The Japanese government has been quietly developing a cyberweapon since 2008, which reportedly is able to track, identify and disable sources of online attacks, one report stated.
According to The Daily Yomiuri on Tuesday, the cyberweapon is a three-year project to research and test network security analysis equipment production and was helmed by the country's Defense Ministry's Technical Research and Development Institute, which is in charge of weapons development.
The goverment agency then outsourced the project to Fujitsu, which won the bid to develop the malware cyberweapon and a system to monitor and analyze cyberattacks, for 178.5 million yen (US$2.3 million). The malware has since been tested in a closed network environment, the report added.
It also pointed out that while cyberweapons are already in use by countries such as the United States and China, there is no provision within Japan's existing legislation on foreign attacks to allow the use of cyberweapons against external parties. As such, the Defense Ministry and Foreign Ministry have begun legislative consideration regarding the matter, according to unnamed sources cited by The Daily Yomiuri.
The virus has the ability to trace cyberattack sources beyond the immediate source to all "springboard" computers used in the transmission of the virus "to a high degree of accuracy" for distributed denial-of-service (DDoS) attacks, the report noted. It can also disable the attack and collect relevant information.
Commenting on the project, Motohiro Tsuchiya, professor at Keio University and a member of a government panel on information security policy, said Japan should increase "anti-cyberattack weapons development" by reconsidering the weapon's legal definition since other countries have launched similar projects.
Fujitsu declined to comment when approached by The Daily Yomiuri, citing client confidentiality.
Malware weapon "hard to manage"
In a separate blog post published on Tuesday, Graham Cluley, senior technology consultant at Sophos, noted that the "antivirus virus" was not a good idea.
This is because even a "good" virus, such as the malware cyberweapon, uses resources such as disk space, memory and CPU time, which might lead to unexpected side effects. It may also be hard to contain when out of control and trigger false positives, he explained.
"I suspect that the Japanese don't need to develop viral code to fight a malware infection," Cluley stated. "Anything which can be done by viral code can be done--with less headache--by non-replicating software."