

    26. Re:A soft perimeter is a good thing. by erroneus · · Score: 1

      To be less mysterious, I don't want to say anything that might compromise my employment.

    27. Re:A soft perimeter is a good thing. by Tekfactory · · Score: 1

      Get yourself some Data Extrusion Detection and Data Loss Prevention thinking going on.

      The bad guy will get in, but most often one of your users will open an email with a PDF or other broken but normal looking file in it, whatever the payload is, it will drop on the user's system when they open the document. It will call home to its Command and Control node, the bad man will use that machine as a pivot point to access other machines. You never saw him come in because the user's machine opened up an outbound port 443 connection as far as you know the user is doing their online banking.

      There are some things you can do with process monitoring and file whitelisting to notice when the new file tries to run on the user's system.

      Your anti-virus will not catch the program, they usually know what vendor you use and have munged the file enough your AV doesn't notice it.

      There is a really odd piece here I do not understand, and that is the munged file to slip past Symantec will be the same everywhere, and the one for McAfee will be the same everywhere, this is across multiple victim companies.

      Anyways you're looking for indicators of compromise now, nobody knocks on the door anymore.

    28. Re:A soft perimeter is a good thing. by gstrickler · · Score: 1

      Well, upgrade to a 4-bit system. :)

      --
      make imaginary.friends COUNT=100 VISIBLE=false
    29. Re:A soft perimeter is a good thing. by MokuMokuRyoushi · · Score: 2

      Interestingly, I'm suspicious that you'd find an equal number of American males of the same desire.

      --
      Humans are terrible replicators of Godly things.
    30. Re:A soft perimeter is a good thing. by Anonymous Coward · · Score: 0

      Please tell me how German civilization is superior to all other European cultures.

      Those forest people civilized? They can't do anything against the mighty armies of Varus, by the Mars, Nerio and Minerva!

    31. Re:A soft perimeter is a good thing. by triffid_98 · · Score: 1

      But they are creating slow cultural suicide with declining birth rates and an aging population without enough young workers to support the welfare system for the older generation.

      I'm pretty sure the plan was to implant all of the old people into robot bodies but Honda spent all of their R+D money on this 'Asimo' thing instead of the Gundams the Health Ministry asked for.

    32. Re:A soft perimeter is a good thing. by Wyatt+Earp · · Score: 1

      That would be fracking awesome.

      Like Robot Nixon.

    33. Re:A soft perimeter is a good thing. by Anonymous Coward · · Score: 0

      nah - PEPCO

    34. Re:A soft perimeter is a good thing. by That+Guy+From+Mrktng · · Score: 1

      Hey! “the ministry of agriculture is not in charge of Gundam”

    35. Re:A soft perimeter is a good thing. by That+Guy+From+Mrktng · · Score: 1

      Sadly this POS forum does not allow anonymous cowards... are you reverse-baiting? oh wait

    36. Re:A soft perimeter is a good thing. by Anonymous Coward · · Score: 0

      RSA token attack? If there was data sharing regarding AEGIS ships with the US, easy to see a connected deployment from the US. Which means somebody didn't do cleanup after that went public. In the US that's a firing. Japan, maybe busted down to cable monkey?

    37. Re:A soft perimeter is a good thing. by Anonymous Coward · · Score: 0

      Congratulations you have (re)invented the Honey Pot.

      You don't use a Honey Pot for planting false information. You would have known this if you'd bothered to actually read any of the sources on the Fuck-U-Pedia page instead of just blindly quoting it. You can start by going here:http://www.sans.org/security-resources/idfaq/honeypot3.php which is the best citation the Wiki has listed.

      And next time, instead of being a complete Fuck-Stick, post the link to the info instead of a half-assed collective summary of the info.

    38. Re:A soft perimeter is a good thing. by black+soap · · Score: 1

      So all those misattributed song files on napster were really.... DRM?

    39. Re:A soft perimeter is a good thing. by Karmashock · · Score: 1

      it's a good point but really I don't see why we're giving users the ability to do that at all.

      I think a good it department should be able to run almost entirely on security whitelists. And that outbound connection isn't included in the whitelist.

      Port 80 is only to approved URLs through an internal DNS server. Email is only through the corporate email server. Etc.

      If they want to talk to a machine on the internet that the IT department hasn't vetted they can issue a ticket and the IT dep will get to it.

      Again, we're talking about enterprise and government solutions where security is critical and there is an implicit assumption that electronic espionage is a fact... and could cost the company everything.

      --
      I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
    40. Re:A soft perimeter is a good thing. by Karmashock · · Score: 1

      email servers wouldn't be chewy... that's the sort of thing that would be in the castle keep. Though obviously you'd want to fragment the system by department so the advertisement department wouldn't compromise something else... as an example.

      --
      I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
    41. Re:A soft perimeter is a good thing. by Karmashock · · Score: 1

      you can respond anonymously.... so... you're being pretty mysterious by refusing to answer on the grounds that you don't want to be identified.

      --
      I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
    42. Re:A soft perimeter is a good thing. by Karmashock · · Score: 1

      It will have to be added in the next version... I think the issue is hardware based and not even a firmware update would help.

      --
      I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
  3. Aww, got my hopes up... by John+Pfeiffer · · Score: 5, Funny

    I was hoping someone had gotten out technical documents of bipedal weapons platforms, or powered armor, or SOMETHING. :(

    --

    Friend: "The NIC is misconfigured..." Me: "No prob, I'll just telnet in and fix it." *Silence*
    1. Re:Aww, got my hopes up... by ddxexex · · Score: 4, Funny

      This was a defense contractor they hacked.

      If they wanted Gundam, they would have hacked a contractor for the ministry of agriculture...

    2. Re:Aww, got my hopes up... by Anonymous Coward · · Score: 0

      Right, like we really need cheap Chinese knockoffs of the ED-209, that's gonna help make the world a better place.

    3. Re:Aww, got my hopes up... by KillaBeave · · Score: 1

      I was hoping someone had gotten out technical documents of bipedal weapons platforms, or powered armor, or SOMETHING. :(

      I was also hoping that Mitsubishi had went from Zero to Heero as well ...

    4. Re:Aww, got my hopes up... by tlhIngan · · Score: 1

      This was a defense contractor they hacked.

      If they wanted Gundam, they would have hacked a contractor for the ministry of agriculture...

      Daily Planet (a Canadian science magazine show on Discovery Canada) had just a segment last week...

      http://watch.ctv.ca/clip531934#clip531934

      What I can't believe is how they just danced around the whole "it's a mech" term. It's amusing to watch in its own right as the host just refuses to call it what it is.

      Oh yeah, it has guns, too! And yes, it's from a company that makes farm equipment.

    5. Re:Aww, got my hopes up... by sabt-pestnu · · Score: 1

      > Oh yeah, it has guns, too!

      Rubber ball cannons. They don't count as "weapons" though.

    6. Re:Aww, got my hopes up... by Calydor · · Score: 1

      Fill each little rubber ball with some unstable nitroglycerine or other explode-on-impact chemical and I assure you it's a weapon. Get shot in the face by one as-is and you'll call it a weapon, too.

      --
      -=This sig has nothing to do with my comment. Move along now=-
    7. Re:Aww, got my hopes up... by anti-pop-frustration · · Score: 1

      The ministry of agriculture is not in charge of Gundam. The Gundam ministry is in charge of Gundam.

    8. Re:Aww, got my hopes up... by DarthVain · · Score: 1

      They did though it was mostly useless having been designed for 15 year old girls to pilot... The uniforms were also rejected due to the probability of lawsuits...

  4. Godzilla files compromised by Anonymous Coward · · Score: 0

    Let's just hope for the sake of earth that the Godzilla-doomsday weapon files have not been leaked....

  5. All of this has happened before... by Anonymous Coward · · Score: 0

    Holy crap, it's the Cylons! Someone make sure our Battlestars aren't networked together!

  6. In unrelated news by elrous0 · · Score: 5, Funny

    Chinese defense contractors announced today that they have made a series of tremendous advancements in submarine, missile, and nuclear power plant component technology.

    --
    SJW: Someone who has run out of real oppression, and has to fake it.
    1. Re:In unrelated news by Ramin_HAL9001 · · Score: 1

      Chinese defense contractors announced today that they have made a series of tremendous advancements in submarine, missile, and nuclear power plant component technology.

      @elrous
      Exactly. At first I thought this might have been stuxnet accidentally spread to Asia. But already it is starting to look like it may have been a separate, highly targeted attack. Guess which country hates Japan and has the capabilities to carry out cyber warfare? Hint: it's not North Korea (though North Korea does hate Japan).

  7. very interesting... by PJ6 · · Score: 2

    looks like a job for Section 9

  8. fail by Charliemopps · · Score: 1

    How many times does this have to happen before these businesses realize they should not be on the internet... period. You're either inside the building, or your not logged in. It's that simple.

    1. Re:fail by Rogerborg · · Score: 2

      "The" building? What, you think Mitsubishi is one single big building containing all of its global employees, development, admin, sales and support? And that none of them need to be able to communicate with anyone outside. You know, their customers? Is that really what you think? That it's "that simple"?

      Pause. Apply brain. Type.

      --
      If you were blocking sigs, you wouldn't have to read this.
    2. Re:fail by Anonymous Coward · · Score: 0

      Go easy on the snarkiness, you are extrapolating way more from his post than what was said.

      Are you just in a terrible mood or really upset right now?

    3. Re:fail by antifoidulus · · Score: 1

      Don't know about Mitsubishi, but a lot of organizations do try to keep as much of their really sensitive material off of the internet as possible, but at the end of the day you cannot expect to design and manufacture a submarine from end-to-end in a single physical location. Where it makes sense you can run your own fiber, but that can get real expensive real quick. At the end of the day compromises must be made(and of course never, ever trust anything to Windows, but that seems to be a lesson people just don't get)

      --
      Monstar L
    4. Re:fail by hjf · · Score: 1

      (and of course never, ever trust anything to Windows, but that seems to be a lesson people just don't get)

      And you cannot expect to design a submarine from end-to-end using Linux either...

    5. Re:fail by drinkypoo · · Score: 1

      Only if you're building a new type of submarine, because then you're going to need to write new tools. If you're the government you could force the tool vendors to develop the new ones for Linux. Some vendors are moving that way anyway due to interest, e.g. cadence tools ported to Linux when IC designers started sitting at them instead of X terminals... all those potential seats!

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    6. Re:fail by Charliemopps · · Score: 0

      You clearly have no idea how enterprise networks work. I said "The internet" You can have a GLOBAL network and not have it connected to the internet. getting into this network requires you to be inside "The building" or any number of buildings owned by the business.

    7. Re:fail by JamesP · · Score: 1

      Yeah, sure. For 10x to 100x the cost.

      Of course, they can use a VPN. Of course, they are too smart to do that.

      What, in turn, makes someone have an external connection to the Internet so that they can do their work. Oops.

      They are 'stuck' with an MS stack of course.

      --
      how long until /. fixes commenting on Chrome?
    8. Re:fail by X0563511 · · Score: 1

      Where it makes sense you can run your own fiber, but that can get real expensive real quick.

      Why would you do that? You can send the traffic through the internet just fine. You just have to use a secured VPN.

      --
      For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
    9. Re:fail by That+Guy+From+Mrktng · · Score: 1

      Japanese are renowned for stuff that "just works" maybe they were running an Apple stack all the way down, Japan loves them. You can make a sub end-to-end in Apple stuff, right?

    10. Re:fail by jackbird · · Score: 1

      If you're the government you could force the tool vendors to develop the new ones for Linux.

      CATIA and Solidworks are sold by a partnership of IBM and a huge French aerospace conglomerate. If Linux-champion IBM hasn't ported them (especially since they are supported on a few non-x86 UNIX variants), you can bet there's a good reason.

      Oh, you want NX / I-DEAS instead? Well, then you just need to convince Siemens to roll over for you.

      Or do you want to slum it and use something by Autodesk? The day they release a homegrown product for Linux (their ludicrously many acquired products are sometimes a different story) is the day hell freezes over.

      You want to roll your own PLM software? Ha. And ha-ha. With a worldwide installed base of maybe 100k seats for all packages, and a pricetag in the five figures per seat, there's no way to make the numbers make sense.

  9. Monster movies then (kinetic) vs. now (cyber) by Shoten · · Score: 1

    I'm just picturing Godzilla, sitting at a computer in a basement somewhere...

    --

    For your security, this post has been encrypted with ROT-13, twice.
    1. Re:Monster movies then (kinetic) vs. now (cyber) by Commontwist · · Score: 1

      I'm just picturing Godzilla, sitting at a computer in a basement somewhere...

      Between surfing the 'net for dragon porn.

  10. Wrong company by smooth+wombat · · Score: 1

    It is Tamaribuchi Heavy Manufacturing Concern who merged with Matsumura Fishworks a while back. They're the ones who make Mr. Sparkle.

    --
    We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
    1. Re:Wrong company by Anonymous Coward · · Score: 0

      There's your answer fish-bulb.

  11. "... system information such as IP addresses ..." by tqk · · Score: 1

    'We've found out that some system information such as IP addresses have been leaked and that's creepy enough,' the spokesman added."

    Er, what?

    nslookup www.mhi.co.jp
    Server: UnKnown
    Address: 10.0.1.1

    Non-authoritative answer:
    Name: www.mhi.co.jp
    Address: 202.228.55.2

    I must be missing something. I'm sure a little digging would turn up their production network FQDN if it's Internet facing (which it apparently is).

    --
    "Tongue tied and twisted, just an Earth bound misfit ..." -- Pink Floyd.
  12. Re:"... system information such as IP addresses .. by Anonymous Coward · · Score: 1

    Maps of network internals can turn up routable unsecured devices like printers, APs with old firmware, that forgotten server in that closet etc. that can be used to harvest login credentials or exploit the network further if the devices are trusted.

  13. Re:"... system information such as IP addresses .. by robmv · · Score: 1

    OMG!!! you published your DNS ip address!!!

  14. Re:"... system information such as IP addresses .. by Anonymous Coward · · Score: 0

    Indeed. I am sure that the world knowing that 10.0.1.1 will enable hackers worldwide to infiltrate his network.

  15. Re:"... system information such as IP addresses .. by Commontwist · · Score: 1

    Maps of network internals can turn up routable unsecured devices like printers, APs with old firmware, that forgotten server in that closet etc. that can be used to harvest login credentials or exploit the network further if the devices are trusted.

    True. My old workplace networking division was searching for where the internal infection of Conflicker was coming from.

    I re-told them about the wonder of nmap ("Huh? What's that?" @_@) that I had mentioned briefly (and was obviously ignored and forgotten) and discovered the worm was coming from one of their internal web servers located in the same physical room as their office. And these were our network security guys who sold security systems. *sigh*

  16. Creepy? by ThatsNotPudding · · Score: 2

    I find it hard to believe a spokesperson for a Japanese corporation used the word 'creepy', but hey; wire services are never wrong.

    1. Re:Creepy? by X0563511 · · Score: 1

      Probably a translation issue. I'm sure the word closer to the original meaning was 'unsettling'

      --
      For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
    2. Re:Creepy? by Anonymous Coward · · Score: 0

      The translator formerly worked for the BBC in the UK, obviously.

  17. why the hate for heavy people by iampiti · · Score: 0

    I'm enraged! Why did they have to mention that the Mitsubishi spokesman is heavy? don't you think the poor man is reminded of his weight problems often enough? really bad reporting. I'm tired of this weightism! heavy people have feelings too

  18. Re:"... system information such as IP addresses .. by JamesP · · Score: 1

    They probably hired their good friends, Sony Computer, to do the auditing for them...

    --
    how long until /. fixes commenting on Chrome?
  19. How many times? by inglorion_on_the_net · · Score: 1

    How many wake-up calls like this do organizations the world over need before they start doing computer security right?

    Just had to get that off my chest.

    --
    Please correct me if I got my facts wrong.
  20. This is not real right? by Anonymous Coward · · Score: 0

    I cannot believe this. Who would be so stupid. They will obviously counter attack just to save face, and counter attack they will, in force. The execs might not know what is clearly going on, but someone in operations is going to spend a lot of time and money on getting revenge. I am glad that its not me on the receiving end. Mitsubishi Heavy Industries? I guarantee they they are out for blood this time.

    1. Re:This is not real right? by That+Guy+From+Mrktng · · Score: 1

      Who would they be revenge-hacking? China? Israel? They both have the same info as US defense contractors and it's probably easier to hack directly from the source.. erm, oh now I get your point, clever AC.

  21. Not surprised by Anonymous Coward · · Score: 1

    I worked for one of the Mitsubishi manufacturing companies in the US and this isn't a surprise. Security was never a focus. They acted like we were completely secure, yet any number of systems were in the proxy-bypass group. Add to that lackluster policies on updating AV and workstation security patches. Bet it sucks for my former co-workers today.

  22. It must have been... by Anonymous Coward · · Score: 0

    ...the laughing man