A source in the Japanese government said on Monday that classified Japanese diplomatic telegrams were leaked in 2020 after Chinese hackers attacked the Japanese Foreign Ministry.
The source told Kyodo News that the cyberattack occurred under the late Abe Shinzo’s final term as prime minister. The incident badly rattled the Abe government, which realized Japan’s cyber defenses needed improvement and sought advice from the U.S. government.
Chief Cabinet Secretary Hayashi Yoshimasa responded to inquiries about the story by refusing to confirm if the hackers exposed any secret information. Both the original source and Hayashi were extremely reluctant to discuss exactly what information was exposed or what became of the leaked documents.
The diplomatic cables were reportedly sent using an encrypted Internet Protocol Virtual Private Network (IP-VPN). The ability of hackers to penetrate such a secure communications system is deeply troubling.
Kyodo News noted that several Japanese agencies have suffered embarrassing cyberattacks in recent years, including the Aerospace Exploration Agency and even the National Center of Incident Readiness and Strategy for Cybersecurity, which evidently had Chinese military hackers lurking undetected in its systems for almost nine months, beginning in the fall of 2022. Japan pledged to increase its cybersecurity budget by 1,000 percent over five years after the penetration of the security agency was made public.
These data breaches made lawmakers concerned about the poor state of Japan’s cyber defenses, but the government’s reluctance to do anything that might be seen as violating the right to privacy has thwarted attempts to make large-scale security improvements. For this reason, the Japanese were hesitant to give U.S. cybersecurity experts access to sensitive systems so they could help investigate the Chinese hack.
Another problem, delicately broached by Japan News on Monday while discussing the Foreign Ministry hack, is that Japan’s cybersecurity is in such rough shape that the U.S. is “hesitant to share defense-related information with Japan” — including information that could help Japan tighten its Internet security.
Japan News noted the Japanese are especially far behind the curve in “active cyber defense,” meaning aggressive efforts to monitor cyberspace for imminent threats and even launch preemptive action against potential hackers.
The Abe administration reportedly learned about the Foreign Ministry breach in 2020 because the head of the U.S. National Security Agency at the time, Gen. Paul Nakasone, visited Tokyo to tell Japanese officials about the attack in person.
“China hit us hard. We’ve been working hard to improve, but it’s still not enough,” a senior Japanese government official sighed.