A virus infected a space agency employee's computer, then stole sensitive information regarding Japan's Epsilon space booster and related rocket designs.
Ironically, the Epsilon rocket is designed so that its launch operations can be run from a laptop remotely connected to the Internet. There are no indications that this technology was implicated in the theft - though it might well be of interest to the yet-unidentified thieves.
The incident, involving JAXA, the Japanese space agency, is the latest reminder of the security challenges facing even sophisticated government organizations. And the security risks posed by the Internet are not necessarily limited to personal devices. "Social engineering" - the use of innocent but incautious human behavior to transmit malware - has become a leading security concern.
As Jay Alabaster reports at Computerworld, JAXA detected a virus on a single employee's computer on November 21. The infected computer was immediately disconnected from the JAXA network, but by then the damage may already have been done.
The virus was capable of collecting information from a computer and transmitting it to an outside recipient. It is not clear what information may have been stolen, but the infected computer contained information about Epsilon and related Japanese rocket technology. Epsilon, an improved development of previous Japanese space boosters, is capable of putting large payloads into low Earth orbit, and its technology could have military implications.
How the computer was infected has not been reported. But in a previous incident last year, a JAXA employee infected a computer by clicking on software sent in a "targeted email."
In both cases it is not specified whether the computer virus infected a machine that belonged to the victimized employee, or was agency-issued. This should be a reminder that the bring-your-own-device (BYOD) trend is not the only risk factor. Employees search the Web and look at their email on company-issued devices as well as personal ones.
The earlier JAXA incident also points to the growing security challenge of social engineering. Most of us have learned not to click on emails from Nigerian widows, but we are more likely to be taken in by messages that seem to be from a friend or colleague. Purely technical solutions can provide only limited protection.
