A hacker or cybercrime group penetrated the networks of Japan's parliament for more than a month and may have stolen sensitive emails and documents from 480 lawmakers and their staff, according to a national daily newspaper.
The attacks on the House of Representatives, the lower house of Japan's National Diet, began in July and continued until late August, the Asahi Shimbun reported. The breach began when a representative opened a malicious file attached to an email ― placed there in a cybercrime tactic called "spear phishing." Once the attachment was downloaded, the target computer was infected with a Trojan designed to steal passwords. Because the initial infected computer was connected to the Diet's computer network, the attackers were able to spread the Trojan.
It is believed the remote hackers used the stolen passwords to delve into the lawmakers' computers and that they "targeted confidential information on national politics, such as foreign and defense policies," the Asahi Shimbun said.
The House of Representatives convened a special session today (Oct. 25) to investigate the case. Members were instructed to change their email passwords.
Lawmakers use their PCs for email exchanges with government organizations and other lower house members, and some store personal information as well as sensitive documents on them.
A spokesperson for the lower house told the Asahi Shimbun, "We are not aware of any tangible damage, such as data loss," from the hack.
Officials found that the Trojan was launched from a server based in China. However, security experts were quick to point out that this does not automatically implicate China in any wrongdoing.
"It's perfectly possible that the attack was the work of a lone Chinese hacker — without the backing of his government or military," Graham Cluley from the security firm Sophos wrote on a company blog. "And even more relevantly, computer hackers can plant their malware on servers all around the world — so it's just as possible that a hacker in, say, New Zealand placed his malware on a compromised Chinese server."