A recent cyber attack on Japan's Ministry of Agriculture, Forestry and Fisheries apparently resulted in the theft of more than 3,000 classified documents, including several related to negotiations over the Trans-Pacific Partnership (TPP) free trade agreement.
"The stolen documents are suspected to be internal ministry materials created just before the Asia-Pacific Economic Cooperation (APEC) summit on November 2011 and before a Japan-U.S. meeting concerning the TPP on April 2012," writes The Japan Daily Press' Ida Torres. "One document contained a draft statement to be issued by then Prime Minister Yoshihiko Noda and U.S. President Barack Obama regarding the TPP. More than 20 of the files believed to be stolen are highly confidential documents related to Japan’s roadmap for participating in the TPP talks as well as analysis of the consequences of delaying a decision to join it."
"The attack on the Japanese Ministry apparently involved a remotely operated trojan along with a connection bouncer called 'HTran,'" writes PCMag.com's Max Eddy. "Dell's SecureWorks has looked at HTran before, and believe it was originally created by a Chinese hacker to conceal the location of command and control servers and 'redirect TCP traffic destined for one host to an alternate host.'"
"The National Information Security Center of the Cabinet Secretariat discovered about one year ago that suspicious transmissions involving HTran had occurred at the ministry," The Daily Yomiuri reports. "An information security expert said HTran is often used in cyber-attacks to steal information, as it can send data secretly. The program was also used to steal data from the Finance Ministry, as HTran data transmissions were discovered to have taken place from October 2010 to November 2011, the sources said."
"Initially, the ministry didn’t contact the police, despite the fact that the intrusion fell under the Unauthorized Access Prohibition Law," writes Softpedia's Eduard Kovacs. "However, now, the police have launched their own investigation to determine what information has been compromised."