Please view the main text area of the page by skipping the main menu.

Researchers use fake network to analyze hackers' moves for expected Olympic cyberattacks

Principal researcher Yu Tsuda is seen operating CURE in the city of Chiba, east of Tokyo, on June 12, 2019. (Mainichi/Toru Watanabe)

TOKYO -- With the eyes of the world falling on Japan over the next year due to the Tokyo Olympics, the country is stepping up its online security measures with research initiatives like "STARDUST," a fake network that lures hackers into infiltrating it so their behavior and methods can be monitored.

The system is run by the National Institute of Information and Communications Technology (NICT), a government-affiliated research and development agency. Since the details of some 1.25 million people on the Japan Pension Service's records were hacked in 2015, greater concern has been placed on the possibility of a targeted cyberattack by a group of hackers.

The aim is to use the system to collect data about potential attackers that will make formulating preventative measures easier. It is also hoped that it will be useful even during the Olympic and Paralympic Games.

With many recent games' hosts having been subject to targeted cyberattacks, the chances of next year's events coming under fire from hackers is high, and a response to them is essential.

STARDUST was started in 2017 to research targeted attacks. The system is like a miniaturized garden, with fake employee registers and other items prepared on it.

When companies and groups using the system receive emails with harmful files attached to them, a technician will then open and run the files within its simulated environment.

NICT then enacts a kind of sting operation in which it observes the hacker's behavior in the simulated environment, believing it has successfully infiltrated its targeted network.

Previously, cyberattacks targeting specific organizations were considered to be largely centered on high level targets like the national government, but the research coming from STARDUST is overturning commonly held ideas.

It has found that in many cases hackers operate in similar patterns. The discovery has thrown up questions as to whether they share expertise on methods among them, and has also given rise to the possibility that a training manual of some form is being exchanged over the black-market. It could also be that the attacks come from groups of inexperienced users who act precisely according to instruction, the institute said.

Since June, the NICT has begun using a new information fusion base, dubbed "CURE," which analyzes security-related information gathered using its methods so far. It then visualizes data on cyberattack occurrences, methods and signs of hacking collected by STARDUST and other programs. Those managing CURE are now able to quickly respond to highly dangerous acts.

Principal researcher for NICT's cybersecurity laboratory, Yu Tsuda, said of the system, "The aggregated information is certain to show its effectiveness in a variety of situations."

(Japanese original by Toru Watanabe, City News Department)

Also in The Mainichi

The Mainichi on social media