Japanese businesses, consumers vulnerable to cyber attacks

Tokyo is not taking any chances leading up to the 2020 Olympic Games, with a government-linked research institute reported to have built a fake network to monitor hackers' behaviour and methods.
Tokyo is not taking any chances leading up to the 2020 Olympic Games, with a government-linked research institute reported to have built a fake network to monitor hackers' behaviour and methods.PHOTO: REUTERS

Security experts warn of more breaches ahead as Tokyo gets ready for next year's Olympics

Within just two days of retail giant Seven & I Holdings' launch of a QR-code mobile payment system at its Japanese 7-11 stores in July, it called a hasty news conference to disclose that it had been hacked.

The scheme, 7pay, was scrapped last month in view of how easily its defences had been breached.

Crooks siphoned off around 55 million yen (S$718,420) from about 900 users, taking advantage of the lack of two-step factor authentication to verify identities when users logged into the system.

This is just the tip of the iceberg as Japan gears up to host the 2020 Olympics and Paralympics and the number of attempted cyber attacks grows exponentially, with security experts warning of more complex breaches ahead.

"There is an industry adage that says: 'If you're connected to the Internet, you're 100 milliseconds away from every criminal on the planet'," cyber-security expert Dave Palmer told The Sunday Times in Tokyo, where he was speaking at a security and risk management summit.

Mr Palmer is the director of technology at Darktrace, a cyber-defence firm that taps artificial intelligence to detect unusual or atypical activity and works to block these unauthorised attempts from gaining a foothold in networks.

Its clients include e-commerce giant eBay, carmaker Toyota and Singapore ticketing agent Sistic.

Japan's National Centre of Incident Readiness and Strategy for Cybersecurity detected 212.1 billion instances of suspicious activity last year - an increase of nearly four times from 54.5 billion in 2015. It said nearly half of these were attributed to artificial intelligence and Internet of Things (IoT) devices, which had given crooks more access points than ever.

Tech conglomerate Toshiba said in a report last Wednesday that it has observed an average of 2.5 million attempted cyber attacks every day across its group of companies.

  • 212.1b 

    Instances of activity detected by Japan's National Centre of Incident Readiness and Strategy for Cybersecurity last year - an increase of nearly four times from 54.5 billion in 2015.

While there have been high-profile breaches - including a hack of Uniqlo this year that compromised the data of some 460,000 customers in Japan - the country has yet to experience an attack that has interrupted services on a national or city-wide scale.

But Tokyo is not taking any chances leading up to the Games, with a government-linked research institute reported to have built a fake network to monitor hackers' behaviour and methods.

The National Institute of Information and Communications Technology's Stardust network is a simulated environment that tricks hackers into thinking they have penetrated their intended target.

These efforts allow Japan to draw up measures that can better prevent cyber attacks - which will be critical, as the Olympics have a history of attracting cyber criminals.

Mr Palmer praised Japan's efforts to deter cyber attacks - an area covered under its security alliance with the US - as it hosts major international events: the Group of 20 leaders' summit and Rugby World Cup this year, next year's Olympics, and the 2025 World Expo.

 
 
 

But he is more concerned about the vulnerability of three groups to cyber attacks: retail companies, old businesses that have been slow to modernise, and products and services that sacrifice safety for speed.

Meanwhile, Japan has seen a series of cryptocurrency heists - including the infamous Mt Gox hack of 2014 that bankrupted what was once the world's largest bitcoin exchange, the hacks of Coincheck last year and Bitpoint this year.

Mr Palmer said: "Cryptocurrencies are trying not to do things the way traditional financial organisations have operated, and in some ways, they deliberately remove safeguards, including veracity of identity and slow processes to check, review and monitor before you reconcile payments. But that has gone away with the crypto market."

In the same category are "smart" products that will only grow in use in an IoT-driven world, he said.

"We are interconnecting everything by acquiring technologies that were rushed to market," Mr Palmer said. "For example, there is a heat race each year for television manufacturers to come up with the biggest and newest screens, but the operating system running them is usually absolutely trash."

He noted one maker suggesting that consumers avoid having sensitive conversations in front of their smart TVs, and another saying consumers could run anti-virus scans on their TVs.

"I'm in cyber security, and I'm not sure I know how to run anti-virus on my TV," he said. "These products are not going to be updated for security. They are going to have glaring security issues, and we are filling our homes with them."

A version of this article appeared in the print edition of The Sunday Times on September 01, 2019, with the headline 'Japanese businesses, consumers vulnerable to cyber attacks'. Print Edition | Subscribe