Terrie's Take 964 - How the Japanese are Accidentally Good at Data Security, ebiz news from Japan

Terrie's Take terrie at mailman.japaninc.com
Mon Oct 8 09:47:27 JST 2018

* * * * * * * * TERRIE'S TAKE - BY TERRIE LLOYD * * * * * *
A weekly roundup of news & information from Terrie Lloyd, a long-term 
technology and media entrepreneur living in Japan.

General Edition Sunday, Oct 07, 2018, Issue No. 964

- What's New -- How the Japanese are Accidentally Good at Data Security
- News -- Child abuse statistics get worse in 2017
- Upcoming Events
- Corrections/Feedback - Mercari billboards on Highway 101
- Travel Picks -- Art Deco in Meguro, Craft Center in Shizuoka
- News Credits

SUBSCRIBE to, UNSUBSCRIBE from Terrie's Take at:

http://www.japaninc.com/terries_take, or,

+++ How the Japanese are Accidentally Good at Data Security

There have been two big data security breach stories in the news over 
the last week, one in Europe, involving Russian hackers, and one out of 
the USA (via Bloomberg), about Chinese infiltration methods with large 
US companies and various government agencies there. Although we normally 
focus on how ill-prepared Japanese websites are against hacking, and how 
computer and data security overall here is lagging behind, we believe 
these two incidents comprise an infiltration trend that the Japanese are 
actually (accidentally) very good at defending against.

The first story was about four Russian intelligence officers who were 
caught red-handed by the Dutch police hacking into the computer systems 
of the Organization for the Prohibition of Chemical Weapons (OPCW), 
announced last week. Two of the four were arrested while in a van parked 
just around the corner from the OPCW headquarters, and were using their 
proximity to access the organization's WiFi network, to do whatever 
hackers do. They apparently needed to be present in person, because 
their traditional online efforts to find anyone senior enough (i.e., 
with the necessary security clearances) had failed. By being within WiFi 
range, they were able to spoof server connections to office users, and 
then through perseverance hook a big fish and eventually gain the 
necessary access credentials.

The story link is here: http://bit.ly/2E6B4UL

The take away is that they needed to be local and physically present to 
do a successful hack.

The second story was a blockbuster article (it's a long read) by 
Bloomberg a couple of days ago, detailing a reporter investigation they 
have been doing for months now, about compromised servers used by 
Amazon, Apple, the Department of Defense, and even the CIA. In this 
exploit, apparently motherboard manufacturing subcontractors in China 
had cooperated with a government espionage group there to fit the 
US-bound server boards with a pin-head sized device that opened up the 
server's operating system and provided access to outside hackers to 
forage for interesting data. Amazon and Apple both deny the Bloomberg 
story has any substance, but Bloomberg says that it has spoken to more 
than a dozen people who provided cross-referenceable stories about the 
attack (which started in 2016 and which was discovered earlier this year 
by Amazon).

The story link is here: https://bloom.bg/2OLdLEi

Again, for this attack to work, the hackers needed to be physically 
present on the servers and intercept the basic operations of the server.

[Article continues below...]

------- Portable News from SKY Perfect JSAT Corp. ---------

Travel is a chance to escape the stress and demands of daily life. But 
the world doesn't wait while we vacation, and many travelers want to 
stay in touch with what is happening back home. Mobile devices and 
streaming video have made this easier, and a new app from SKY PerfecTV 
puts the world at your fingertips while in Japan.

Delivering content in English and 12 other languages, Portable News 
brings together live news broadcasts from Australia, Congo, France, 
Germany, Indonesia, Qatar, and South Korea, as well as info about 
Japan's entertainment scene through Club TV.

In addition to programming from abroad, Portable News keeps you well 
informed during earthquakes, tsunamis, typhoons, and other disasters 
that may occur while you are in Japan.

* iOS: https://goo.gl/8fPuvq
* Android: http://bit.ly/2QOV9RT
* Browsers: http://bit.ly/2QOZ8Or

[...Article continues]

In this second instance, we spoke to an electronics expert and asked 
whether he thought the Bloomberg story had any merit, especially given 
that there seems to be a battle raging on some engineering bulletin 
boards that the Bloomberg story is not technically feasible. Our source, 
who has more than 30 years of very deep design and experience in 
chip-level security says:


"The pin-head sized chip that Bloomberg referred to was described in the 
article as "built to look like a signal conditioning coupler." The units 
shown had 6 pins. My guess is that the Chinese replacement chips really 
were signal conditioning couplers and probably did their basic job of 
protecting the motherboard against ESD strikes (jolts of static 
electricity) - something that only requires two pins. This means that 
the other four device pins were probably common input/output 
connections, which could support two or more comms channels.

This is a really smart choice of component to target if you wanted to 
compromise the hardware. The thing is, once the factory engineers have 
done the ESD testing on a motherboard, because most engineers just 
assume that such basic parts operate, they don't give them a second 
thought. Furthermore, the parts are low cost - typically a few cents 
each - and a factory would just follow the Bill-Of-Materials (BOM) that 
it was supplied with. So I disagree with the article's arguments that 
bribery or threats were needed to get factory workers to fit these 
parts. Instead the bad guys from Chinese Intelligence would simply need 
to access and change the BOM to say, 'Part number XYZ-1233234B, from 
company PQR-BB2' and the factory would automatically order, fit, and 
forget - that's normal.

Kudos to the guys who picked this up (Canadian, as it happens). The next 
level attack will be inside the chips, rather than a separate part, such 
as this one. And next time, rather than have the chip "dial out" to a 
rogue IP address (an obvious giveaway that allowed the good guys in this 
case to discover that something, somewhere, in the hardware was amiss) 
they will probably use steganography to hide the comms."


So where does Japan come in to this story?

Thinking about the types of vulnerabilities exploited in both cases, the 
bad guys had to have phsyical or near-physical access to the systems 
they were trying to compromise. As anyone living in Japan will tell you, 
any foreigner loitering in a car parked in almost any neighborhood would 
be quickly spied by a nosey local or the local police - and you'd soon 
get a warning to move on.

Secondly, the Japanese are very aware of the need to preserve some basic 
engineering capabilities in-country, rather than simply off-shoring 
everything to China (hardware) or India (software). We (the writers) 
have seen this first hand - that while there are much better security 
devices available from foreign companies, the Japanese Self Defense 
Force (SDF) stubbornly requires its main security contractor (NEC) to 
create such devices in Japan, despite the cost. This is one instance 
where the Galapagos syndrome works in Japan's favor.

Thirdly, most advanced engineering and security, especially government 
security, is done in Japanese and requires the participants to be 
conversant in the language. As the Bloomberg story stated, much of the 
interaction between the design engineers and contractors happened in 
Chinese, and so the local Americans were unaware of what was going on. 
Japanese firms are much more choosey about working with subcontractors 
who can speak to them in their own language, and so there wouldn't have 
been the same unmonitored second channel of communication.

This brings us to the fourth point. We are not saying that NEC and 
others don't get their server motherboards made in China. In fact, they 
may well have them produced there. But at the same time, Japanese 
supplier factories are more likely than US ones to actually be owned and 
controlled by the Japanese parent, or at least to have QC officers 
present as products come off the line. This is something the Japanese 
have learned after 30 hard years of off-shoring/outsourcing. And if 
there's one thing we know about Japanese hardware QC, they are very 
picky. Thus, Japanese manufacturer = tighter control.

Admittedly, Japan's overall security competence is suspect, as is proven 
by the so-far two major cybercurrency hacks that have happened this 
year. However, we would say that those hacks were typically in the 
software domain, upon start-ups that anyway were not subject to much 
oversight, and which were building their own services and thus not being 
monitored by larger companies or government organizations with deep QC 
experience. Certainly we believe that the folks at NEC in charge of 
making communications devices for the SDF have a high awareness of 
chip-level security, and would see this as a core competence - given 
that they and their long-term Japanese suppliers make many of the chips 
as well.

These two incidents highlight why the USA and Europe should be trying to 
foster close military and intelligence partnerships with the Japanese. 
As one of the few countries with high-tech capability and yet no serious 
ideological bones to pick, they make a perfect third party to entrust 
sensitive manufacturing to. This could in fact become a major source of 
revenue and a point of sustenance for Japanese electronics manufacturers 
looking for a way to survive and fight the Chinese takeover of the industry.

...The information janitors/


------------ One Day Only! Light Festival Ride ------------

Yokohama Rides & Rentals is proud to present a unique cycling tour 
through the historical heart of Tokyo, ending at the 730 year old 
Ikegami light festival. One day only! Friday October 12 at 2PM.

Highlights include -
- An exhilarating ride on electric assist bicycles through Ginza.
- The famous Nakagin capsule tower.
- Dare to climb the "Lucky steps" of Atago Shrine
- Shiga Park/Zozoji Temple, burial place of Shoguns - now in the shadow 
of Tokyo Tower.
- Tokyo Bay waterfront.
- The historic Old Tokaido - still a very lively street that retains 
it's original (human) scale meandering through neighborhoods with 
centuries' old landmarks.

Finally, we arrive at one of Tokyo's hidden treasures, the Ikegami 
Honmonji temple, where you can witness the famous the Ikegami light 
festival. This ancient event involves 3,000 participants carry enormous, 
cherry-blossom-decorated lanterns, accompanied by the hypnotic rhythms 
of drummers and Edo-era banner carriers. Food and drink galore, with 
over 100 food stands lining the streets!

For info and booking - http://bit.ly/2Rtrkqv


+++ NEWS

- Child abuse statistics get worse in 2017
- Female Councillor thrown out for sucking a cough drop
- Japanese corporations look to exit UK over Brexit
- Tsukiji fish market closed on Friday
- USA bans two companies identified as Yakuza-owned

=> Child abuse statistics get worse in 2017

The Japanese stock market may be rising, but clearly there are plenty of 
families struggling to keep their heads above water, and one of the 
consequences is child abuse. In the first half of 2018, the number of 
children taken into protective custody from abusive parents rose a full 
22% over the same time last year. More than 71% of the cases (6,792 
kids) involved direct abuse of the child, and 60% involved physical 
violence between parents. Sexual abuse cases also rose by 15% to 111 
kids. Cases are increasing particularly rapidly in urban renewal areas, 
such as Tokyo Bay (lots of expensive, independent apartment blocks), 
where neighborhood interaction is non-existent. ***Ed: An expert at the 
Hokkaido Bunkyo University blames parents busy too busy with their jobs, 
and an over-focus on cell phones and other devices, causing parents to 
trivialize their relationships with their kids. We think for most 
families, the economic situation is the critical factor. Both parents 
working all the time is not symptomatic of a healthy middle class. 
Instead, people are working those hours because family incomes are 
inadequate. Yes, inflation generally is stable, but the cost of fresh 
food (which is not included in inflation figures) is spiraling.** 
(Source: TT commentary from scmp.com, 05 Oct, 2018)


=> Female Councillor thrown out for sucking a cough drop

It doesn't get more crazy than this. The Kumamoto city assembly in 
Kyushu has once again ejected female Councillor Yuka Ogata, this time 
for speaking to the assembly while sucking on a cough drop. Last time 
they threw her out, it was because she showed up with a nursing baby and 
complained about the lack of facilities for young mothers at the 
organization. ***Ed: It's pretty clear that Ogata got the noses of some 
of the old farts running Kumamoto city out of joint, and they were 
looking for an excuse to get rid of her a second time. They may have 
underestimated both her determination and also the large feminist group 
behind her, though. The group has been relying on Ogata to get the 
assembly sessions opened up to the public and it is now talking of suing 
the assembly for making it impossible to have their submission heard 
(since Ogata was presenting the petition). All we can say is "martial 
the female voters and vote the bums out!"** (Source: TT commentary from 
theguardian.com, 01 Oct, 2018)


=> Japanese corporations look to exit UK over Brexit

The exodus of international corporations from the UK due to disappearing 
access to European markets has included a number of Japanese 
heavyweights. Currently there are over 1,000 Japanese companies 
employing more than 160,000 people in the UK. Of these about 47% have 
been looking at moving their headquarters or future operations to other 
locations in the EU, rather than continue in the UK. Companies who are 
looking at moving or who expect "severe disruption" to their UK 
operations include: Toyota, Muji (the Seibu company), Nomura, Daiwa, 
Mitsubishi UFJ, and possibly Nissan and Hitachi. ***Ed: After the USA, 
the UK has been Japanese companies' largest investment destination, with 
about US$153bn invested there as of 2017.** (Source: TT commentary from 
bloomberg.com, 03 Oct, 2018)


=> Tsukiji fish market closed on Friday

Friday marked the end of an institution, with the closing of the famed 
Tsukiji fish market. Never fear, however, because next week the fish 
auctions will resume a half kilometer to the east, as the new Toyosu 
market. The move is long-term beneficial to the hundreds of fish 
sellers, who will now be able to function in fully air conditioned 
facilities, and not have to worry about premature melting of frozen tuna 
in the middle of summer. The internal temperature of the auction areas 
will be maintained at 10.5 Celsius. ***Ed: The big question everyone has 
been asking is about tourist access. We can confirm that the new site 
gives visual overview of the trading floor, but only through heavy duty 
windows, and thus no interaction in the newly sterile environment. Will 
this work as a tourist drawing card? Probably not. Looking at fish will 
get dropped from the "must-do" list.** (Source: TT commentary from 
the-japan-news.com, 05 Oct, 2018)


=> USA bans two companies identified as Yakuza-owned

The US Treasury Department has banned two Japanese firms from doing 
business with Americans. They are Yamaki KK and Toyo Shinyo Jitsugyo, 
both of which own and manage golf driving ranges and other entertainment 
properties, and which are related to the Yamaguchi-gumi. This is the 
first time that the US Treasury has targeted Yakuza-related companies. 
***Ed: It's not the first time for overseas authorities to go after 
Yakuza assets and businesses, though. The Australian Tax Office has long 
coordinated with the Japanese Tax Office, to seize or bar the movement 
of Yakuza assets to that country.** (Source: TT commentary from 
asia.nikkei.com, 03 Oct, 2018)


NOTE: Broken links
Some online news sources remove their articles after just a few days of 
posting them, thus breaking our links -- we apologize for the inconvenience.



No upcoming events this week.


------- Japan Travel Cherry Blossom Photography Tour ------

If you've ever wanted to travel through Japan with your camera, now is 
your chance! Join professional photographer Les Taylor in 2019 on this 
12-day photography adventure exploring the beauty of Japan's cherry 
blossom season. You'll visit some of Japan's best locations, ride the 
shinkansen (bullet train), try delicious Japanese food, and see the 
beautiful cherry blossom trees all along the way. As you take in the 
sights, Les will be there to guide you and to offer professional 
photography instruction to help you create the best possible images. Les 
Taylor's work has been featured in publications such as National 
Geographic Traveler and Jetstar Magazine, and with years of experience 
living in and traveling through Japan, he is the perfect guide for this 
exciting photography adventure.

To buy tickets or learn more: http://bit.ly/2QwNbvG [www.japantravel.com 



=> In Terrie's Take 958, we covered what we thought were some of the 
challenges facing Mercari and their expensive effort to get a foothold 
in the US market.

*** Reader Says: Another data point, recently Mercari has had a bunch of 
billboards on 101, the main highway through SF which is a prime spot for 
vanity billboards. They are poorly designed and executed, clearly done 
by someone who knows nothing about marketing in the U.S. When I saw 
those, for me they were a huge red flag that something was very wrong 



=> Exotic x Modern, Meguro
French Art Deco and inspiration from afar

This special exhibit explores how French artists and designers were 
influenced and inspired by African, Middle Eastern and Asian cultures 
and ideas in the period between the two world wars. Known as Art Deco, 
this style of visual arts is evident in a broad range of materials, from 
paintings to furniture, sculpture to fashion and jewelry.

Post World War One, there was a growing interest in the African music, 
dance and art that were eagerly brought to France. Then the discovery of 
King Tut's tomb in 1922 further stimulated this fascination with 
non-Western cultures. There couldn't be a better venue for this show 
than the Tokyo Metropolitan Teien Art Museum, which is an Art Deco 
mansion built in 1933. The former residence of Prince Asaka, it is the 
perfect backdrop for more than 80 Art Deco pieces, most of which are 
shown in Japan for the very first time.

Venue: Tokyo Metropolitan Teien Art Museum When: Oct06-Jan14, 2019, 


=> Sumpu Takumi-Shuku Craft Center,
Try some traditional craft workshops in Shizuoka

A short drive or bus ride from central Shizuoka city, the Mariko 
district is a pleasant, leafy place to spend a day away from the 
downtown bustle. There's some attractive scenery, charming temples such 
as Togeppo Saioku-ji and Kansho-in, and the Sumpu Takumi Shuku, a craft 
center where you can learn about traditional local handicrafts, and try 
your hand yourself if you feel so inclined.

It's a very stylish place, with an understated design that fits in well 
with the surroundings. The low buildings are spread out around a central 
yard with a gentle water feature, a nice place to relax with a snack 
after a workshop or the journey from downtown. Oh, and there's also a 
shelter for when the weather isn't so clement.

The main attraction is the galleries and atelier spaces, showcasing a 
whole range of crafts: indigo dye, items made from turned wood or woven 
bamboo, ceramics and glassware. If I understood the staff correctly (all 
the information is only in Japanese), it's possible to take workshops on 
a walk-in basis, even just for one or two people. I'd say it's better to 
make a reservation to guarantee a place, though, because on the 
afternoon I visited, a large party of schoolchildren arrived shortly 
after I did.




SUBSCRIBERS: 6,075 members as of October 07, 2018 (We purge our list 


Written by: Terrie Lloyd (terrie.lloyd at japaninc.com)

HELP: E-mail Terrie-request at mailman.japaninc.com with the word 'help' in 
the subject or body (don't include the quotes), and you will get back a
message with instructions.

Send letters (Feedback, Inquiries & Information) to the editor to 
terrie.lloyd at japaninc.com.

For more information on advertising in this newsletter, contact 
ads at japaninc.com.

Get Terrie's Take by giving your name and email address at 
http://www.japaninc.com/newsletters/free_sign_up, or go straight to 
Mailman at:

http://www.japaninc.com/terries_take or, 

Copyright 2018 Japan Inc. Communications Inc.

----------------- Japan Inc opens up Japan ----------------

J at pan Inc authoritatively chronicles business trends in Japan. Each 
posting brings you in-depth analysis of business, people and technology 
in the world's third largest economy.

Visit www.japaninc.com for the best business insight on Japan available.

More information about the Terrie mailing list