[ISN] `Legit' hackers set to target telecom firms in cyber attacks
InfoSec News
isn at c4i.org
Thu Jun 16 03:17:20 EDT 2005
http://www.asahi.com/english/Herald-asahi/TKY200506150322.html
By KOJI NISHIMURA
The Asahi Shimbun
06/15/2005
Some of Japan's leading companies are about to deliberately set
themselves up for sneak cyber attacks-but it's all part of a
government plan to improve corporate online security.
Under the plan starting next fiscal year, "legitimate" hackers will
use typical cyber-attack methods-such as trying to infiltrate
corporate networks or inundating Web sites with hits-to expose
vulnerabilities.
Their first targets will be in the telecommunications industry.
It may sound like a frightening misuse of authority, but businesses
should have nothing to fear as the "targets" will be limited to
corporations that volunteer for the drills.
The three-year program, with a budget of about 1.5 billion yen for the
first year alone, is the brainchild of the Ministry of Internal
Affairs and Communications, which oversees Internet service providers
and other businesses.
The mock attacks are aimed at helping businesses arm themselves
against real cyber attacks by exposing system weaknesses and training
personnel, sources said.
Internet service providers already use sophisticated anti-virus
software, firewalls and other protection against the rising threat of
cyber attacks.
But it is hard to tell how effective measures are until a hacker gets
through.
Another problem is businesses have little experience in working
together to prevent damage from spreading, the sources said.
The vulnerability of Internet businesses was demonstrated when
Kakaku.com's database was invaded by a hacker in May, forcing the
nation's top price-comparison Web site to shut down for about a week.
The ministry plan includes setting up a task force of information
security experts from universities and other institutions.
Over several weeks, the team will stage surprise attacks on businesses
that apply to take part. Because the attack will end when infiltration
succeeds, it will not cause real damage to systems or data leaks,
according to the sources.
Through the exercise, companies will learn not only where problems
lie, but also how well their crisis management plans work, the sources
said.
They can check when and how problems were detected and whether
responses, including internal and external liaison, were adequate.
The findings will be released publicly with the aim of improving
anti-hacker protection. Participants' names won't be revealed, the
sources said.(IHT/Asahi: June 15,2005)
More information about the ISN
mailing list