More than 300 of the Ministry of Land, Infrastructure, Transport and Tourism's river cameras have been suspended due to suspicion of unauthorized access. increase.

It is suspected that about 260 river cameras installed by the Kinki Regional Development Bureau of the Ministry of Land, Infrastructure, Transport and Tourism have been illegally accessed from the outside. , and operations have been suspended.

Vulnerabilities could be exploited and devices hijacked

According to several experts such as Yu Arai of NTT DATA, who is familiar with cybersecurity trends, the river camera is believed to be a so-called "IoT device" that is connected to the Internet, and a large amount of communication has been confirmed for a certain period of time. For this reason, it is possible that the security vulnerability of the device was used and the device was infected with a virus, etc., and was damaged by "hijacking".



The hijacked device will be able to send a large amount of communication to the website etc. aimed at by manipulating it from the outside, and will be able to issue instructions to perform a "DDoS attack" that drives it to stop functioning.



Mr. Arai said, "If the device is hijacked and it participates in another cyber attack, the responsibility of the management side may also be questioned. I want you to confirm," he said.

Expert: “Many attacks can be prevented if you follow the basics thoroughly”

According to Tetsutaro Uehara, a professor at the Ritsumeikan University College of Information Science and Engineering who is familiar with cybersecurity, unauthorized access to cameras that monitor rivers continued in 2018 in Yachiyo City, Chiba Prefecture and Ageo City, Saitama Prefecture.



Professor Uehara said, "There have been repeated incidents of large-scale unauthorized access to Internet-connected 'IoT devices' managed by government agencies for many years. It is also possible that they are using camera products with poor security. There is, but the person in charge may not be accustomed to the operation in the first place."



On top of that, he said, ``Many cyberattacks can be prevented by thoroughly following the basics, such as making the passwords when accessing devices complicated and limiting the devices that can be connected. I would like you to review the security of IoT devices that are currently in use and take necessary measures."