Malware found in the control room of a Japanese nuclear reactor

Malware found in the control room of a Japanese nuclear reactor

Summary: Why does this sound like the beginning of a Godzilla movie?


It's been a quiet day in Tsuruga, Fukui Prefecture, a large port city on the western coast of central Japan. Like PC users the world over, you've been playing whack-a-mole with update notifications.

This time, it's a piece of free software that you're barely aware of on your computer. Up pops an update notice while you're eating a yummy piece of chocolaty Lotte Ghana left over from the holidays. While you're chewing, you click your mouse, approving the update.

And then you forget all about it as you go on with your normal day's work.

Somewhere, though, in South Korea, you've just made someone's day. You've opened up a back door between a cybercriminal's lair and your computer -- which just happens to be one of eight computers in the Monju fast-breeder nuclear reactor's control room.

Monju Nuclear Plant (Image: Wikimedia Commons)


If a flood of bits made noise, you'd start hearing a giant sucking sound coming from the back of your computer, as your new best friend in South Korea (or at least, routing through South Korea) accesses your machine more than 30 times in the space of five days, and gobbles down more than 42,000 email documents and an entire treasure trove of training documents.

Now the good news. Your reactor hasn't been allowed to fire up since 1995 when the reactor shut down after a serious sodium leak and fire. The local community has fought against a restart for more than a decade, which probably was a good thing given that, in 2013 it was discovered that the Japan Atomic Energy Agency didn't, uh, bother inspecting 2,300(!) pieces of equipment.

Japan’s Nuclear Regulation Authority was so unthrilled with the safety processes being carried out by the Japan Atomic Energy Agency at Monju that in November, they simply banned the reactor from ever starting up. And that was before the malware infection.

So let me be clear here. The whole reactor infected by malware thing isn't that bad, simply because other safety procedures at the reactor were so much more bad that the reactor isn't allowed to run. Ever.

As it turns out, Japan's Nuclear Regulation Authority was already starting to lose patience with the Japan Atomic Energy Agency because ... wait for it ... three headquarters administrative computers were infected after users opened infected email attachments.

We don't exactly know who was sucking down the Monju control room documents, but they're probably up to no good. With 42,000 email messages and a pile of training documents now in the hands of troublemakers, there are bound to be a few leads into other critical infrastructure systems now in the hands of the bad guys.

Add to that the documents grabbed from the Japan Atomic Energy Agency HQ and you can be sure that there will be more bad days in Japan's atomic future.

All this is to say that America's government isn't the only one with agencies slacking off, being stupid, and making serious cybermistakes.

Just a little bit of happy news to start the year right and keep you up at night.

Topics: Security, Government, Government Asia


David Gewirtz, Distinguished Lecturer at CBS Interactive, is an author, U.S. policy advisor, and computer scientist. He is featured in the History Channel special The President's Book of Secrets and is a member of the National Press Club.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Queue the alarmists

    "The local community has fought against a restart for more than a decade, which probably was a good thing given that, in 2013 it was discovered that the Japan Atomic Energy Agency didn't, uh, bother inspecting 2,300(!) pieces of equipment."

    For how long before that?

    In any case, if nuclear reactor component safety isn't being audited, I highly doubt their IT and/or computer control systems are either. Likewise, I doubt any of those systems are locked down to users.

    I can't speak about Japan specifically, but neighbouring China is in the top 3 countries for software piracy (and counterfeiting, and intellectual property abuse, and malware). Where does Japan fall in that list? Russia and Brazil are the other top 2.
    • Piracy in Japan is small

      Compared with others. It's not far from the US.
  • Infection reported via "video playback software"

    "The suspected infection is said to have occurred "after an employee updated free software", with the product in question elsewhere described as "video playback software".
    • LOL!

      I read the article that you linked to and had a laugh. They said cat videos can be an acceptable practise to pass some time for employees. I laugh because Cheezburger - the network that pretty much controls the Internet cat video empire - subjects users to malicious forwarding ads on almost a weekly basis. ....and this is Sophos recommending it.
      • I Can Haz...

        ... Big Bang??!!
  • Obsolete already?

    Well, if the hackers are after something as plauged with problems like this one, why the worry? Maybe the Chinese want to know what NOT to do with their own fast-breeder reactors, but were afraid to ask the Japanese.
  • again

    The Cuckoo's egg
  • That would be the gig to have

    Sitting at a computer at a defunct nuclear reactor. Nothing to do all day but surf the net and download malware....and get PAID. Ah, the bliss.
  • Ignorance is bliss, until it bites you

    Why are the user systems not locked down by the systems administrators? The users should not have right an privileges to download software and install it! If downloaded by accident, or on purpose, systems monitoring software should report it to the administrator for evaluation, or disable it. Basic IT management being overlooked at this site.