Japan tests $2.28m cyber-defence virus

The Japanese government is testing a self-defence virus that has the objective of tracking down the source of cyber attacks and removing the threat.

The Japanese government is testing a self-defence virus that has the objective of tracking down the source of cyber attacks and removing the threat.

(This Is Osaka image by Kaonashi, CC BY-SA 2.0)

The virus is the result of a quiet, $2.28 million project that Fujitsu had undertaken on behalf of the Japanese Defence Ministry's Technical Research and Development Institute in 2008, according to reports from The Yomiuri Shimbun.

While the virus has the ability to track immediate sources of attack, it can also allegedly determine whether computers are being used as a proxy between the original source of the attack. Beyond this, it also stops its attackers and sends the information it finds back to its owners.

While it is only being tested and examined in a closed environment, its release is likely to raise serious questions about privacy, ethics and whether it would even be legal.

It was only in June last year that Japanese parliament passed laws that made it illegal to even write malware, regardless of whether they actually caused any damage, if its authors did not have a "reasonable excuse" to do so. The penalty for those found guilty ranges from a fine to up to three years in prison.

Even though the Japanese government may have the ultimate reasonable excuse to write viruses, the idea of writing benevolent viruses or worms is still an issue that has been debated in the information-security industry for years.

Renowned security expert Bruce Schneier has been quoted several times from a 2003 essay on the topic of benevolent worms, in which he wrote: "A worm is not 'bad' or 'good' depending on its payload. Viral propagation mechanisms are inherently bad, and giving them beneficial payloads doesn't make things better. A worm is no tool for any rational network administrator, regardless of intent."

University of New South Wales law lecturer and PhD candidate Alana Maurushat recently asked the ethical question of what happens to computers that, as a result of cleansing, crashed or damaged equipment that was connected to it.

She pointed out that critical infrastructure and even pacemakers could be connected and possibly infected.

On the technical side of implementation, Sophos senior technology consultant Graham Cluley said that the idea would be a bad one, stating that even a good virus uses system resources and on critical systems could cause unexpected side effects, or even hinder the collection of information.

"When you're trying to gather digital forensic evidence as to what has broken into your network and what data it may have stolen, it's probably not wise to let loose a program that starts to trample over your hard drives, making changes."

Cluley said that fighting an infection could be done without self-replicating software, citing several examples of past benevolent viruses that could have served the same purpose without being viral.

But whether or not the Japanese government deploys such a defence, it likely wants to know who is behind the recent spate of attacks on the country. In October, Japan's parliament came under cyber attack, apparently from the same emails linked to a China-based server that have already hit several Japanese lawmakers' computers. Additionally, Japanese computers at embassies and consulates in nine countries have previously been infected with viruses.

Japanese private defence contractors have also been targeted, with Mitsubishi Heavy Industries attacked in September last year, while one of its rivals, Kawasaki Heavy Industries, was targeted shortly after.