Japan developing 'good virus' vs cyberattackers

Chalk one up for the good guys.

 

Japan’s Ministry of Defense is working on a computer virus that can track, identify and disable potential sources of cyberattacks, a Japanese news agency reported this week.

 

The Yomiuri Shimbun said development of the virtual cyberweapon started in 2008 and is being tested in a closed-network environment.

 

“The most distinctive feature of the new virus is its ability to trace cyberattack sources. It can identify not only the immediate source of attack, but also all “springboard” computers used to transmit the virus,” the report said.

 

The report added that the virus also has the ability to disable the attacking program and collect relevant information.

 

Also, it cited sources as saying the Defense and Foreign Ministries have started legislative consideration on the matter the use of cyberweapons against external parties on foreign attacks.

 

Gov't-civilian partnership

 

The report said the three-year project was launched in fiscal 2008 to research and test network security analysis equipment production.

 

It said the Defense Ministry’s Technical Research and Development Institute, which is in charge of weapons development, outsourced the project’s development to Fujitsu Ltd.

 

Fujitsu was also contracted to come up with a system to monitor and analyze cyberattacks for 178.5 million yen. Testing the virus' capabilities

 

Test runs in closed networks have helped the ministry to confirm the cyberweapon’s functionality and compile data on cyberattack patterns.

 

Yomiuri Shimbun said its sources claimed the program can identify the source of a cyberattack to a high degree of accuracy for distributed denial of service (DDoS) attacks, as well as some attacks aimed at stealing information stored in target computers.

Legal hindrances  

However, under current laws, there is a high possibility that cyberweapons cannot be used against external parties.

 

Also, the use of the weapon could be considered a violation of the clause banning virus production under the Criminal Code.

 

Keio University Prof. Motohiro Tsuchiya, a member of a government panel on information security policy, said Japan should accelerate anti-cyberattack weapons development by immediately reconsidering the weapon’s legal definition.

 

Tsuchiya said the panel also will discuss the issue.

 

However, Yomiuri quoted a Defense Ministry official as saying the ministry is not considering outside applications for the program as it was developed for more defensive uses.

 

It added Fujitsu declined to comment on the program, citing client confidentiality.

 

'Not a good idea' —Sophos

 

Computer security firm Sophos said the initiative appears intended to help Japan counter internet attacks which recently stole data on fighter jets and nuclear plants, broke into submarine manufacturing plants, and even hit its Parliament.

 

But it said even a “good” virus uses system resources such as disk space, memory and CPU time, and on a critical system may cause unexpected side effects. PCs are personal

 

“What you do on your PC is your business, but I want a say on what programs run on mine. An out-of-control ‘good’ virus could spread randomly or unexpectedly from machine to machine, meaning it may be hard to contain,” it said in a blog post.

 

It added all programs, including viruses, contain bugs that can have unintended and damaging consequences. “If your ‘good virus’ needs an urgent bugfix, would you release *another* virus to try and catch it up?” it asked.

 

Sophos also said there had been some attempts in the past to create “good” viruses.

 

It cited the case of the Cruncher virus, which was designed to save disk space by compressing files; and Mark Ludwig’s KOH virus, which tried to encrypt hard drive data.

 

There are even cases of malware designed to find child abuse images and report its discoveries to the authorities, it added.

 

“But the simple truth is that none of them have needed to be viral to deliver their positive benefit,” it said.

 

“When you’re trying to gather digital forensic evidence as to what has broken into your network, and what data it may have stolen, it’s probably not wise to let loose a program that starts to trample over your hard drives, making changes,” it added. — TJD, GMA News