Category Archives: Japan

Five Eyes, Nine Eyes & 14-Eyes Countries and VPNs Important to know when using (or planning to use) a VPN

The content herein is part of an article published in a VPN site where at the end of this short introduction there will be a link to take you to a lot more viewpoints & info. ENJOY.

This article will discuss available VPNs in relation to the 5 Eyes, the 9 Eyes and the 14 Eyes government surveillance alliances.

Encryption is the only way to protect private communications. While there are encrypted messaging systems that can be used for direct correspondence, virtual private networks (VPNs, also based on encryption) are the best tools for hiding internet activity, such as which websites are visited. Again, there are valid reasons to do so: to protect the privacy of religion, sexual orientation and sensitive medical conditions; all of which can be inferred from visited websites.

Background

During the second world war, US and UK intelligence agencies worked closely on code-breaking. After the war, the UK center at Bletchley Park evolved into the Government Communications Headquarters (GCHQ). The American service evolved into the National Security Agency (NSA). In 1946, the working relationship between the two countries was formalized in the UKUSA agreement. It worked on signals intelligence (SIGINT); that is, the interception and analysis of adversarial telecommunications.

In order to provide global coverage for communications interception, Australia, New Zealand and Australia joined the UK and the USA – and became known as the Five Eyes.

However, such is the NSA’s global dominance of intelligence gathering, other countries have sought to cooperate in return for specific ‘threat’ information from the NSA. This has led to other SIGINT groupings: the 9 Eyes and the 14 Eyes.

The operation of these intelligence agencies was long kept secret. As global communications have increased – and as perceived threats have grown (first in the Cold War between east and west and more recently in the ‘war on terror’), the 5 Eyes in particular began to secretly use technology to gather everything for later analysis. GCHQ, for example, had a secret project called Mastering the Internet. None of this was publicly known.

In 2013, NSA whistleblower Edward Snowden leaked thousands of top secret NSA and GCHQ documents showing, for the first time, the extent to which national governments spy on everybody. It is always done in the name of ‘national security’, and both the relevant agencies and their governments insist on their right to do so.

MORE HERE

Henry Sapiecha

Japan its Own Enemy in Push to Improve Cybersecurity

FILE - In this Dec. 18, 2014 file photo, a man walks out from the headquarters of Sony Corp. in Tokyo. Improving cybersecurity practices has emerged as a top national priority for Japan, stung in recent years by embarrassing leaks at Sony Pictures, the national pension fund and its biggest defense contractor, Mitsubishi Heavy Industries, which possibly suffered the theft of submarine and missile designs. (AP Photo/Eugene Hoshiko)

FILE – In this Dec. 18, 2014 file photo, a man walks out from the headquarters of Sony Corp. in Tokyo. Improving cybersecurity practices has emerged as a top national priority for Japan, stung in recent years by embarrassing leaks at Sony Pictures, the national pension fund and its biggest defense contractor, Mitsubishi Heavy Industries, which possibly suffered the theft of submarine and missile designs. (AP Photo/Eugene Hoshiko)

In this Dec. 18, 2014 file photo, a man walks out from the headquarters of Sony Corp. in Tokyo. Improving cybersecurity practices has emerged as a top national priority for Japan, stung in recent years by embarrassing leaks at Sony Pictures, the national pension fund and its biggest defense contractor, Mitsubishi Heavy Industries, which possibly suffered the theft of submarine and missile designs. (AP Photo/Eugene Hoshiko)

Apart from rogue hackers, criminal organizations or even state-backed cyberwarfare units, Japan’s businesses and government agencies are facing a unique cybersecurity foe: themselves.

Even with the frequency and severity of cyberattacks increasing rapidly worldwide, efforts by the world’s third-largest economy to improve its data security are being hobbled by a widespread corporate culture that views security breaches as a loss of face, leading to poor disclosure of incidents or information sharing at critical moments, Japanese experts and government officials say.

Improving cybersecurity practices has emerged as a top national priority for Japan, stung in recent years by embarrassing leaks at Sony Pictures, the national pension fund and its biggest defense contractor, Mitsubishi Heavy Industries, which possibly suffered the theft of submarine and missile designs.

Toshio Nawa, a top Japanese security consultant who is advising the Tokyo 2020 Olympics organizers, said he encountered a telling instance this summer when he was called to investigate a breach at a major Japanese government agency.

Nawa found that five different cybersecurity contractors employed by the agency had discovered the breach, but not one reported or shared their findings.

With evidence from the contractors pooled together, Nawa matched the digital fingerprints to a Mexican group that he believes was responsible for a previous attack on Japanese diplomatic servers. The breach was patched, but Nawa walked away flustered.

“In the U.S., if they find a problem, they have to report,” he said. “The Japanese engineer feels he fails his duty if he escalates a report. They feel ashamed.”

To be sure, the cybersecurity industry around the world, not just in Japan, frequently echoes the call for greater transparency within and among organizations. The U.S. Senate last month passed the Cybersecurity Information Sharing Act to ease data sharing between private companies and the government for security purposes, although civil liberties advocates warned it posed a threat to privacy.

But the problem may be particularly acute for Japan’s private sector behemoths and government ministries. These sprawling bureaucracies are wrapped in a “negative culture that cuts against wanting to communicate quickly,” said William H. Saito, the top cybersecurity adviser to Prime Minister Shinzo Abe.

While rank-and-file workers fear reports of security lapses may get them punished, the problem reflects a broad lack of understanding of cybersecurity among the top ranks of Japanese executives, Saito said in an interview on the sidelines of the Cyber3 conference in Okinawa.

“This is Japanese culture where in some situations the upper management doesn’t know how to use email and IT integration is voodoo magic,” said U.S.-born Saito, also an executive at Palo Alto Networks, a security firm. “The reality is companies either have been hacked or will be hacked. My message is, ‘It’s not your fault.'”

In 2013, the latest year of available data, the Japanese government network faced an eightfold increase in cyberattacks from two years prior, with attacks spreading into civil infrastructure, as well as the telecommunications and energy sectors.

Against that backdrop, the Abe administration has pinpointed the 2020 Tokyo Olympics as a chance to upgrade Japan’s national security capabilities while calling for a more hands-on government role to nudge companies to take cybersecurity seriously.

A Cabinet-level cybersecurity agency in September published a strategy paper that proposed, among other things, extending government-run cybersecurity classes to companies, awarding financial incentives for firms that demonstrate improved security capabilities and requiring companies to fill a chief cybersecurity officer role.

The Cabinet report also highlighted the issue of disclosure, saying “it is essential to relieve (network) operators’ psychological burden of possibly losing credit or ruining reputation of their business if providing information to others.”

Jim Foster, a former U.S. diplomat and Microsoft Japan executive who heads the Keio International Center for the Internet and Society in Tokyo, said the fast-evolving threat of hacking poses a looming challenge for Japanese industry, which never developed a deep pool of cybersecurity expertise with active exchange of ideas and know-how.

“Japanese companies grew up too big too quick and didn’t have to cooperate or rely on outside expertise,” he said. “But now there’s this new threat unlike anything else and things suddenly get difficult.”

But changing habits is hard, said Nawa, the security adviser for the Olympics, who is now holding simulations and educational sessions around the country, where he emphasizes to security engineers – who do not necessarily lack technical chops – the importance of sharing findings and speaking up when they spot a problem.

He said he uses a simple mantra on the training circuit: “What I say is: ‘Please remove your pride.'”

Source: Associated Press

ooo

Henry Sapiecha