Malware suspected in Japanese nuclear plant control room - but don't panic

Filed Under: Featured, Malware

Nuclear plant. Image courtesy of ShutterstockThe control centre of a nuclear power plant really doesn't sound like the sort of place you'd want to see a malware infection.

So, when we hear that an infection is suspected to have hit a machine at a Japanese plant, it raises immediate fears of cyber-terrorism, or at the very least advanced state-sponsored espionage.

But in this case at least there seems to be not too much to worry about. This was no Stuxnet, and no first-strike superweapon cruelly targeting a nation already overburdened with nuclear tragedies.

From the sound of it, it seems like little more than incompetence and lack of proper caution in what is without doubt a sensitive setting, but is perhaps not quite as dangerous a place as it might at first sound.

Piecing together what little information can be gleaned from local news sources and specialist nuclear industry watchers, it would appear that the machine in question was one of eight in the control room at the Monju plant near Tsuruga, Fukui Prefecture.

Unusual behaviour was spotted by an admin on January 2nd, with over 30 unexpected connections made, thought to originate from South Korea.

Investigations are still ongoing, but it seems the system in question was not pivotal to the safety of the plant. The shared-use machine did however contain data including a large amount of employee email and training information which may have been leaked by the compromise.

Monju is a prototype sodium-cooled fast breeder reactor, commissioned in the mid-1990s, but only managed a few months of running before a sodium leak led to a major fire, following which the reactor was shut down for fifteen years.

A restart in 2010 was also short-lived, and the whole project has teetered between tentative restart plans and total abandonment ever since.

So, a non-serious infection on a non-crucial machine at a non-operational plant. But there may still be some lessons to be learnt here.

The suspected infection is said to have occurred "after an employee updated free software", with the product in question elsewhere described as "video playback software".

Of course, when we hear "video" and "update" in a malware context, we immediately think of the "fake codec" attack technique which was so popular 4-5 years back, but surely this can't be a revival?

Either way, it seems like the plant's IT is not too well protected, and is running freeware video software which any user can tinker with at will.

It's probably fairly tedious work manning a long-defunct and slowly dying plant, and maybe the odd cat video can help kill some time, but that's no excuse for sloppy security practices.

Cyber security. Image courtesy of ShutterstockIn any business setting, software should only be running if it is approved and maintained by IT staff, who should keep a close eye on any updates to make sure they don't include any connecting-repeatedly-to-somewhere-they-shouldn't components. This applies to all machines, however non-mission-critical they may be.

And even if your nuclear plant isn't running at full speed, you can't just put your feet up and ignore safety matters, Homer Simpson style.

There's going to be all kinds of dangerous material around that needs to be properly monitored and maintained, so your IT setup still needs to be held up to higher standards than most businesses.

The Monju plant sounds like it has a pretty shabby record of safety, with reports of thousands of items of equipment being missed off checking schedules, and even attempts to cover up incidents.

A minor malware infection may not sound as serious as leaking radioactive material, but it should be seen as an indicator of potentially bigger problems to come.

It's a sign that admins are not keeping a tight enough rein on their IT systems, and that users are not treating them with the respect and caution they deserve.

So, no cause for panic, but perhaps some cause for concern.


Image of nuclear power courtesy of Shutterstock.

, ,

You might like

2 Responses to Malware suspected in Japanese nuclear plant control room - but don't panic

  1. Anonymous · 104 days ago

    Images of drunk woman courtesy of Shutterstock-

    • Anna Brading · 104 days ago

      Whoops! Looks like that was left over from another article. We've now fixed it. Thanks.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

John Hawes is Chief of Operations at Virus Bulletin, running independent anti-malware testing there since 2006. With over a decade of experience testing security products, John was elected to the board of directors of the Anti-Malware Testing Standards Organisation (AMTSO) in 2011.