Japanese space engineers have revealed a virus infecting the Japanese space programme may have leaked information about the H-II cargo transfer vehicle, which is used to ferry equipment to the International Space Station, and may have handed hackers sensitive data, including system login information, blueprints and emails—it is believed that an email opened by an employee contained an attachment infected by a trojan.
Data exposed by the breach is said to include emails, technical specifications and operational information as well as login credentials. The hack also exposed blueprints stored in the attacked terminal, according to a statement from JAXA.
The attack on JAXA follows a run of similar cyber-assaults against the Japanese government and industrial giants. Last September, Mitsubishi Heavy Industries acknowledged that it had become the victim of the most high-profile of these cyber-attacks. The Japanese parliament confirmed it had been hit by another attack in October.[UKFAST]
The spammers sent an official looking email. An employee clicked on the attachment, and the virus was stealthly installed, and stole data from the employee's machine. The infected computer was removed from the space agency's network when it stopped working correctly in the middle of 2013. Analysis of the machine exposed evidence of a virus infection. The machine was then "cleaned" before being returned to use. The same machine was infected again the following January and data was extracted for a month before the second infection was discovered.[UKFAST]
The malware was delivered in an email which installed onto a JAXA employee's computer. Spammers use carefully crafted emails that appear to be legitimate. Often the emails are so authentic looking, it takes a trained eye to spot the fake, and normal office personnel won't know what to look for, or how to look.
Czar Mail members have to present ID before they can get a mailbox, and criminals won't do that because their identity would be known. When spammers send spoofed emails to Czar Mail's open port, they are immediately rejected: they're never delivered to the recipient's inbox. Legitimate Czar Mail members log onto Czar Mail's secure port with a password (which is done automatically by their email client software), so their identity is verified. Spammers can't spoof Czar Mail members because they don't know the forged sender's password.