logo logo

’TPP’ keyword in cyber-attack? / Culprit appears to have searched for term-specific information

All the documents were about the TPP, with their titles and folder names containing the letters "TPP."

The Yomiuri Shimbun | Jan. 5, 2013

’TPP’ keyword in cyber-attack? / Culprit appears to have searched for term-specific information

A cyber-attacker suspected of stealing more than 3,000 documents from the Agriculture, Forestry and Fisheries Ministry looked for specific information through a keyword search, according to government sources.

It is feared that ministry information, including data from highly confidential documents, has fallen into foreign hands as a result of the cyber-attack.

Among the documents thought highly likely to have been compromised, more than 20 were related to negotiations over the Trans-Pacific Partnership free trade agreement. The documents were prepared before a summit meeting of the Asia-Pacific Economic Cooperation forum in November 2011.

Traces of the attacker’s actions indicate that his or her spying specifically targeted Japan’s moves regarding the TPP.

According to ministry sources, traces of the suspicious keyword search were found on officially used personal computers that were infected with computer viruses. A "find" command to make the PCs search for files was found to have been executed.

The more than 20 documents created just before the APEC summit meeting were stored in the PCs of ministry officials in charge of international negotiations. However, the stolen data were gathered in a single PC and compressed to make transmission easy.

All the documents were about the TPP, with their titles and folder names containing the letters "TPP." Government officials assume the attacker manipulated the PCs and searched for "TPP" and other keywords to collect the documents.

It is unknown when the searches began, because the data were overwritten. But it has been confirmed that there were a series of searches in November 2011 just before the APEC summit meeting.

The officials also found traces indicating that the attacker collected information about systems and networks by manipulating the infected PCs. The officials assume the attacker identified the PCs of officials who had important information based on the information stolen from the attacked PCs.

In addition to the highly confidential documents about the TPP, the attacker is believed to have stolen other government documents as well.

They included a record of discussions of a Japan-U.S. bilateral economic partnership agreement that was considered as an alternative to the TPP, minutes of a meeting of lawmakers who opposed joining the TPP talks, explanatory documents prepared for then Agriculture, Forestry and Fisheries Minister Michihiko Kano and the senior vice minister of the agriculture ministry, and a memo to narrow down points of dispute about the TPP.

Documents searched by the attacker included some not directly related to the TPP, such as memos about an increase in ministry officials.

One was a document about a request to increase the ministry’s quota of officials who record negotiations between the ministry and the Internal Affairs and Communications Ministry’s Administrative Management Bureau. The negotiations were held Oct. 5, 2011, regarding the farm ministry’s request to increase its staff in fiscal 2012.

"There is a wide range of TPP-related work. It’s difficult to handle it while doing other tasks," the ministry said in the negotiations. But the Internal Affairs and Communications Ministry was reluctant, saying, "It’s impossible for staff to be allocated only because of the TPP."

Though the argument was not related to Japan’s trade policy, such as the timing of the announcement that it would join the TPP talks, the word "TPP" appeared in the document seven times.

The document was found apparently as a result of the attacker’s searches with the keyword "TPP."

 source: Daily Yomiuri