The National Public Safety Commission’s weekly news conference, which is usually a dull affair, created a stir recently in the global cybersecurity community after Japanese Police Chief Mitsuhiro Matsumoto officially named China as the perpetrator of a cyberattack on Japan.
While Tokyo has earlier refused to name and shame China for the atrocious cyber attacks in the past, but in recent months Tokyo has upped the ante. This time, and also for the first time, Japan has explicitly blamed China for the attack. By doing so, it has put immense pressure on Beijing.
The National Police Agency has been inundated with questions about the allegation from international governments and media outlets. The Tokyo Metropolitan Police Department filed a lawsuit against a Chinese systems engineer, who is also a member of the Chinese Communist Party, two days before the April 22 news conference, for allegedly participating in cyberattacks against the Japan Aerospace Exploration Agency (JAXA) and 200 other Japanese companies and research institutions in 2016 and 2017.
According to Tokyo police, the perpetrator, who has already fled Japan, used a false ID to register a web server in the country for cyberattacks against JAXA, and that China’s People’s Liberation Army was likely involved in the massive cyberattack.
During the press conference, Matsumoto, the police commissioner-general, said that the attacks were carried out by a Chinese hacker group known as Tick. “It’s highly likely that cyber espionage was carried out by the PLA’s Unit 61419, a strategic support unit based in the Chinese city of Qingdao in Shandong Province.”
Cyber attribution, the process of tracking and eventually identifying the source of cyberattacks, is a difficult and time-consuming job, particularly when nations are involved. It necessitates several levels of technological and strategic investigation. This crucial move, which is carried out to formulate a national response to attacks, necessitates painstaking work by security analysts to gather shards of evidence and create detailed timelines.
Even if efforts are effective in detecting bad actors, whether governments or groups, the perpetrators seldom accept responsibility for their actions. Beijing has categorically refuted Japan’s claims about the JAXA attacks. “China is strongly opposed to any nation or organisation [using accusations of] cyberattacks to throw mud at China,” Chinese Foreign Ministry spokesperson Wang Wenbin said.
Even in the presence of incorruptible facts, bringing culpable foreign nationals working abroad to justice is unlikely. However, this does not negate the importance of cyber attribution. Since it is not a formal criminal procedure, it allows a government to show its cybersecurity capabilities without revealing confidential investigative details or providing court-worthy proof. Cyber attribution can be used to “name and shame” suspected criminals in the hopes of deterring further attacks, or it can be used to pave the legal groundwork for penalties against them.
The Japan Pension Service was struck by a cyberattack in 2015, resulting in a major data breach that exposed over 1 million names and pension identification numbers, some of which included birthdates and addresses. The attack was investigated by Tokyo Metropolitan Police, who looked into the malware used and where the data was sent. The investigation uncovered evidence that servers in China were used. However, since there was no definitive evidence that Beijing was behind the attack, Tokyo refrained from saying it was state-sponsored.
Better forensics by Tokyo police this time gave the Japanese government the green light to blame Beijing. The cops found a mysterious server and started tracking it, eventually discovering a cyberattack on JAXA. It was discovered that the intruder was attempting to exploit a flaw in the space agency’s security programme, and it urged businesses facing similar threats to take preventive steps. The department then tracked down and interrogated the Chinese man who had leased the server.
Japan has increased the pressure on Beijing, whether it be over the Senkaku islands, the issue of Xinjiang, or Taiwan. By explicitly naming China, Japan has given resolve to the fact that China does take part in these atrocious cyber attacks all around the world.
