Terrie's Take 964 - How the Japanese are Accidentally Good at Data Security, ebiz news from Japan
terrie at mailman.japaninc.com
Mon Oct 8 09:47:27 JST 2018
* * * * * * * * TERRIE'S TAKE - BY TERRIE LLOYD * * * * * *
A weekly roundup of news & information from Terrie Lloyd, a long-term
technology and media entrepreneur living in Japan.
General Edition Sunday, Oct 07, 2018, Issue No. 964
- What's New -- How the Japanese are Accidentally Good at Data Security
- News -- Child abuse statistics get worse in 2017
- Upcoming Events
- Corrections/Feedback - Mercari billboards on Highway 101
- Travel Picks -- Art Deco in Meguro, Craft Center in Shizuoka
- News Credits
SUBSCRIBE to, UNSUBSCRIBE from Terrie's Take at:
+++ How the Japanese are Accidentally Good at Data Security
There have been two big data security breach stories in the news over
the last week, one in Europe, involving Russian hackers, and one out of
the USA (via Bloomberg), about Chinese infiltration methods with large
US companies and various government agencies there. Although we normally
focus on how ill-prepared Japanese websites are against hacking, and how
computer and data security overall here is lagging behind, we believe
these two incidents comprise an infiltration trend that the Japanese are
actually (accidentally) very good at defending against.
The first story was about four Russian intelligence officers who were
caught red-handed by the Dutch police hacking into the computer systems
of the Organization for the Prohibition of Chemical Weapons (OPCW),
announced last week. Two of the four were arrested while in a van parked
just around the corner from the OPCW headquarters, and were using their
proximity to access the organization's WiFi network, to do whatever
hackers do. They apparently needed to be present in person, because
their traditional online efforts to find anyone senior enough (i.e.,
with the necessary security clearances) had failed. By being within WiFi
range, they were able to spoof server connections to office users, and
then through perseverance hook a big fish and eventually gain the
necessary access credentials.
The story link is here: http://bit.ly/2E6B4UL
The take away is that they needed to be local and physically present to
do a successful hack.
The second story was a blockbuster article (it's a long read) by
Bloomberg a couple of days ago, detailing a reporter investigation they
have been doing for months now, about compromised servers used by
Amazon, Apple, the Department of Defense, and even the CIA. In this
exploit, apparently motherboard manufacturing subcontractors in China
had cooperated with a government espionage group there to fit the
US-bound server boards with a pin-head sized device that opened up the
server's operating system and provided access to outside hackers to
forage for interesting data. Amazon and Apple both deny the Bloomberg
story has any substance, but Bloomberg says that it has spoken to more
than a dozen people who provided cross-referenceable stories about the
attack (which started in 2016 and which was discovered earlier this year
The story link is here: https://bloom.bg/2OLdLEi
Again, for this attack to work, the hackers needed to be physically
present on the servers and intercept the basic operations of the server.
[Article continues below...]
------- Portable News from SKY Perfect JSAT Corp. ---------
Travel is a chance to escape the stress and demands of daily life. But
the world doesn't wait while we vacation, and many travelers want to
stay in touch with what is happening back home. Mobile devices and
streaming video have made this easier, and a new app from SKY PerfecTV
puts the world at your fingertips while in Japan.
Delivering content in English and 12 other languages, Portable News
brings together live news broadcasts from Australia, Congo, France,
Germany, Indonesia, Qatar, and South Korea, as well as info about
Japan's entertainment scene through Club TV.
In addition to programming from abroad, Portable News keeps you well
informed during earthquakes, tsunamis, typhoons, and other disasters
that may occur while you are in Japan.
* iOS: https://goo.gl/8fPuvq
* Android: http://bit.ly/2QOV9RT
* Browsers: http://bit.ly/2QOZ8Or
In this second instance, we spoke to an electronics expert and asked
whether he thought the Bloomberg story had any merit, especially given
that there seems to be a battle raging on some engineering bulletin
boards that the Bloomberg story is not technically feasible. Our source,
who has more than 30 years of very deep design and experience in
chip-level security says:
"The pin-head sized chip that Bloomberg referred to was described in the
article as "built to look like a signal conditioning coupler." The units
shown had 6 pins. My guess is that the Chinese replacement chips really
were signal conditioning couplers and probably did their basic job of
protecting the motherboard against ESD strikes (jolts of static
electricity) - something that only requires two pins. This means that
the other four device pins were probably common input/output
connections, which could support two or more comms channels.
This is a really smart choice of component to target if you wanted to
compromise the hardware. The thing is, once the factory engineers have
done the ESD testing on a motherboard, because most engineers just
assume that such basic parts operate, they don't give them a second
thought. Furthermore, the parts are low cost - typically a few cents
each - and a factory would just follow the Bill-Of-Materials (BOM) that
it was supplied with. So I disagree with the article's arguments that
bribery or threats were needed to get factory workers to fit these
parts. Instead the bad guys from Chinese Intelligence would simply need
to access and change the BOM to say, 'Part number XYZ-1233234B, from
company PQR-BB2' and the factory would automatically order, fit, and
forget - that's normal.
Kudos to the guys who picked this up (Canadian, as it happens). The next
level attack will be inside the chips, rather than a separate part, such
as this one. And next time, rather than have the chip "dial out" to a
rogue IP address (an obvious giveaway that allowed the good guys in this
case to discover that something, somewhere, in the hardware was amiss)
they will probably use steganography to hide the comms."
So where does Japan come in to this story?
Thinking about the types of vulnerabilities exploited in both cases, the
bad guys had to have phsyical or near-physical access to the systems
they were trying to compromise. As anyone living in Japan will tell you,
any foreigner loitering in a car parked in almost any neighborhood would
be quickly spied by a nosey local or the local police - and you'd soon
get a warning to move on.
Secondly, the Japanese are very aware of the need to preserve some basic
engineering capabilities in-country, rather than simply off-shoring
everything to China (hardware) or India (software). We (the writers)
have seen this first hand - that while there are much better security
devices available from foreign companies, the Japanese Self Defense
Force (SDF) stubbornly requires its main security contractor (NEC) to
create such devices in Japan, despite the cost. This is one instance
where the Galapagos syndrome works in Japan's favor.
Thirdly, most advanced engineering and security, especially government
security, is done in Japanese and requires the participants to be
conversant in the language. As the Bloomberg story stated, much of the
interaction between the design engineers and contractors happened in
Chinese, and so the local Americans were unaware of what was going on.
Japanese firms are much more choosey about working with subcontractors
who can speak to them in their own language, and so there wouldn't have
been the same unmonitored second channel of communication.
This brings us to the fourth point. We are not saying that NEC and
others don't get their server motherboards made in China. In fact, they
may well have them produced there. But at the same time, Japanese
supplier factories are more likely than US ones to actually be owned and
controlled by the Japanese parent, or at least to have QC officers
present as products come off the line. This is something the Japanese
have learned after 30 hard years of off-shoring/outsourcing. And if
there's one thing we know about Japanese hardware QC, they are very
picky. Thus, Japanese manufacturer = tighter control.
Admittedly, Japan's overall security competence is suspect, as is proven
by the so-far two major cybercurrency hacks that have happened this
year. However, we would say that those hacks were typically in the
software domain, upon start-ups that anyway were not subject to much
oversight, and which were building their own services and thus not being
monitored by larger companies or government organizations with deep QC
experience. Certainly we believe that the folks at NEC in charge of
making communications devices for the SDF have a high awareness of
chip-level security, and would see this as a core competence - given
that they and their long-term Japanese suppliers make many of the chips
These two incidents highlight why the USA and Europe should be trying to
foster close military and intelligence partnerships with the Japanese.
As one of the few countries with high-tech capability and yet no serious
ideological bones to pick, they make a perfect third party to entrust
sensitive manufacturing to. This could in fact become a major source of
revenue and a point of sustenance for Japanese electronics manufacturers
looking for a way to survive and fight the Chinese takeover of the industry.
...The information janitors/
------------ One Day Only! Light Festival Ride ------------
Yokohama Rides & Rentals is proud to present a unique cycling tour
through the historical heart of Tokyo, ending at the 730 year old
Ikegami light festival. One day only! Friday October 12 at 2PM.
Highlights include -
- An exhilarating ride on electric assist bicycles through Ginza.
- The famous Nakagin capsule tower.
- Dare to climb the "Lucky steps" of Atago Shrine
- Shiga Park/Zozoji Temple, burial place of Shoguns - now in the shadow
of Tokyo Tower.
- Tokyo Bay waterfront.
- The historic Old Tokaido - still a very lively street that retains
it's original (human) scale meandering through neighborhoods with
centuries' old landmarks.
Finally, we arrive at one of Tokyo's hidden treasures, the Ikegami
Honmonji temple, where you can witness the famous the Ikegami light
festival. This ancient event involves 3,000 participants carry enormous,
cherry-blossom-decorated lanterns, accompanied by the hypnotic rhythms
of drummers and Edo-era banner carriers. Food and drink galore, with
over 100 food stands lining the streets!
For info and booking - http://bit.ly/2Rtrkqv
- Child abuse statistics get worse in 2017
- Female Councillor thrown out for sucking a cough drop
- Japanese corporations look to exit UK over Brexit
- Tsukiji fish market closed on Friday
- USA bans two companies identified as Yakuza-owned
=> Child abuse statistics get worse in 2017
The Japanese stock market may be rising, but clearly there are plenty of
families struggling to keep their heads above water, and one of the
consequences is child abuse. In the first half of 2018, the number of
children taken into protective custody from abusive parents rose a full
22% over the same time last year. More than 71% of the cases (6,792
kids) involved direct abuse of the child, and 60% involved physical
violence between parents. Sexual abuse cases also rose by 15% to 111
kids. Cases are increasing particularly rapidly in urban renewal areas,
such as Tokyo Bay (lots of expensive, independent apartment blocks),
where neighborhood interaction is non-existent. ***Ed: An expert at the
Hokkaido Bunkyo University blames parents busy too busy with their jobs,
and an over-focus on cell phones and other devices, causing parents to
trivialize their relationships with their kids. We think for most
families, the economic situation is the critical factor. Both parents
working all the time is not symptomatic of a healthy middle class.
Instead, people are working those hours because family incomes are
inadequate. Yes, inflation generally is stable, but the cost of fresh
food (which is not included in inflation figures) is spiraling.**
(Source: TT commentary from scmp.com, 05 Oct, 2018)
=> Female Councillor thrown out for sucking a cough drop
It doesn't get more crazy than this. The Kumamoto city assembly in
Kyushu has once again ejected female Councillor Yuka Ogata, this time
for speaking to the assembly while sucking on a cough drop. Last time
they threw her out, it was because she showed up with a nursing baby and
complained about the lack of facilities for young mothers at the
organization. ***Ed: It's pretty clear that Ogata got the noses of some
of the old farts running Kumamoto city out of joint, and they were
looking for an excuse to get rid of her a second time. They may have
underestimated both her determination and also the large feminist group
behind her, though. The group has been relying on Ogata to get the
assembly sessions opened up to the public and it is now talking of suing
the assembly for making it impossible to have their submission heard
(since Ogata was presenting the petition). All we can say is "martial
the female voters and vote the bums out!"** (Source: TT commentary from
theguardian.com, 01 Oct, 2018)
=> Japanese corporations look to exit UK over Brexit
The exodus of international corporations from the UK due to disappearing
access to European markets has included a number of Japanese
heavyweights. Currently there are over 1,000 Japanese companies
employing more than 160,000 people in the UK. Of these about 47% have
been looking at moving their headquarters or future operations to other
locations in the EU, rather than continue in the UK. Companies who are
looking at moving or who expect "severe disruption" to their UK
operations include: Toyota, Muji (the Seibu company), Nomura, Daiwa,
Mitsubishi UFJ, and possibly Nissan and Hitachi. ***Ed: After the USA,
the UK has been Japanese companies' largest investment destination, with
about US$153bn invested there as of 2017.** (Source: TT commentary from
bloomberg.com, 03 Oct, 2018)
=> Tsukiji fish market closed on Friday
Friday marked the end of an institution, with the closing of the famed
Tsukiji fish market. Never fear, however, because next week the fish
auctions will resume a half kilometer to the east, as the new Toyosu
market. The move is long-term beneficial to the hundreds of fish
sellers, who will now be able to function in fully air conditioned
facilities, and not have to worry about premature melting of frozen tuna
in the middle of summer. The internal temperature of the auction areas
will be maintained at 10.5 Celsius. ***Ed: The big question everyone has
been asking is about tourist access. We can confirm that the new site
gives visual overview of the trading floor, but only through heavy duty
windows, and thus no interaction in the newly sterile environment. Will
this work as a tourist drawing card? Probably not. Looking at fish will
get dropped from the "must-do" list.** (Source: TT commentary from
the-japan-news.com, 05 Oct, 2018)
=> USA bans two companies identified as Yakuza-owned
The US Treasury Department has banned two Japanese firms from doing
business with Americans. They are Yamaki KK and Toyo Shinyo Jitsugyo,
both of which own and manage golf driving ranges and other entertainment
properties, and which are related to the Yamaguchi-gumi. This is the
first time that the US Treasury has targeted Yakuza-related companies.
***Ed: It's not the first time for overseas authorities to go after
Yakuza assets and businesses, though. The Australian Tax Office has long
coordinated with the Japanese Tax Office, to seize or bar the movement
of Yakuza assets to that country.** (Source: TT commentary from
asia.nikkei.com, 03 Oct, 2018)
NOTE: Broken links
Some online news sources remove their articles after just a few days of
posting them, thus breaking our links -- we apologize for the inconvenience.
+++ UPCOMING EVENTS
No upcoming events this week.
------- Japan Travel Cherry Blossom Photography Tour ------
If you've ever wanted to travel through Japan with your camera, now is
your chance! Join professional photographer Les Taylor in 2019 on this
12-day photography adventure exploring the beauty of Japan's cherry
blossom season. You'll visit some of Japan's best locations, ride the
shinkansen (bullet train), try delicious Japanese food, and see the
beautiful cherry blossom trees all along the way. As you take in the
sights, Les will be there to guide you and to offer professional
photography instruction to help you create the best possible images. Les
Taylor's work has been featured in publications such as National
Geographic Traveler and Jetstar Magazine, and with years of experience
living in and traveling through Japan, he is the perfect guide for this
exciting photography adventure.
To buy tickets or learn more: http://bit.ly/2QwNbvG [www.japantravel.com
=> In Terrie's Take 958, we covered what we thought were some of the
challenges facing Mercari and their expensive effort to get a foothold
in the US market.
*** Reader Says: Another data point, recently Mercari has had a bunch of
billboards on 101, the main highway through SF which is a prime spot for
vanity billboards. They are poorly designed and executed, clearly done
by someone who knows nothing about marketing in the U.S. When I saw
those, for me they were a huge red flag that something was very wrong
+++ TRAVEL DESTINATIONS PICKS
=> Exotic x Modern, Meguro
French Art Deco and inspiration from afar
This special exhibit explores how French artists and designers were
influenced and inspired by African, Middle Eastern and Asian cultures
and ideas in the period between the two world wars. Known as Art Deco,
this style of visual arts is evident in a broad range of materials, from
paintings to furniture, sculpture to fashion and jewelry.
Post World War One, there was a growing interest in the African music,
dance and art that were eagerly brought to France. Then the discovery of
King Tut's tomb in 1922 further stimulated this fascination with
non-Western cultures. There couldn't be a better venue for this show
than the Tokyo Metropolitan Teien Art Museum, which is an Art Deco
mansion built in 1933. The former residence of Prince Asaka, it is the
perfect backdrop for more than 80 Art Deco pieces, most of which are
shown in Japan for the very first time.
Venue: Tokyo Metropolitan Teien Art Museum When: Oct06-Jan14, 2019,
=> Sumpu Takumi-Shuku Craft Center,
Try some traditional craft workshops in Shizuoka
A short drive or bus ride from central Shizuoka city, the Mariko
district is a pleasant, leafy place to spend a day away from the
downtown bustle. There's some attractive scenery, charming temples such
as Togeppo Saioku-ji and Kansho-in, and the Sumpu Takumi Shuku, a craft
center where you can learn about traditional local handicrafts, and try
your hand yourself if you feel so inclined.
It's a very stylish place, with an understated design that fits in well
with the surroundings. The low buildings are spread out around a central
yard with a gentle water feature, a nice place to relax with a snack
after a workshop or the journey from downtown. Oh, and there's also a
shelter for when the weather isn't so clement.
The main attraction is the galleries and atelier spaces, showcasing a
whole range of crafts: indigo dye, items made from turned wood or woven
bamboo, ceramics and glassware. If I understood the staff correctly (all
the information is only in Japanese), it's possible to take workshops on
a walk-in basis, even just for one or two people. I'd say it's better to
make a reservation to guarantee a place, though, because on the
afternoon I visited, a large party of schoolchildren arrived shortly
after I did.
SUBSCRIBERS: 6,075 members as of October 07, 2018 (We purge our list
+++ ABOUT US
Written by: Terrie Lloyd (terrie.lloyd at japaninc.com)
HELP: E-mail Terrie-request at mailman.japaninc.com with the word 'help' in
the subject or body (don't include the quotes), and you will get back a
message with instructions.
Send letters (Feedback, Inquiries & Information) to the editor to
terrie.lloyd at japaninc.com.
For more information on advertising in this newsletter, contact
ads at japaninc.com.
Get Terrie's Take by giving your name and email address at
http://www.japaninc.com/newsletters/free_sign_up, or go straight to
Copyright 2018 Japan Inc. Communications Inc.
----------------- Japan Inc opens up Japan ----------------
J at pan Inc authoritatively chronicles business trends in Japan. Each
posting brings you in-depth analysis of business, people and technology
in the world's third largest economy.
Visit www.japaninc.com for the best business insight on Japan available.
More information about the Terrie