The discovery was made when an outside consultancy was preparing to upgrade the Ministry’s 2000 PCs. Few specific details have been released, and it is not known whether the infection spread via an e-mail attachment, by drive-by downloading, or by a USB device. There is concern, however, that it had evaded detection by the Ministry’s anti-malware software.
The source of the malware is also unknown. Although Anonymous has recently attacked Japanese government computers (in protest against new copyright laws), the start of this infection seems to pre-date Anonymous’ interest. What is known is that the malware had contact with servers in the US, Japan and China. Infected hard drives have been replaced, and future connection with the internet has been limited.
The PCs apparently belonged to relatively junior members of staff. No senior ministers or bureau heads were involved, but a few computers were used by division heads. Although the Japanese National Tax Agency is housed in the same building, it uses its own closed network. "No information pertaining to private individuals' tax information, or confidential defense information was saved on any of the infected computers," says a report in Total Telecom, adding that any possible leaks were likely confined to the users' emails and documents created for meetings.
The incident has been reported to and is being investigated by the Tokyo Metropolitan Police Department.