×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Japan's Largest Defense Contractor Hacked

samzenpus posted more than 2 years ago | from the show-me-the-secrets dept.

Security 96

wiredmikey writes "Mitsubishi Heavy Industries Ltd, Japan's largest defense contractor, has been a victim of a cyber attack, according to a report from the company. The company said attackers had gained access to company computer systems, with some reports saying the attacks targeted its submarine, missile and nuclear power plant component businesses. According to The Yomiuri newspaper, approximately 80 systems had been infected with malware at the company's headquarters in Tokyo, as well as manufacturing and research and development sites, including Kobe Shipyard & Machinery Works, Nagasaki Shipyard & Machinery Works and Nagoya Guidance & Propulsion System Works. 'We can't rule out small possibilities of further information leakage but so far crucial data about our products or technologies have been kept safe,' a Mitsubishi Heavy spokesman told Reuters. 'We've found out that some system information such as IP addresses have been leaked and that's creepy enough,' the spokesman added."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

96 comments

A soft perimeter is a good thing. (3, Interesting)

Karmashock (2415832) | more than 2 years ago | (#37441764)

Letting hackers half way into your system especially when you're dealing with state sponsored hacking groups or corporate espionage is not a horrible idea so long as you make it work for you.

After all even though they're in your systems you have have an opportunity to log them in a way that you don't if they're just scrapping on the outside. Build a multi-tiered defense and let them get all the information that you don't actually care about. For example... promotional information and publicly released data. You can also have dummy files thrown around with garbage data filled in rather then the real specs. Have fun with it. But the really secret stuff... consider not having that on the network at all. If you're talking about top secret information... maybe that calls for an armed courier.

Re:A soft perimeter is a good thing. (5, Informative)

Dunbal (464142) | more than 2 years ago | (#37441836)

Congratulations you have (re)invented the Honey Pot [wikipedia.org] .

Re:A soft perimeter is a good thing. (-1)

Anonymous Coward | more than 2 years ago | (#37442178)

At least in Japan you have to travel miles and miles and miles before you will see an obese person. And they don't stupidly stand around and block doorways, make left turns from right lanes, walk into a store and make a mess of it and leave, or do other inconsiderate shit because they are actually capable of thinking of other people and how their actions may affect them. Their culture pretty much requires it. Not showing the proper respect or being impolite is a major faux pas over there, sort of like how most Americans would react to the "n-word".

In other words, the Japanese are better than Americans in every conceivable way. They are definitely more civilized. They aren't trying to commit slow suicide with food. They seem to actually read a book once in a while.

Re:A soft perimeter is a good thing. (-1, Offtopic)

Dunbal (464142) | more than 2 years ago | (#37442300)

And this is relevant to me how? I am not American, and not in the US. I assume that was your target, since you mentioned obesity.

Also, have the superior Japanese learned how to swim yet?

Re:A soft perimeter is a good thing. (1)

Karmashock (2415832) | more than 2 years ago | (#37444552)

You have to take the random anti american trolls in stride... we do... They're shambling zombies littering the post apocalyptic political wasteland that is their ideology. Scrapping around... medically dead... moaning for brains.

Best you can do is stock lots of food and assume a defensible position. They'll burn themselves out eventually.

Re:A soft perimeter is a good thing. (-1, Flamebait)

Dishevel (1105119) | more than 2 years ago | (#37442364)

The fact that a large percentage of their male population wants to have sex with animated pre-pubescent girls not withstanding.

Re:A soft perimeter is a good thing. (-1)

Anonymous Coward | more than 2 years ago | (#37442570)

they're also racist as shit. go back to 4chan, otaku faggot.

Re:A soft perimeter is a good thing. (-1)

Anonymous Coward | more than 2 years ago | (#37442860)

Not showing the proper respect or being impolite is a major faux pas over there

the Japanese are better than Americans in every conceivable way.

Blatant contradiction spotted. You are being impolite. You may commit Seppuku now.

Re:A soft perimeter is a good thing. (1)

Wyatt Earp (1029) | more than 2 years ago | (#37443976)

But they are creating slow cultural suicide with declining birth rates and an aging population without enough young workers to support the welfare system for the older generation.

As for being more civilized, the acts committed by Imperial Japan across eastern Asia and the Pacific Rim really call that civilization into question.

Please tell me how German civilization is superior to all other European cultures.

Re:A soft perimeter is a good thing. (0)

Anonymous Coward | more than 2 years ago | (#37447348)

Please tell me how German civilization is superior to all other European cultures.

Those forest people civilized? They can't do anything against the mighty armies of Varus, by the Mars, Nerio and Minerva!

Re:A soft perimeter is a good thing. (1)

triffid_98 (899609) | more than 2 years ago | (#37448434)

But they are creating slow cultural suicide with declining birth rates and an aging population without enough young workers to support the welfare system for the older generation.

I'm pretty sure the plan was to implant all of the old people into robot bodies but Honda spent all of their R+D money on this 'Asimo' thing instead of the Gundams the Health Ministry asked for.

Re:A soft perimeter is a good thing. (1)

Karmashock (2415832) | more than 2 years ago | (#37445198)

Oh, I'm sure someone else has had similar ideas. I just think these should be applied systemically when protecting high profile systems.

Have the outer defenses strong enough to ward off all the casual attackers and then just let the more dangerous guys in so you can track them rather then letting them learn the limitations of your system let them think they evaded detection.

Re:A soft perimeter is a good thing. (0)

Anonymous Coward | more than 2 years ago | (#37454410)

Congratulations you have (re)invented the Honey Pot [wikipedia.org] .

You don't use a Honey Pot for planting false information. You would have known this if you'd bothered to actually read any of the sources on the Fuck-U-Pedia page instead of just blindly quoting it. You can start by going here:http://www.sans.org/security-resources/idfaq/honeypot3.php which is the best citation the Wiki has listed.

And next time, instead of being a complete Fuck-Stick, post the link to the info instead of a half-assed collective summary of the info.

Re:A soft perimeter is a good thing. (1)

Anonymous Coward | more than 2 years ago | (#37441974)

Better yet, have engineers design flaws into the "valuable" information that would go undetected until the devices self-destruct while in use. A few metric to imperial conversion errors is all it takes.

Re:A soft perimeter is a good thing. (0)

Anonymous Coward | more than 2 years ago | (#37442230)

Better yet, have engineers design flaws into the "valuable" information that would go undetected until the devices self-destruct while in use. A few metric to imperial conversion errors is all it takes.

And how do you plan to keep track of the intentional mistakes? You only need to replace one or two people in the organization to forget about these deliberate mistakes, and the company will be producing devices that self-destruct.

Re:A soft perimeter is a good thing. (1)

Karmashock (2415832) | more than 2 years ago | (#37444648)

Secret associations. There's the file and the modification to the file and back up hard copy unaltered files that will be consulted prior to doing anything. But if someone goes rifling through things why not make the crap convenient.

I'm just saying you're not going to stop every intrusion. So why not plan for a successful intrusion to work for you. I wouldn't go so far as to give them bogus plans mostly because I don't want to give them even that much. I want to track the intrusion. Maybe make it easy to get in using some cheap tricks but make it so it's very very hard to get in without getting logged.

Thus most attackers will get in feeling like it's easy... and little do they know the whole IT department just lit up like a christmas tree.

Just an idea.

Re:A soft perimeter is a good thing. (1)

Tekfactory (937086) | more than 2 years ago | (#37446312)

Get yourself some Data Extrusion Detection and Data Loss Prevention thinking going on.

The bad guy will get in, but most often one of your users will open an email with a PDF or other broken but normal looking file in it, whatever the payload is, it will drop on the user's system when they open the document. It will call home to its Command and Control node, the bad man will use that machine as a pivot point to access other machines. You never saw him come in because the user's machine opened up an outbound port 443 connection as far as you know the user is doing their online banking.

There are some things you can do with process monitoring and file whitelisting to notice when the new file tries to run on the user's system.

Your anti-virus will not catch the program, they usually know what vendor you use and have munged the file enough your AV doesn't notice it.

There is a really odd piece here I do not understand, and that is the munged file to slip past Symantec will be the same everywhere, and the one for McAfee will be the same everywhere, this is across multiple victim companies.

Anyways you're looking for indicators of compromise now, nobody knocks on the door anymore.

Re:A soft perimeter is a good thing. (1)

Karmashock (2415832) | more than 2 years ago | (#37507328)

it's a good point but really I don't see why we're giving users the ability to do that at all.

I think a good it department should be able to run almost entirely on security whitelists. And that outbound connection isn't included in the whitelist.

Port 80 is only to approved URLs through an internal DNS server. Email is only through the corporate email server. Etc.

If they want to talk to a machine on the internet that the IT department hasn't vetted they can issue a ticket and the IT dep will get to it.

Again, we're talking about enterprise and government solutions where security is critical and there is an implicit assumption that electronic espionage is a fact... and could cost the company everything.

Re:A soft perimeter is a good thing. (3, Informative)

JoshuaZ (1134087) | more than 2 years ago | (#37442396)

There are allegations that the US did just that to the Soviet Union during the cold war. See http://www.zdnet.co.uk/news/it-strategy/2004/03/01/us-software-blew-up-russian-gas-pipeline-39147917/ [zdnet.co.uk] .

Re:A soft perimeter is a good thing. (1)

X0563511 (793323) | more than 2 years ago | (#37445692)

That worked so well for all of us when those Chinese capacitors started exploding (and kept exploding) for fucking years...

Re:A soft perimeter is a good thing. (0)

Anonymous Coward | more than 2 years ago | (#37442398)

Even if you have a multi-tiered system with strict policies not to take future product designs out of the most secure systems... it is a virtual certainty that someone has a copy of the top-secret designs on his internet-connected low-security desktop, because he needed it there to get his job done and working on the locked-down top-secret computers was driving him mad.

Re:A soft perimeter is a good thing. (1)

Karmashock (2415832) | more than 2 years ago | (#37444852)

Not if you disable local file storage.

We're moving towards cloud computing already and at the corporate level especially where security becomes that paranoid I think requiring everyone to RDP into a virtualized environment is entirely legitimate. So sure... it will be on their system... But their system will inherently not be low security if they access to those files.

Come on, I thought this was site for IT wonks. :-)

First rule of computer security is PHYSICAL security. You can have all the fancy encryption and passwords you like but most of that stuff is meaningless if they can get their grubby paws on the actual machine. So make that difficult by physically putting it in the server room as an aggregate of a larger library of virtualized personal desktop environments. Have fun trying to get at it in there.

And then with appropriately anal firewall rules you can allow them access to the internet while not really compromising your internal network because everything sits behind so many layers of abstraction.

Re:A soft perimeter is a good thing. (0)

erroneus (253617) | more than 2 years ago | (#37442948)

Except that is not how it works.... nice dream though.

I am not going to comment any further than this, but I have considerable inside knowledge of this situation and the things which enable it to happen.

That said, many people already know some of the reasons this has happened from previous news stories. When the lights come on in your head, you will know what I'm talking about.

Re:A soft perimeter is a good thing. (1)

Karmashock (2415832) | more than 2 years ago | (#37444872)

Sadly I'm not in your esteemed in crowd so I have no idea what you're talking about.

Care to share or are you having fun being mysterious?

Re:A soft perimeter is a good thing. (1)

Tekfactory (937086) | more than 2 years ago | (#37446008)

Not quite so certain what Parent is being mysterious about. However Grandparent's idea of the soft and chewy outside is a terrible misinterpretation of defense in depth.

You own some of the less valuable folks, you own some of the less valuable data, now you can send authentic looking emails from real coworkers to people on the sensitive side.

Not that their recon isn't already doing this, some of the emails they use are very convincing.

Advanced Persistent Threats know a lot about their targets before they ever make a move.

Re:A soft perimeter is a good thing. (1)

Karmashock (2415832) | more than 2 years ago | (#37507350)

email servers wouldn't be chewy... that's the sort of thing that would be in the castle keep. Though obviously you'd want to fragment the system by department so the advertisement department wouldn't compromise something else... as an example.

Re:A soft perimeter is a good thing. (1)

erroneus (253617) | more than 2 years ago | (#37446234)

To be less mysterious, I don't want to say anything that might compromise my employment.

Re:A soft perimeter is a good thing. (1)

Karmashock (2415832) | more than 2 years ago | (#37507356)

you can respond anonymously.... so... you're being pretty mysterious by refusing to answer on the grounds that you don't want to be identified.

Re:A soft perimeter is a good thing. (0)

Anonymous Coward | more than 2 years ago | (#37453440)

RSA token attack? If there was data sharing regarding AEGIS ships with the US, easy to see a connected deployment from the US. Which means somebody didn't do cleanup after that went public. In the US that's a firing. Japan, maybe busted down to cable monkey?

Re:A soft perimeter is a good thing. (1)

gstrickler (920733) | more than 2 years ago | (#37444156)

Be sure to include some encrypted files with obscure names. The encrypted data can either be disinformation, or publicly available info, or random garbage, but the encryption and intriguing names will waste some of their time.

Re:A soft perimeter is a good thing. (1)

Karmashock (2415832) | more than 2 years ago | (#37444894)

Exactly. Let robber into the vault and let him walk away with a sack... he doesn't have to know he's carrying bundles of newspaper clippings.

Re:A soft perimeter is a good thing. (1)

ColdWetDog (752185) | more than 2 years ago | (#37445002)

Be sure to include some encrypted files with obscure names. The encrypted data can either be disinformation, or publicly available info, or random garbage, but the encryption and intriguing names will waste some of their time.

Kim Kardashian_nkd_wedding.zip.rar.exe.app

Re:A soft perimeter is a good thing. (1)

gstrickler (920733) | more than 2 years ago | (#37444218)

A little exercise can firm up that soft perimeter for you.

Re:A soft perimeter is a good thing. (1)

Karmashock (2415832) | more than 2 years ago | (#37445008)

My suggestion is that it be intentionally soft at least in appearence. The notion would be that it wouldn't be that hard to get in. Hard enough maybe to keep out the casual or inexperienced hacker. But not so tough as to give a pro a headache. But at the same time you set it up so that while it doesn't forbid little tricks to get in it has a disproportionally sophisticated detection and logging system. So it notices when there is an intrusion even if it isn't stopping it. I think that would help the security guys respond to and understand when they're having an intrusion. THey can also respond to it actively as opposed to responding in an automated way. So maybe they figure out something of the nature of this hacker from the logging. And then they either waste their time while the connection is traced through web of proxies. Or they actively give the hacker bad information. Maybe they see where he's looking and get ahead of him... and give him something they think he'll be attracted to but isn't a risk to the company.

It's just an idea... Never mind me... Just seems the IT crew runs into problems because they get blindsided. And a system that made it more likely that they'd be actively engaged with an intruder would probably stop most of the data loss. But I could be wrong.

Re:A soft perimeter is a good thing. (1)

gstrickler (920733) | more than 2 years ago | (#37445414)

Whoosh.....!

Lose your sense of humor???

Re:A soft perimeter is a good thing. (1)

Karmashock (2415832) | more than 2 years ago | (#37445862)

I'm binary with stuff like that. My humor is on or off. Sorry... It has no dimmer switch.. I tend to switch it off when I get analytical and switch it on when I get bored.

Re:A soft perimeter is a good thing. (1)

gstrickler (920733) | more than 2 years ago | (#37446548)

Well, upgrade to a 4-bit system. :)

Re:A soft perimeter is a good thing. (1)

Karmashock (2415832) | more than 2 years ago | (#37507366)

It will have to be added in the next version... I think the issue is hardware based and not even a firmware update would help.

Aww, got my hopes up... (5, Funny)

John Pfeiffer (454131) | more than 2 years ago | (#37441880)

I was hoping someone had gotten out technical documents of bipedal weapons platforms, or powered armor, or SOMETHING. :(

Re:Aww, got my hopes up... (4, Funny)

ddxexex (1664191) | more than 2 years ago | (#37442112)

This was a defense contractor they hacked.

If they wanted Gundam, they would have hacked a contractor for the ministry of agriculture...

Re:Aww, got my hopes up... (1)

tlhIngan (30335) | more than 2 years ago | (#37444120)

This was a defense contractor they hacked.

If they wanted Gundam, they would have hacked a contractor for the ministry of agriculture...

Daily Planet (a Canadian science magazine show on Discovery Canada) had just a segment last week...

http://watch.ctv.ca/clip531934#clip531934 [watch.ctv.ca]

What I can't believe is how they just danced around the whole "it's a mech" term. It's amusing to watch in its own right as the host just refuses to call it what it is.

Oh yeah, it has guns, too! And yes, it's from a company that makes farm equipment.

Re:Aww, got my hopes up... (1)

sabt-pestnu (967671) | more than 2 years ago | (#37447016)

> Oh yeah, it has guns, too!

Rubber ball cannons. They don't count as "weapons" though.

Re:Aww, got my hopes up... (1)

Calydor (739835) | more than 2 years ago | (#37447496)

Fill each little rubber ball with some unstable nitroglycerine or other explode-on-impact chemical and I assure you it's a weapon. Get shot in the face by one as-is and you'll call it a weapon, too.

Re:Aww, got my hopes up... (0)

Anonymous Coward | more than 2 years ago | (#37442156)

Right, like we really need cheap Chinese knockoffs of the ED-209, that's gonna help make the world a better place.

Re:Aww, got my hopes up... (1)

KillaBeave (1037250) | more than 2 years ago | (#37442924)

I was hoping someone had gotten out technical documents of bipedal weapons platforms, or powered armor, or SOMETHING. :(

I was also hoping that Mitsubishi had went from Zero to Heero as well ...

Re:Aww, got my hopes up... (1)

DarthVain (724186) | more than 2 years ago | (#37457590)

They did though it was mostly useless having been designed for 15 year old girls to pilot... The uniforms were also rejected due to the probability of lawsuits...

Godzilla files compromised (0)

Anonymous Coward | more than 2 years ago | (#37441996)

Let's just hope for the sake of earth that the Godzilla-doomsday weapon files have not been leaked....

All of this has happened before... (0)

Anonymous Coward | more than 2 years ago | (#37442076)

Holy crap, it's the Cylons! Someone make sure our Battlestars aren't networked together!

In unrelated news (5, Funny)

elrous0 (869638) | more than 2 years ago | (#37442114)

Chinese defense contractors announced today that they have made a series of tremendous advancements in submarine, missile, and nuclear power plant component technology.

Re:In unrelated news (1)

Ramin_HAL9001 (1677134) | more than 2 years ago | (#37452166)

Chinese defense contractors announced today that they have made a series of tremendous advancements in submarine, missile, and nuclear power plant component technology.

@elrous
Exactly. At first I thought this might have been stuxnet accidentally spread to Asia. But already it is starting to look like it may have been a separate, highly targeted attack. Guess which country hates Japan and has the capabilities to carry out cyber warfare? Hint: it's not North Korea (though North Korea does hate Japan).

fail (1)

Charliemopps (1157495) | more than 2 years ago | (#37442202)

How many times does this have to happen before these businesses realize they should not be on the internet... period. You're either inside the building, or your not logged in. It's that simple.

Re:fail (2)

Rogerborg (306625) | more than 2 years ago | (#37442734)

"The" building? What, you think Mitsubishi is one single big building containing all of its global employees, development, admin, sales and support? And that none of them need to be able to communicate with anyone outside. You know, their customers? Is that really what you think? That it's "that simple"?

Pause. Apply brain. Type.

Re:fail (0)

Anonymous Coward | more than 2 years ago | (#37443642)

Go easy on the snarkiness, you are extrapolating way more from his post than what was said.

Are you just in a terrible mood or really upset right now?

Re:fail (0)

Charliemopps (1157495) | more than 2 years ago | (#37445324)

You clearly have no idea how enterprise networks work. I said "The internet" You can have a GLOBAL network and not have it connected to the internet. getting into this network requires you to be inside "The building" or any number of buildings owned by the business.

Re:fail (1)

JamesP (688957) | more than 2 years ago | (#37445690)

Yeah, sure. For 10x to 100x the cost.

Of course, they can use a VPN. Of course, they are too smart to do that.

What, in turn, makes someone have an external connection to the Internet so that they can do their work. Oops.

They are 'stuck' with an MS stack of course.

Re:fail (1)

antifoidulus (807088) | more than 2 years ago | (#37443842)

Don't know about Mitsubishi, but a lot of organizations do try to keep as much of their really sensitive material off of the internet as possible, but at the end of the day you cannot expect to design and manufacture a submarine from end-to-end in a single physical location. Where it makes sense you can run your own fiber, but that can get real expensive real quick. At the end of the day compromises must be made(and of course never, ever trust anything to Windows, but that seems to be a lesson people just don't get)

Re:fail (1)

hjf (703092) | more than 2 years ago | (#37444592)

(and of course never, ever trust anything to Windows, but that seems to be a lesson people just don't get)

And you cannot expect to design a submarine from end-to-end using Linux either...

Re:fail (1)

drinkypoo (153816) | more than 2 years ago | (#37444760)

Only if you're building a new type of submarine, because then you're going to need to write new tools. If you're the government you could force the tool vendors to develop the new ones for Linux. Some vendors are moving that way anyway due to interest, e.g. cadence tools ported to Linux when IC designers started sitting at them instead of X terminals... all those potential seats!

Re:fail (1)

That Guy From Mrktng (2274712) | more than 2 years ago | (#37451700)

Japanese are renowned for stuff that "just works" maybe they were running an Apple stack all the way down, Japan loves them. You can make a sub end-to-end in Apple stuff, right?

Re:fail (1)

jackbird (721605) | more than 2 years ago | (#37451910)

If you're the government you could force the tool vendors to develop the new ones for Linux.

CATIA and Solidworks are sold by a partnership of IBM and a huge French aerospace conglomerate. If Linux-champion IBM hasn't ported them (especially since they are supported on a few non-x86 UNIX variants), you can bet there's a good reason.

Oh, you want NX / I-DEAS instead? Well, then you just need to convince Siemens to roll over for you.

Or do you want to slum it and use something by Autodesk? The day they release a homegrown product for Linux (their ludicrously many acquired products are sometimes a different story) is the day hell freezes over.

You want to roll your own PLM software? Ha. And ha-ha. With a worldwide installed base of maybe 100k seats for all packages, and a pricetag in the five figures per seat, there's no way to make the numbers make sense.

Re:fail (1)

X0563511 (793323) | more than 2 years ago | (#37445764)

Where it makes sense you can run your own fiber, but that can get real expensive real quick.

Why would you do that? You can send the traffic through the internet just fine. You just have to use a secured VPN.

Monster movies then (kinetic) vs. now (cyber) (1)

Shoten (260439) | more than 2 years ago | (#37442248)

I'm just picturing Godzilla, sitting at a computer in a basement somewhere...

Re:Monster movies then (kinetic) vs. now (cyber) (1)

Commontwist (2452418) | more than 2 years ago | (#37443754)

I'm just picturing Godzilla, sitting at a computer in a basement somewhere...

Between surfing the 'net for dragon porn.

Wrong company (1)

smooth wombat (796938) | more than 2 years ago | (#37442258)

It is Tamaribuchi Heavy Manufacturing Concern who merged with Matsumura Fishworks a while back. They're the ones who make Mr. Sparkle.

Re:Wrong company (0)

Anonymous Coward | more than 2 years ago | (#37442680)

There's your answer fish-bulb.

GODZILLA! (-1)

Anonymous Coward | more than 2 years ago | (#37442374)

Omg now Godzilla can attack! or is it Mecha-Godzilla?

"... system information such as IP addresses ..." (1)

tqk (413719) | more than 2 years ago | (#37442492)

'We've found out that some system information such as IP addresses have been leaked and that's creepy enough,' the spokesman added."

Er, what?

nslookup www.mhi.co.jp
Server: UnKnown
Address: 10.0.1.1

Non-authoritative answer:
Name: www.mhi.co.jp
Address: 202.228.55.2

I must be missing something. I'm sure a little digging would turn up their production network FQDN if it's Internet facing (which it apparently is).

Re:"... system information such as IP addresses .. (1)

Anonymous Coward | more than 2 years ago | (#37442970)

Maps of network internals can turn up routable unsecured devices like printers, APs with old firmware, that forgotten server in that closet etc. that can be used to harvest login credentials or exploit the network further if the devices are trusted.

Re:"... system information such as IP addresses .. (1)

Commontwist (2452418) | more than 2 years ago | (#37443914)

Maps of network internals can turn up routable unsecured devices like printers, APs with old firmware, that forgotten server in that closet etc. that can be used to harvest login credentials or exploit the network further if the devices are trusted.

True. My old workplace networking division was searching for where the internal infection of Conflicker was coming from.

I re-told them about the wonder of nmap ("Huh? What's that?" @_@) that I had mentioned briefly (and was obviously ignored and forgotten) and discovered the worm was coming from one of their internal web servers located in the same physical room as their office. And these were our network security guys who sold security systems. *sigh*

Re:"... system information such as IP addresses .. (1)

robmv (855035) | more than 2 years ago | (#37442974)

OMG!!! you published your DNS ip address!!!

Re:"... system information such as IP addresses .. (0)

Anonymous Coward | more than 2 years ago | (#37443710)

Indeed. I am sure that the world knowing that 10.0.1.1 will enable hackers worldwide to infiltrate his network.

Re:"... system information such as IP addresses .. (1)

JamesP (688957) | more than 2 years ago | (#37445722)

They probably hired their good friends, Sony Computer, to do the auditing for them...

Creepy? (2)

ThatsNotPudding (1045640) | more than 2 years ago | (#37444548)

I find it hard to believe a spokesperson for a Japanese corporation used the word 'creepy', but hey; wire services are never wrong.

Re:Creepy? (1)

X0563511 (793323) | more than 2 years ago | (#37445886)

Probably a translation issue. I'm sure the word closer to the original meaning was 'unsettling'

Re:Creepy? (0)

Anonymous Coward | more than 2 years ago | (#37446840)

The translator formerly worked for the BBC in the UK, obviously.

why the hate for heavy people (0)

iampiti (1059688) | more than 2 years ago | (#37445356)

I'm enraged! Why did they have to mention that the Mitsubishi spokesman is heavy? don't you think the poor man is reminded of his weight problems often enough? really bad reporting. I'm tired of this weightism! heavy people have feelings too

How many times? (1)

inglorion_on_the_net (1965514) | more than 2 years ago | (#37445930)

How many wake-up calls like this do organizations the world over need before they start doing computer security right?

Just had to get that off my chest.

This is not real right? (0)

Anonymous Coward | more than 2 years ago | (#37446028)

I cannot believe this. Who would be so stupid. They will obviously counter attack just to save face, and counter attack they will, in force. The execs might not know what is clearly going on, but someone in operations is going to spend a lot of time and money on getting revenge. I am glad that its not me on the receiving end. Mitsubishi Heavy Industries? I guarantee they they are out for blood this time.

Re:This is not real right? (1)

That Guy From Mrktng (2274712) | more than 2 years ago | (#37451742)

Who would they be revenge-hacking? China? Israel? They both have the same info as US defense contractors and it's probably easier to hack directly from the source.. erm, oh now I get your point, clever AC.

Not surprised (1)

Anonymous Coward | more than 2 years ago | (#37448080)

I worked for one of the Mitsubishi manufacturing companies in the US and this isn't a surprise. Security was never a focus. They acted like we were completely secure, yet any number of systems were in the proxy-bypass group. Add to that lackluster policies on updating AV and workstation security patches. Bet it sucks for my former co-workers today.

It must have been... (0)

Anonymous Coward | more than 2 years ago | (#37453438)

...the laughing man

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...